Skip to Content

MC365410: Suspicious Connector Activity Alert

As a security platform, we strive to continuously improve and protect our customers. In May, we plan to start rolling out a new alert for suspicious activities in an inbound connector. For information on connectors, please visit Configure mail flow using connectors in Exchange Online | Microsoft Docs.

MC365410: Suspicious Connector Activity Alert

When this will happen

We will begin rolling out in late May and expect to complete by late June.

How this affects your organization

When suspicious activity (for example: compromise) is detected, relayed mails will be blocked from the inbound connector, and the administrator will receive an email notification and an alert under https://security.microsoft.com/alerts. This alert will provide guidance on how to investigate, revert changes and unblock a restricted connector. To learn how to respond to this alert, please visit: Responding to a Compromised Connector.

Additionally, we will introduce some new changes in the existing Restricted users page (https://security.microsoft.com/restrictedusers) in order to support this improvement. The changes are the following:

Current Experience

Current Experience

Future Experience

Future Experience

To learn how to remove a blocked connector from the Restricted entities page, please visit Remove Blocked Connector From Restricted Entities Portal.

What you can do to prepare

Impacted customers are recommended to become familiar with the following instructions before rollout happens.

Message ID: MC365410
Published: 29 April 2022
Updated: 29 April 2022

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. We need money to operate the site, and almost all of it comes from online advertising. Please support us by disabling these ads blocker.

Please disable ad blocker