As a security platform, we strive to continuously improve and protect our customers. In May, we plan to start rolling out a new alert for suspicious activities in an inbound connector. For information on connectors, please visit Configure mail flow using connectors in Exchange Online | Microsoft Docs.
When this will happen
We will begin rolling out in late May and expect to complete by late June.
How this affects your organization
When suspicious activity (for example: compromise) is detected, relayed mails will be blocked from the inbound connector, and the administrator will receive an email notification and an alert under https://security.microsoft.com/alerts. This alert will provide guidance on how to investigate, revert changes and unblock a restricted connector. To learn how to respond to this alert, please visit: Responding to a Compromised Connector.
Additionally, we will introduce some new changes in the existing Restricted users page (https://security.microsoft.com/restrictedusers) in order to support this improvement. The changes are the following:
To learn how to remove a blocked connector from the Restricted entities page, please visit Remove Blocked Connector From Restricted Entities Portal.
What you can do to prepare
Impacted customers are recommended to become familiar with the following instructions before rollout happens.
Message ID: MC365410
Published: 29 April 2022
Updated: 29 April 2022