Suspicious Connector Activity Alert
As a security platform, we strive to continuously improve and protect our customers. In May, we plan to start rolling out a new alert for suspicious activities in an inbound connector. For information on connectors, please visit Configure mail flow using connectors in Exchange Online | Microsoft Docs.
When this will happen:
We will begin rolling out in late May and expect to complete by late June.
How this affects your organization:
When suspicious activity (for example: compromise) is detected, relayed mails will be blocked from the inbound connector, and the administrator will receive an email notification and an alert under https://security.microsoft.com/alerts. This alert will provide guidance on how to investigate, revert changes and unblock a restricted connector. To learn how to respond to this alert, please visit: Responding to a Compromised Connector.
Additionally, we will introduce some new changes in the existing Restricted users page (https://security.microsoft.com/restrictedusers) in order to support this improvement. The changes are the following:
Current Experience
- To learn how to remove a blocked connector from the Restricted entities page, please visit Remove Blocked Connector From Restricted Entities Portal.
Future Experience
What you can do to prepare:
Impacted customers are recommended to become familiar with the following instructions before rollout happens.
Message ID: MC365410
No comments yet