Suspicious Connector Activity Alert

Originally posted by Microsoft Apr 29, 2022 Microsoft 365 suite 0 Comments

As a security platform, we strive to continuously improve and protect our customers. In May, we plan to start rolling out a new alert for suspicious activities in an inbound connector. For information on connectors, please visit Configure mail flow using connectors in Exchange Online | Microsoft Docs.

When this will happen:

We will begin rolling out in late May and expect to complete by late June.

How this affects your organization:

When suspicious activity (for example: compromise) is detected, relayed mails will be blocked from the inbound connector, and the administrator will receive an email notification and an alert under https://security.microsoft.com/alerts. This alert will provide guidance on how to investigate, revert changes and unblock a restricted connector. To learn how to respond to this alert, please visit: Responding to a Compromised Connector.

Additionally, we will introduce some new changes in the existing Restricted users page (https://security.microsoft.com/restrictedusers) in order to support this improvement. The changes are the following:

Current Experience

View image in new tab

• To learn how to remove a blocked connector from the Restricted entities page, please visit Remove Blocked Connector From Restricted Entities Portal.

Future ExperienceView image in new tab

What you can do to prepare:

Impacted customers are recommended to become familiar with the following instructions before rollout happens.

• Responding to a Compromised Connector
• Remove Blocked Connector From Restricted Entities Portal

Message ID: MC365410