M365 Changelog: (Updated) Suspicious Connector Activity Alert
MC365410 – Updated August 9, 2022: Microsoft has updated the rollout timeline below. Thank you for your patience.
As a security platform, Microsoft strives to continuously improve and protect our customers. In May, Microsoft plans to start rolling out a new alert for suspicious activities in an inbound connector. For information on connectors, please visit Configure mail flow using connectors in Exchange Online | Microsoft Docs.
When this will happen:
Microsoft will begin rolling out in late May and expect to complete by late August (previously late July).
How this affects your organization:
When suspicious activity (for example: compromise) is detected, relayed mails will be blocked from the inbound connector, and the administrator will receive an email notification and an alert under https://security.microsoft.com/alerts. This alert will provide guidance on how to investigate, revert changes and unblock a restricted connector. To learn how to respond to this alert, please visit: Responding to a Compromised Connector.
Additionally, Microsoft will introduce some new changes in the existing Restricted users page (https://security.microsoft.com/restrictedusers) in order to support this improvement. The changes are the following:
Current Experience
Future Experience
View image in new tab
- To learn how to remove a blocked connector from the Restricted entities page, please visit Remove Blocked Connector From Restricted Entities Portal.
What you can do to prepare:
Impacted customers are recommended to become familiar with the following instructions before rollout happens.