M365 Changelog: (Updated) Suspicious Connector Activity Alert

MC365410 – Updated August 9, 2022: Microsoft has updated the rollout timeline below. Thank you for your patience.

As a security platform, Microsoft strives to continuously improve and protect our customers. In May, Microsoft plans to start rolling out a new alert for suspicious activities in an inbound connector. For information on connectors, please visit Configure mail flow using connectors in Exchange Online | Microsoft Docs.

When this will happen:

Microsoft will begin rolling out in late May and expect to complete by late August (previously late July).

How this affects your organization:

When suspicious activity (for example: compromise) is detected, relayed mails will be blocked from the inbound connector, and the administrator will receive an email notification and an alert under https://security.microsoft.com/alerts. This alert will provide guidance on how to investigate, revert changes and unblock a restricted connector. To learn how to respond to this alert, please visit: Responding to a Compromised Connector.

Additionally, Microsoft will introduce some new changes in the existing Restricted users page (https://security.microsoft.com/restrictedusers) in order to support this improvement. The changes are the following:

Current Experience

Restricted users current view
View image in new tab

Future Experience
Restricted entities current view
View image in new tab

What you can do to prepare:

Impacted customers are recommended to become familiar with the following instructions before rollout happens.