Never Mind, Microsoft Won’t Retire Top Senders and Recipient Report

Earlier this year, Microsoft announced that they had planned to retire the top senders and recipient report from Microsoft Defender for Office 365. While I do not know the exact thought process Microsoft went through when making this decision, they clearly didn’t anticipate the widespread backlash from its users.

And it sounds like the feedback was heard as the company has announced that they will no longer kill this feature and its associated PowerShell cmdlets. Meaning Get-MailTrafficSummaryReport(Get-MailTrafficSummaryReport (ExchangePowerShell) will live to see another day.

Previously, Microsoft’s plans were to move this report to the Security and Compliance Center; this change was going to take place on June 14th but that decision has been punted, for now. The company was suggesting that administrators utilize the Threat protection status report but that recommendation came up short.

And I think that’s the important takeaway, Microsoft had made the decision to remove this report and I would suspect that at some point in the future, they will try to decommission the PowerShell cmdlet and associated report again.

As I heard from many Petri readers regarding this change, it’s good to see that Microsoft is listening to its users as this report is widely used across the industry for multiple reasons. While it’s good to see which mailboxes are being hit the hardest and most frequently, this report is also a baseline for identifying compromised mailboxes.

If you review this report frequently and a new mailbox pops into the list, it’s possible the account has been compromised and is being used to send out phishing emails from legitimate corporate mailboxes. There is no doubt that this is one of the more popular reports for Exchange and thankfully it’s not going away…yet.