Upcoming Webinar
Cayosoft Shows How Forest Recovery Tech Addresses Survey Issues
Join this webinar and not only learn about what your peers are doing, but also learn about a new patent-pending modern approach to AD forest recovery from Cayosoft.
New episode!
The Scoop on Loop: The Latest Innovations Directly From Microsoft!
Darrell Webster speaks to Rebecca Keys, a Program Manager from the Microsoft Loop team.
Turn Data Protection into an MRR Growth Engine
Security for your customers, revenue for your MSP practice. Access key insights on how to scale your practice with SkyKick’s new eGuide.
MSP eGuide to Package, Sell and Deliver M365 Security Services
Based on input from our top-performing MSPs, SkyKick prepared the MSP Guide to help you navigate the security landscape.

Microsoft to Throttle Email Connections From Outdated Exchange Servers

Microsoft has detailed its plans to protect organizations against persistently vulnerable Exchange Servers. Starting on May 10, the company is introducing a new transport-based enforcement system that will block email traffic from unpatched or out-of-support Exchange Server instances.

Microsoft explained that it will implement the new transport-based enforcement system in eight stages. The service will first detect email flow from an unpatched server, and then send a report to the Exchange Admin Center portal. There will be a delay in email traffic for vulnerable Exchange Servers that haven’t been patched for 30 days. Microsoft will eventually block emails in case there has been no remediation within 60 days.

“The system is designed to alert an admin about unsupported or unpatched Exchange servers in their on-premises environment that need remediation (upgrading or patching). The system also has throttling and blocking capabilities, so if a server is not remediated, mail flow from that server will be throttled (delayed) and eventually blocked,” the Exchange team explained.

Microsoft to Block Throttle Email Connections from Outdated Exchange Servers

Microsoft first plans to roll out the new transport-based enforcement system to customers still using Exchange Server 2007. The company will send a 30 days notice before the change is implemented in enterprise environments. Going forwards, Microsoft will likely introduce the blocking mechanism in other Exchange Server versions, including Exchange 2016 and Exchange 2019.

Exchange Server email throttling to safeguard customers against malicious messages

Microsoft has clarified that its new transport-based enforcement system is intended to safeguard organizations against malicious messages originating from outdated Exchange Servers. The feature doesn’t aim to push on-premises customers to switch to Exchange Online.

“We don’t want to delay or block legitimate email, but we do want to reduce the risk of malicious email entering Exchange Online by putting in place safeguards and standards for email entering our cloud service,” Microsoft explained.

In related news, Microsoft is reminding Exchange Online customers about the discontinuation of Remote PowerShell (RPS) support in the Security and Compliance PowerShell module. This change will go into effect on July 15, and Microsoft suggests organizations to move to the REST API-based cmdlets.