Feedback by UserVoice

Anonymous

My feedback

  1. 709 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    44 comments  ·  Office 365 Admin » Exchange Admin  ·  Flag idea as inappropriate…  ·  Admin →

    Our service is designed to protect the resources and ensure that certain users will not overwhelm it and cause latency for others. This limit is in place to protect against spike sending that we wish to discourage. As such, we have no plans to change the limit for regular mailboxes.

    Where possible, we encourage customers who have these requirements to seek solutions that do not send emails all at once, can make use of DLs, or use services like Dynamics or third-party services to send large volumes of emails to customers or student and parents.

    However, we are thinking about alternatives we can provide to solve this issue of higher sending for automated email scenarios to address this customer need.

    Anonymous supported this idea  · 
    An error occurred while saving the comment
    Anonymous commented  · 

    I agree... but I would agree more with granting the ability for administrators to specifically whitelist accounts that are used for bulk outbound messages. In my case, I have alerts that go off and notify a handful of people of an outage. If multiple outages occur at the same time, i hit the 30 message limit and I no longer get any messages until I realize the account has been disabled due to spam....

  2. 3,549 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    197 comments  ·  Office 365 Security & Compliance  ·  Flag idea as inappropriate…  ·  Admin →

    Azure Active Directory Conditional Access has functionality for “Countries/Regions” – see https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

    That said, the most effective protection you can have against password spray attacks is to enable MFA and disable basic authentication. If you cannot do this for your entire organization, then blocking user access to legacy protocols like POP, EWS, IMAP and SMTP is another step you can take. Exchange Online Client Access Rules can help you to further customize (https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules). For additional recommendations, please see Office 365 Secure Score.

    That said, please know that we are listening to feedback and working on solutions to help make Office 365 users more secure. Thank you for the feedback.

    An error occurred while saving the comment
    Anonymous commented  · 

    Definitely need this. Just got password hacked for one of our major mailboxes from Korea....

Feedback and Knowledge Base