The limit you are talking about protects against large volume senders overwhelming the shared resources of our service and ensures emails are not all sent out at once for automated systems. Can you please tell us more about the problems this causes to the software that queueing and retries are not able to handle?Anonymous supported this idea ·Anonymous commented
I agree... but I would agree more with granting the ability for administrators to specifically whitelist accounts that are used for bulk outbound messages. In my case, I have alerts that go off and notify a handful of people of an outage. If multiple outages occur at the same time, i hit the 30 message limit and I no longer get any messages until I realize the account has been disabled due to spam....
Azure Active Directory Conditional Access has functionality for “Countries/Regions” – see https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition
That said, the most effective protection you can have against password spray attacks is to enable MFA and disable basic authentication. If you cannot do this for your entire organization, then blocking user access to legacy protocols like POP, EWS, IMAP and SMTP is another step you can take. Exchange Online Client Access Rules can help you to further customize (https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/client-access-rules/client-access-rules). For additional recommendations, please see Office 365 Secure Score.
That said, please know that we are listening to feedback and working on solutions to help make Office 365 users more secure. Thank you for the feedback.Anonymous commented
Definitely need this. Just got password hacked for one of our major mailboxes from Korea....