How to pause throttling and blocking of out-of-date on-premises Exchange Servers

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Background

In the blog post published March 2023, Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online, we explained that for security reasons, messages sent from out-of-date on-premises Exchange servers over an inbound connector of type OnPremises would soon be subject to throttling and blocking. If your out-of-date on-premises connecting servers are getting throttled or blocked, you’ll see one or both of these errors in your on-premises email logs:

4.7.230 Connecting Exchange server version is out-of-date; connection to Exchange Online throttled for n mins/hr.
5.7.230 Connecting Exchange server version is out-of-date; connection to Exchange Online blocked for n mins/hr.

As noted in the previous post, each tenant subject to this restriction can pause enforcement (throttling and blocking) for up to 90 days each calendar year. They can use these days however and whenever they want, within that same calendar year.

How to create an enforcement pause

Using the Exchange Admin Center (EAC)

  • In the EAC navigate to Reports > Mail flow Out-of-date connecting on-premises Exchange servers
  • In the report click on the Enforcement Pause link located on the right side just above the bar chart:

delay01.jpg

  • In the fly-out panel for Pause enforcement, enter the number of days you would like to pause, then click Save.  Remember, you can only pause enforcement for a total of 90 days per calendar year.

delay02.jpg

Create an enforcement pause using Exchange Online PowerShell

  • Launch PowerShell and connect to Exchange online using this cmdlet:
Connect-ExchangeOnline
  • Run the following cmdlet to create, or extend an existing, enforcement pause. For example, to pause throttling and blocking for 90 days run the following cmdlet:
New-TenantExemptionInfo -BlockingScenario UnpatchedOnPremServer -NumberOfDays 90
  • To view exemption pauses that have been created for your tenant run the following cmdlet:
Get-TenantExemptionInfo -BlockingScenario UnpatchedOnPremServer

How to check if your servers are subject to throttling and blocking

To check if Exchange Online has detected any connecting out-of-date servers and details like when throttling or blocking will start run this Exchange Online PowerShell cmdlet:

Get-OnPremServerReportInfo

More information

Exchange Online Transport Team

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.