Remove blocked users from the Restricted Users portal in Office 365
Remove blocked users from the Restricted Users portal in Office 365
Important
Welcome to Microsoft Defender for Office 365, the new name for Office 365 Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
If a user exceeds one of the outbound sending limits as specified in the service limits or in outbound spam policies, the user is restricted from sending email, but they can still receive email.
The user is added to the Restricted Users portal in the Security
& Compliance Center. When they try to send email, the message is
returned in a non-delivery report (also known as an NDR or bounce
messages) with the error code 5.1.8 and the following text:
"Your message couldn't be delivered because you weren't recognized as a valid sender. The most common reason for this is that
your email address is suspected of sending spam and it's no longer allowed to send email. Contact your email admin for
assistance. Remote Server returned '550 5.1.8 Access denied, bad outbound sender."
Admins can remove users from the Restricted Senders portal in the
Security & Compliance Center or in Exchange Online PowerShell.
What do you need to know before you begin?
-
You open the Security & Compliance Center at https://protection.office.com/. To go directly to the Restricted Users page, use https://protection.office.com/restrictedusers.
-
To connect to Exchange Online PowerShell, see Connect to Exchange Online PowerShell.
-
You need to be assigned permissions before you can do the procedures in this topic:
-
To remove users from the Restricted Users portal, you need to be a member of one of the following role groups:
-
For read-only access to the Restricted Users portal, you need to be a member of one of the following role groups:
-
A sender exceeding the outbound email limits is an indicator of a
compromised account. Before you remove the user from the Restricted
Users portal, be sure to follow the required steps to regain control of
their account. For more information, see Responding to a compromised email account in Office 365.
Use the Security & Compliance Center to remove a user from the Restricted Users list
-
In the Security & Compliance Center, go to Threat management > Review > Restricted users.
-
Find and select the user that you want to unblock. In the Actions column, click Unblock.
-
A fly-out will go into the details about the account whose
sending is restricted. You should go through the recommendations to
ensure you're taking the proper actions in case the account is actually
compromised. Click Next when done.
-
The next screen has recommendations to help prevent future
compromise. Enabling multi-factor authentication (MFA) and changing the
passwords are a good defense. Click Unblock user when done.
-
Click Yes to confirm the change.
Note
It may take 30 minutes or more before restrictions are removed.
Verify the alert settings for restricted users
The default alert policy named User restricted from sending email
will automatically notify admins when users are blocked from sending
outbound mail. You can verify these settings and add additional users to
notify. For more information about alert policies, see Alert policies in the security and compliance center.
-
In the Security & Compliance Center, go to Alerts > Alert policies.
-
Find an select the User restricted from sending email alert.
-
In the flyout that appears, verify or configure the following settings:
-
Status: Verify the alert is turned on .
-
Email recipients: Click Edit and verify or configure the following settings in the Edit recipients flyout that appears:
-
Send email notifications: Verify the check box is selected (On).
-
Email recipients: The default value is TenantAdmins (meaning, Global admin
members). To add more recipients, click in a blank area of the box. A
list of recipients will appear, and you can start typing a name to
filter and select a recipient. You can remove an existing recipient from
the box by clicking next to their name.
-
Daily notification limit: The default value is No limit but you can select a limit for the maximum number of notifications per day.
When you're finished, click Save.
-
Back on the User restricted from sending email flyout, click Close.
Use Exchange Online PowerShell to view and remove users from the Restricted Users list
To view this list of users that are restricted from sending email, run the following command:
Get-BlockedSenderAddress
To view details about a specific user, replace <emailaddress> with their email address and run the following command:
Get-BlockedSenderAddress -SenderAddress <emailaddress>
For detailed syntax and parameter information, see Get-BlockedSenderAddress.
To remove a user from the Restricted Users list, replace
<emailaddress> with their email address and run the following
command:
Remove-BlockedSenderAddress -SenderAddress <emailaddress>
For detailed syntax and parameter information, see Remove-BlockedSenderAddress.
|