Microsoft has introduced a new security system to block emails from Exchange Servers that are EOL or do not have the latest patches installed. The purpose of this system is to improve the security of emails sent to Exchange Online and prevent potential threats from unsupported or unpatched servers.

According to Microsoft’s statements on this issue, using unsupported software or software that does not receive updates carries serious security risks. If such software is not updated, the resulting vulnerabilities increase the likelihood of attackers infiltrating systems and accessing data. Therefore, it is important not to trust emails from unsupported versions of Exchange Server and to block such emails.

As a solution, Exchange Online introduces three new core auditing features: Reporting, Restriction and Blocking. With these features, servers sending e-mails will be continuously analyzed and e-mail traffic will be restricted and eventually blocked when security vulnerabilities are detected.

Reporting

We are adding new reporting to the Exchange admin center (EAC) in Exchange Online. With this new reporting, Exchange Online administrators will be able to analyze sending email servers.

Restriction

The system will monitor the email servers for a while, and if the vulnerabilities are not closed in time, the email traffic will be slowed down.

450 4.7.230 Connecting Exchange server version out of date; Exchange Online connection throttled for 5 minutes/hour. For more information, see https://aka.ms/BlockUnsafeExchange.” will return a message.

The duration of the lockdown will gradually increase over time. However, if the problems on the server are not fixed within 30 days after the email restrictions start, emails will start to be blocked.

Blocking

After a certain period of time, emails from that server are blocked. Exchange Online will return a non-deliverable report (NDR) error to the sender.

550 5.7.230 Connecting Exchange server version out of date; Exchange Online connection blocked for 10 minutes/hour. For more information, see https://aka.ms/BlockUnsafeExchange.

The table below shows the phasing of gradual sanctions over time.

With this new system, it is emphasized that customers should keep their Exchange Server versions up to date and close security vulnerabilities. Starting with Exchange Server 2007, these new security measures will be applied to all versions and to all e-mails coming to Exchange Online. Customers will be informed of these changes in advance and will be guided to take the necessary precautions.

Each MS365 customer will be able to pause throttling and blocking for up to 90 days per year. The new mail flow report in EAC will allow an administrator to request a temporary pause. Pause works like a prepaid debit card that you can use whenever and however you want for up to 90 days a year. Maybe you need 5 days to close vulnerabilities on one server and 15 days on another server. It is necessary to design this 90 well and use it accordingly.

Starting with Exchange Server 2007!

This mandatory new system will eventually be applied to all versions of Exchange Server and all email coming into Exchange Online. We start with Exchange 2007 servers. The reason to start with Exchange 2007 is that it is the oldest Exchange version that supports Exchange hybrid configuration. Following this initial deployment, other versions of Exchange Server will be phased in and eventually expanded to include all versions of Exchange Server, regardless of how they send mail to Exchange Online.

Alert messages will be sent to inform customers. In addition, notification messages will be sent to customers 30 days before Exchange Server versions are included in the new system. Notification messages will also be sent 30 days before processing mail coming from internal Exchange servers.”