Update 8/12/2025: Added the FAQ to the post. Also, to help shed more light on the Direct Send feature, we published a newer post called Direct Send vs sending directly to an Exchange Online tenant.
...
Updated Aug 29, 2025
Version 12.0
Blog Post
I suspect that most people coming here are actually looking for the "-RestrictDomainsToIPAddresses $true" parameter to Set-InboundConnector/New-InboundConnector. I know I was. It was a challenge to find it.
Question for you - do you have one inbound connector or multiple? We have two: one for our email gateway and one for our phishing testing vendor. Unfortunately, we cannot get our phishing testing emails to push through our email gateway without subscribing to a higher-tier product from our email gateway vendor. Can we enable restrict domains to ip addresses on both connectors or will we have issues?
EDIT: I answered my own question. Further in the comments below, I saw someone set -RestrictDomainsToIPAddresses $true, which locked down partner connectors to the IPs listed. My going assumption was that if you list IPs in the connector -RestrictDomainsToIPAddresses was impicitly true which i found out today is not true. Setting partner connector RestrictDomainsToIPAddresses to true disabled the ability to relay using the onmicrosoft server. Will monitor for blocks.
