Last year we released the Reply-all Storm Protection feature to help protect your organization from unwanted reply-all storms. This feature uses global settings applicable to all Microsoft 365 customers for reply-all storm detection and for how long the feature will block subsequent reply-alls once a storm has been detected. Today we're pleased to announce you'll now have the ability to make these settings specific to your Microsoft 365 organization; email admins will have the flexibility to enable/disable the feature, and set customized detection thresholds and block duration time. This not only makes it more flexible to tailor for your organization, but it also allows more Microsoft 365 customers to take advantage of the Reply-all Storm Protection feature since the minimum number of reply-all recipients for detection can now be as low as 1000 when previously it was hard-coded at 5000.
The current Reply-all Storm Protection settings for Microsoft 365 are as follows:
Setting |
Default |
Enabled/disabled |
Enabled |
Minimum number of recipients |
5000 |
Minimum number of reply-alls |
10 |
Detection time sliding window |
60 minutes |
Block duration (once detected) |
4 hours |
Based on our telemetry and customer feedback we're also taking this opportunity to update a few of the default settings. Once this change has rolled out, the default settings for each Microsoft 365 organization will be the following:
Setting |
Default |
Enabled/disabled |
Enabled |
Minimum number of recipients |
2500 (previously 5000) |
Minimum number of reply-alls |
10 |
Detection time sliding window |
60 minutes |
Block duration (once detected) |
6 hours (previously 4 hours) |
The customizations possible for each setting will be as follows:
Setting |
Customizable options |
Enabled/disabled |
Enabled or Disabled |
Minimum number of recipients |
1000 to 5000 |
Minimum number of reply-alls |
2 to 20 |
Detection time sliding window |
60 minutes (not customizable) |
Block duration (once detected) |
1 to 24 hours |
Admins will be able to use the Set-TransportConfig Remote PowerShell cmdlet to update the settings for their organization:
Setting |
Cmdlet |
Enabled/disabled |
Set-TransportConfig -ReplyAllStormProtectionEnabled [$True:$False]
|
Number of recipients threshold |
Set-TransportConfig -ReplyAllStormDetectionMinimumRecipients [1000 – 5000]
|
Number of reply-alls threshold |
Set-TransportConfig -ReplyAllStormDetectionMinimumReplies [2 – 20]
|
Block duration |
Set-TransportConfig -ReplyAllStormBlockDuration [1 – 24]
|
These updates are rolling out now and should be fully available to all Microsoft 365 customers by mid-June. While this should come as a welcome update for customers wanting to better take advantage of the Reply-all Storm Protection feature, we are not done yet! In future updates we plan to provide an insight, report, and optional notifications for the feature as well. And if there's enough customer feedback for it, we'll consider also exposing the ability to customize these settings in the Exchange Admin Center. Let us know what you think!
The Exchange Transport Team
You Had Me at EHLO.