In 1997 Exchange introduced the Recipient Limits setting on user mailboxes. This limits the total number of recipients to which a user can send a single message (the total number of recipients added to the To, CC, and BCC lines of a message). By default, in the Office 365 multi-tenant service this is set to 500 for all mailboxes, and prior to January 2020 customers couldn’t change this setting.
Some email admins want to increase the recipient limit for a handful of mailboxes – for example, to support recurring mailings like end-of-the-month billing statements -- while others want to reduce the recipient limit, say to 50 or 20, as a way to better protect against potential spam-like abuse from rogue employees or hacked email accounts. While the Exchange Online Protection service (part of Office 365) already includes features to help detect abuse by a rogue employee or a hacked email account, making recipient limits customizable by the email admin is another option admins can use as part of a defense-in-depth strategy to help improve the security posture of their organization.
Office 365 tenant admins can now customize the Recipient Limits setting from 1 to 1000. Admins can make changes either via Remote PowerShell (RPS) or via the Exchange Admin Center (EAC). The full complement of customization capabilities is available via RPS, while a sub-set of those are available in the Exchange Admin Center.
Customizing Recipient Limits via Remote PowerShell
Using Remote PowerShell an admin can perform the following updates for recipient limits:
Update a single mailbox
Update multiple mailboxes
Update the default for new mailboxes created in the future
Customizing Recipient Limits for a Single Mailbox in the Classic Exchange Admin Center (EAC)
In the classic EAC admins can customize the Recipient Limits from 1 to 1000 for individual mailboxes. The Recipient limit setting can be found in Recipients > Mailboxes > Mailbox Features > Mail Flow > View details.
Customizing Recipient Limits for Multiple Mailboxes in the Modern EAC
While the classic EAC only offers email admins the ability to customize the recipient limit for one mailbox at a time, the modern EAC (currently in preview) offers admins the ability to bulk edit multiple mailboxes a time.
From the Recipients option in the left navigation bar select the more options (. . .) menu item and from the fly-out menu select Set recipient limit as shown in the screen shots below:
At the time of this writing the modern EAC is still a work in progress and not yet automatically exposed to tenant admins. However, once a tenant admin has logged into the Office 365 portal they can access the modern EAC, and the feature to bulk edit recipients limits, by entering the following URL into their browser’s address bar: https://admin.exchange.microsoft.com/#/mailboxes.
While customizable Recipient Limits might not possess the exciting pizazz of a bright and shiny new major feature in Office 365, giving tenant admins the ability to control this setting is just one example of how we’ll continue to work to give admins more “knobs and dials” that they can use to better control and protect their organization’s email.