cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
How to pause throttling and blocking of out-of-date on-premises Exchange Servers
By
The_Exchange_Team
Published Dec 12 2023 03:13 PM 717K Views
The_Exchange_Team
Microsoft
‎Dec 12 2023 03:13 PM

How to pause throttling and blocking of out-of-date on-premises Exchange Servers

‎Dec 12 2023 03:13 PM

Background

In the blog post published March 2023, Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online, we explained that for security reasons, messages sent from out-of-date on-premises Exchange servers over an inbound connector of type OnPremises would soon be subject to throttling and blocking. If your out-of-date on-premises connecting servers are getting throttled or blocked, you’ll see one or both of these errors in your on-premises email logs:

4.7.230 Connecting Exchange server version is out-of-date; connection to Exchange Online throttled for n mins/hr.
5.7.230 Connecting Exchange server version is out-of-date; connection to Exchange Online blocked for n mins/hr.

As noted in the previous post, each tenant subject to this restriction can pause enforcement (throttling and blocking) for up to 90 days each calendar year. They can use these days however and whenever they want, within that same calendar year.

How to create an enforcement pause

Using the Exchange Admin Center (EAC)

  • In the EAC navigate to Reports > Mail flow > Out-of-date connecting on-premises Exchange servers
  • In the report click on the Enforcement Pause link located on the right side just above the bar chart:

delay01.jpg

  • In the fly-out panel for Pause enforcement, enter the number of days you would like to pause, then click Save.  Remember, you can only pause enforcement for a total of 90 days per calendar year.

delay02.jpg

Create an enforcement pause using Exchange Online PowerShell

  1. Launch PowerShell and connect to Exchange online using this cmdlet:
         Connect-ExchangeOnline
  2. Run the following cmdlet to create, or extend an existing, enforcement pause. For example, to pause throttling and blocking for 90 days run the following cmdlet:
         New-TenantExemptionInfo -BlockingScenario UnpatchedOnPremServer -NumberOfDays 90
  3. To confirm your enforcement pause was created run this cmdlet:
         Get-TenantExemptionInfo -BlockingScenario UnpatchedOnPremServer

How to check if your servers are subject to throttling and blocking

To check if Exchange Online has detected any connecting out-of-date servers and details like when throttling or blocking will start run this Exchange Online PowerShell cmdlet:

            Get-OnPremServerReportInfo

More information

Exchange Online Transport Team

45 Comments
Co-Authors
Version history
Last update:
‎Jan 02 2024 02:12 PM
Updated by:
Labels