Blog Post

Exchange Team Blog

10 MIN READ

Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online

The_Exchange_Team

Microsoft

May 08, 2023

Please see Update on Transport Enforcement System in Exchange Online for an updated timeline.

2/20/2025: Please note that thottling/blocking has now been enabled for all versions of Exchange Server, including Exchange Server 2019, if significantly out of date.

As we continue to enhance the security of our cloud, we are going to address the problem of email sent to Exchange Online from unsupported and unpatched Exchange servers. There are many risks associated with running unsupported or unpatched software, but by far the biggest risk is security. Once a version of Exchange Server is no longer supported, it no longer receives security updates; thus, any vulnerabilities discovered after support has ended don’t get fixed. There are similar risks associated with running software that is not patched for known vulnerabilities. Once a security update is released, malicious actors will reverse-engineer the update to get a better understanding of how to exploit the vulnerability on unpatched servers.

Microsoft uses the Zero Trust security model for its cloud services, which requires connecting devices and servers to be provably healthy and managed. Servers that are unsupported or remain unpatched are persistently vulnerable and cannot be trusted, and therefore email messages sent from them cannot be trusted. Persistently vulnerable servers significantly increase the risk of security breaches, malware, hacking, data exfiltration, and other attacks.

We’ve said many times that it is critical for customers to protect their Exchange servers by staying current with updates and by taking other actions to further strengthen the security of their environment. Many customers have taken action to protect their environment, but there are still many Exchange servers that are out of support or significantly behind on updates.

Transport-based Enforcement System

To address this problem, we are enabling a transport-based enforcement system in Exchange Online that has three primary functions: reporting, throttling, and blocking. The system is designed to alert an admin about unsupported or unpatched Exchange servers in their on-premises environment that need remediation (upgrading or patching). The system also has throttling and blocking capabilities, so if a server is not remediated, mail flow from that server will be throttled (delayed) and eventually blocked.

We don’t want to delay or block legitimate email, but we do want to reduce the risk of malicious email entering Exchange Online by putting in place safeguards and standards for email entering our cloud service. We also want to get the attention of customers who have unsupported or unpatched Exchange servers and encourage them to secure their on-premises environments.

Reporting

For years, Exchange Server admins have had the Exchange Server Health Checker, which detects common configuration and performance issues, and collects useful information, including which servers are unsupported or unpatched. Health Checker can even create color-coded HTML reports to help you prioritize server remediation.

We are adding a new mail flow report to the Exchange admin center (EAC) in Exchange Online that is separate from and complementary to Health Checker. It provides details to a tenant admin about any unsupported or out-of-date Exchange servers in their environment that connect to Exchange Online to send email.

Figure 1 below shows a mockup of what the new report may look like when released:

The new mail flow report provides details on any throttling or blocking of messages, along with information about what happens next if no action is taken to remediate the server. Admins can use this report to prioritize updates (for servers that can be updated) and upgrades or migrations (for servers that can’t be updated).

Throttling

If a server is not remediated after a period of time (see below), Exchange Online will begin to throttle messages from it. In this case, Exchange Online will issue a retriable SMTP 450 error to the sending server which will cause the sending server to queue and retry the message later, resulting in delayed delivery of messages. In this case, the sending server will automatically try to re-send the message. An example of the SMTP 450 error is below:

450 4.7.230 Connecting Exchange server version is out-of-date; connection to Exchange Online throttled for 5 mins/hr. For more information see https://aka.ms/BlockUnsafeExchange.

The throttling duration will increase progressively over time. Progressive throttling over multiple days is designed to drive admin awareness and give them time to remediate the server. However, if the admin does not remediate the server within 30 days after throttling begins, enforcement will progress to the point where email will be blocked.

Blocking

If throttling does not cause an admin to remediate the server, then after a period of time (see below), email from that server will be blocked. Exchange Online will issue a permanent SMTP 550 error to the sender, which triggers a non-delivery report (NDR) to the sender. In this case, the sender will need to re-send the message. An example of the SMTP 550 error is below:

550 5.7.230 Connecting Exchange server version is out-of-date; connection to Exchange Online blocked for 10 mins/hr. For more information see https://aka.ms/BlockUnsafeExchange.

Enforcement Stages

We’re intentionally taking a progressive enforcement approach which gradually increases throttling over time, and then introduces blocking in gradually increasing stages culminating in blocking 100% of all non-compliant traffic.

Enforcement actions will escalate over time (e.g., increase throttling, add blocking, increase blocking, full blocking) until the server is remediated: either removed from service (for versions beyond end of life), or updated (for supported versions with available updates).

Stage 1 is report-only mode, and it begins when a non-compliant server is first detected. Once detected, the server will appear in the out-of-date report mentioned earlier and an admin will have 30 days to remediate the server.

If the server is not remediated within 30 days, throttling will begin, and will increase every 10 days over the next 30 days in Stages 2-4.

If the server is not remediated within 60 days from detection, then throttling and blocking will begin, and blocking will increase every 10 days over the next 30 days in Stages 5-7.

If, after 90 days from detection, the server has not been remediated, it reaches Stage 8, and Exchange Online will no longer accept any messages from the server. If the server is patched after it is permanently blocked, then Exchange Online will again accept messages from the server, as long as the server remains in compliance. If a server cannot be patched, it must be permanently removed from service.

Enforcement Pause

Each tenant can pause throttling and blocking for up to 90 days per year. The new mail flow report in the EAC allows an admin to request a temporary enforcement pause. This pauses all throttling and blocking and puts servers in report-only mode for the duration specified by the admin (up to 90 days per year, per tenant).

Pausing enforcement works like a pre-paid debit card, where you can use up to 90 days per year when and how you want. Maybe you need 5 days in Q1 to remediate a server, or maybe you need 15 days. And then maybe another 15 days in Q2, and so forth, up to 90 days per calendar year.

More details can be found in How to pause throttling and blocking of out-of-date on-premises Exchange Servers.

Initial Scope

The enforcement system will eventually apply to all versions of Exchange Server and all email coming into Exchange Online, but we are starting with a very small subset of outdated servers: Exchange 2007 servers that connect to Exchange Online over an inbound connector type of OnPremises.

We have specifically chosen to start with Exchange 2007 because it is the oldest version of Exchange from which you can migrate in a hybrid configuration to Exchange Online, and because these servers are managed by customers we can identify and with whom we have an existing relationship.

Following this initial deployment, we will incrementally bring other Exchange Server versions into the scope of the enforcement system. Eventually, we will expand our scope to include all versions of Exchange Server, regardless of how they send mail to Exchange Online.

We will also send Message Center posts to notify customers. Today, we are sending a Message Center post to all Exchange Server customers directing them to this blog post. We will also send targeted Message Center posts to customers 30 days before their version of Exchange Server is included in the enforcement system. In addition, 30 days before we expand beyond mail coming in over OnPremises connectors, we’ll notify customers via the Message Center.

Feedback and Upcoming AMA

As always, we want and welcome your feedback. Leave a comment on this post if you have any questions or feedback you’d like to share.

On May 10, 2023 at 9am PST, we are hosting an “Ask Microsoft Anything” (AMA) about these changes on the Microsoft Tech Community. We invite you to join us and ask questions and share feedback. This AMA will be a live text-based online event with no audio or video. This AMA gives you the opportunity to connect with us, ask questions, and provide feedback. You can register for this AMA here.

FAQs

Which cloud instances of Exchange Online have the transport-based enforcement system?
All cloud instances, including our WW deployment, our government clouds (e.g., GCC, GCCH, and DoD), and all sovereign clouds.

Which versions of Exchange Server are affected by the enforcement system?
Initially, only servers running Exchange Server 2007 that send mail to Exchange Online over an inbound connector type of OnPremises will be affected. Eventually, all versions of Exchange Server will be affected by the enforcement system, regardless of how they connect to Exchange Online.

How can I tell if my organization uses an inbound connector type of OnPremises?
You can use Get-InboundConnector to determine the type of inbound connector in use. For example, Get-InboundConnector | ft Name,ConnectorType will display the type of inbound connector(s) in use.

What is a persistently vulnerable Exchange server?
Any Exchange server that has reached end of life (e.g., Exchange 2007, Exchange 2010, and soon, Exchange 2013), or remains unpatched for known vulnerabilities. For example, Exchange 2016 and Exchange 2019 servers that are significantly behind on security updates are considered persistently vulnerable.

Is Microsoft blocking email from on-premises Exchange servers to get customers to move to the cloud?
No. Our goal is to help customers secure their environment, wherever they choose to run Exchange. The enforcement system is designed to alert admins about security risks in their environment, and to protect Exchange Online recipients from potentially malicious messages sent from persistently vulnerable Exchange servers.

Why is Microsoft only taking this action against its own customers; customers who have paid for Exchange Server and Windows Server licenses?
We are always looking for ways to improve the security of our cloud and to help our on-premises customers stay protected. This effort helps protect our on-premises customers by alerting them to potentially significant security risks in their environment. We are initially focusing on email servers we can readily identify as being persistently vulnerable, but we will block all potentially malicious mail flow that we can.

Will Microsoft enable the transport-based enforcement system for other servers and applications that send email to Exchange Online?
We are always looking for ways to improve the security of our cloud and to help our on-premises customers stay protected. We are initially focusing on email servers we can readily identify as being persistently vulnerable, but we will block all potentially malicious mail flow that we can.

If my Exchange Server build is current, but the underlying Windows operating system is out of date, will my server be affected by the enforcement system?
No. The enforcement system looks only at Exchange Server version information. But it is just as important to keep Windows and all other applications up-to-date, and we recommend customers do that.

Delaying and possibly blocking emails sent to Exchange Online seems harsh and could negatively affect my business. Can’t Microsoft take a different approach to this?
Microsoft is taking this action because of the urgent and increasing security risks to customers that choose to run unsupported or unpatched software. Over the last few years, we have seen a significant increase in the frequency of attacks against Exchange servers. We have done (and will continue to do) everything we can to protect Exchange servers but unfortunately, there are a significant number of organizations that don’t install updates or are far behind on updates, and are therefore putting themselves, their data, as well as the organizations that receive email from them, at risk. We can’t reach out directly to admins that run vulnerable Exchange servers, so we are using activity from their servers to try to get their attention. Our goal is to raise the security profile of the Exchange ecosystem.

Why are you starting only with Exchange 2007 servers, when Exchange 2010 is also beyond end of life and Exchange 2013 will be beyond end of life when the enforcement system is enabled?
Starting with this narrow scope of Exchange servers lets us safely exercise, test, and tune the enforcement system before we expand its use to a broader set of servers. Additionally, as Exchange 2007 is the most out-of-date hybrid version, it doesn’t include many of the core security features and enhancements in later versions. Restricting the most potentially vulnerable and unsafe server version first makes sense.

Does this mean that my Exchange Online organization might not receive email sent by a 3^rd party company that runs an old or unpatched version of Exchange Server?
Possibly. The transport-based enforcement system initially applies only to email sent from Exchange 2007 servers to Exchange Online over an inbound connector type of OnPremises. The system does not yet apply to email sent to your organization by companies that do not use an OnPremises type of connector. Our goals are to reduce the risk of malicious email entering Exchange Online by putting in place safeguards and standards for email entering the service and to notify on-premises admins that the Exchange server their organization uses needs remediating.

How does Microsoft know what version of Exchange I am running? Does Microsoft have access to my servers?
No, Microsoft does not have any access to your on-premises servers. The enforcement system is based on email activity (e.g., when the on-premises Exchange Server connects to Exchange Online to deliver email).

Our on-premises servers are subject to this throttling and blocking. How can we pause this?
See How to pause throttling and blocking of out-of-date on-premises Exchange Servers. Please note that this is just a temporary, limited-time pause and you should migrate away from out of date versions of Exchange Server as soon as possible.

We upgraded our servers to an up-to-date version; why doesn’t the reporting reflect that?
The reporting currently doesn’t show servers that comply with the current update version recommendations. In the EAC, once a persistently vulnerable server is brought up to date, the server will no longer appear in the report. In PowerShell, the Get-OnPremServerReportInfo output only includes all of the past detected persistently vulnerable versions for the server(s). It will not include records for the server versions that are currently not considered persistently vulnerable.

The Exchange Team

Updated Feb 20, 2025

Version 8.0

Microsoft

Joined April 19, 2019

View Profile

Exchange Team Blog

You Had Me at EHLO.

89 Comments

jd---
Copper Contributor
Mar 10, 2025
hello Exchange Team Blog
I see your article states:
2/20/2025: Please note that thottling/blocking has now been enabled for all versions of Exchange Server, including Exchange Server 2019, if significantly out of date.
and
We will also send targeted Message Center posts to customers 30 days before their version of Exchange Server is included in the enforcement system.
However I have double checked our Message Center for the words 'blocked', throttled', 'throttling' and can find no such posts?
I have also checked through my archive of old 'Major update from Message center' and 'Weekly digest: Microsoft service updates' emails from the past few years and again cannot find any mention of this?
The first I am hearing about this is right now, when finding the error:
Connecting Exchange server version is out-of-date; connection to Exchange Online throttled
while troubleshooting delays passing through our (admittedly slightly behind) on-prem infrastructure.
I know the aim is to get people fully updated, but discovering emails are going to start being blocked in only 2 weeks time is not a great way to find about this...
chupacabra_007
Copper Contributor
Nov 20, 2024
i think most of us agree this is a Microsoft bug within Exchange.
If you checked my previous posts you will see we ran into this issue since April '24.
Even now the dashboard tells me i have 2 different verions running. And it even says my version is up to date and the issue is resolved, but email are still being blocked if i don't use puaze.
Now Microsoft has finally come with a statement that it's an "on-premises issue" and they won't help any further. Very disapointing..
- akvabello
  Brass Contributor
  Nov 20, 2024
  chupacabra_007
  Do you have anything that uses an Exchange pickup directory? I'm not sure if this has ever been thoroughly explained here, but the way the classification of on-premise servers works is simply by the reported version in the message headers as they flow through Microsoft's servers. Exchange 2016 has a bug where it reports its version as 15.1.2507.6 in the message headers when the email is sent via a pickup directory. This is the Exchange 2016 CU23 release with no patches. All subsequent SUs are not reported when messages are sent via pickup directory. If the message is sent via SMTP, it reports the correct version in the message headers.
  Microsoft is aware of this, but they don't seem to care to fix it and won't work around it or make an exception on the EXO side. The easiest fix is to stop using the pickup directories, or if you need them, stand up Exchange 2019 and decommission Exchange 2016. I temporarily worked around this by configuring a connector on my on-prem server to forward messages to a simple postfix relay I stood up. That in turn sent the messages to Microsoft. This extra hop in the middle prevented them from identifying the originating Exchange version, even though it was in the path. I believe I had a connector on the Microsoft side as well identifying the postfix relay to accept messages from it.
  After I did that, I worked on standing up Exchange 2019 and decommissioning 2016. Now the version reports correctly on 2019 when sending via pickup directory.
  Exchange 2016 and 2019 both go EOL October 14th of next year, but you can do in place upgrades of 2019 to the next version (available sometime next year), so you best be on that anyway since you'll need to upgrade in a very small window of time.
  - chupacabra_007
    Copper Contributor
    Nov 21, 2024
    Hello akvabello,
    Yes, indeed we have a pickup directory. And I am aware of the issue with the incorrect version it reports. Unfortunately, no one at Microsoft told us.
    I had to find out through forums like this one.
    The thing that stings is that Microsoft says they support the Exchange version we run.
    But because of this bug it reports the wrong version and therefore they do not take any responsibility.
    This has cost us a lot of time and effort communicating with their support team. They asked for a lot of information (many times they asked for the same info). And now after 8 months they say they do not support our issue. I wish they told us 7 months ago.
    This would have saved us a lot of time annoyance.
    We are now in the final stage of migration to Exchange 2019.
    Hopefully this will solve our issue.
    I just want other users with the same issue to know.
Ken_Harrell1145
Brass Contributor
Oct 29, 2024
davidvasta

Here is what I see with Get-OnPremServerReportInfo

I am ignoring all of it for now. 🙂

We have paused enforcement and have kindly asked for more than 90 days of pause since we can demonstrate we are at the latest version of Exchange 2016.
RaffaColavecchi-MVP
Brass Contributor
Oct 28, 2024
krish70
you have a simple way: migrate to Exchange 2019 hybrid server without any license cost.
https://techcommunity.microsoft.com/t5/exchange-team-blog/best-practices-for-migrating-from-exchange-server-2013-to/ba-p/3773084?WT.mc_id=M365-MVP-5005337

Bye.
Raffa!
diego_fig
Copper Contributor
Oct 25, 2024
hi davidvasta
diego_fig
Copper Contributor
Oct 25, 2024
Hi davidvasta ..

PS C:\Users\dfig> Get-OnPremServerReportInfo

ServerFQDN : exch-01.--------------.net.ar
Build : 15.1.2375.34
ExchangeServer : ExchangeServer2016
FirstDetectedDate : 28/03/2024 00:14:21
RecommendedBuildVersions : 15.1.2507.39, 15.1.2507.37, 15.1.2507.36, 15.1.2507.35, 15.1.2507.34, 15.1.2507.32,
15.1.2507.31
ThrottleEnabledDate : 27/04/2024 00:14:21
BlockingEnabledDate : 27/05/2024 00:14:21
NextStageThrottleRate : 0
NextStageBlockRate : 60
NextStageStartDate : 08/09/2024 16:46:54

ServerFQDN : exch-01.--------------.net.ar
Build : 15.1.2507.6
ExchangeServer : ExchangeServer2016
FirstDetectedDate : 08/06/2024 15:29:15
RecommendedBuildVersions : 15.1.2507.39, 15.1.2507.37, 15.1.2507.36, 15.1.2507.35, 15.1.2507.34, 15.1.2507.32,
15.1.2507.31
ThrottleEnabledDate : 08/07/2024 15:29:15
BlockingEnabledDate : 07/08/2024 15:29:15
NextStageThrottleRate : 0
NextStageBlockRate : 60
NextStageStartDate : 14/11/2024 16:46:54

ServerFQDN : exch-01
Build : 15.1.2375.7
ExchangeServer : ExchangeServer2016
FirstDetectedDate : 28/03/2024 18:13:23
RecommendedBuildVersions : 15.1.2507.39, 15.1.2507.37, 15.1.2507.36, 15.1.2507.35, 15.1.2507.34, 15.1.2507.32,
15.1.2507.31
ThrottleEnabledDate : 27/04/2024 18:13:23
BlockingEnabledDate : 27/05/2024 18:13:23
NextStageThrottleRate : 0
NextStageBlockRate : 60
NextStageStartDate : 09/09/2024 16:46:54

ServerFQDN : exch-02.--------------.net.ar
Build : 15.1.2375.34
ExchangeServer : ExchangeServer2016
FirstDetectedDate : 28/03/2024 00:11:25
RecommendedBuildVersions : 15.1.2507.39, 15.1.2507.37, 15.1.2507.36, 15.1.2507.35, 15.1.2507.34, 15.1.2507.32,
15.1.2507.31
ThrottleEnabledDate : 27/04/2024 00:11:25
BlockingEnabledDate : 27/05/2024 00:11:25
NextStageThrottleRate : 0
NextStageBlockRate : 60
NextStageStartDate : 08/09/2024 16:46:54

ServerFQDN : exch-02.--------------.net.ar
Build : 15.1.2507.6
ExchangeServer : ExchangeServer2016
FirstDetectedDate : 08/06/2024 16:38:26
RecommendedBuildVersions : 15.1.2507.39, 15.1.2507.37, 15.1.2507.36, 15.1.2507.35, 15.1.2507.34, 15.1.2507.32,
15.1.2507.31
ThrottleEnabledDate : 08/07/2024 16:38:26
BlockingEnabledDate : 07/08/2024 16:38:26
NextStageThrottleRate : 0
NextStageBlockRate : 60
NextStageStartDate : 14/11/2024 16:46:54

ServerFQDN : exch-02
Build : 15.1.2375.7
ExchangeServer : ExchangeServer2016
FirstDetectedDate : 01/04/2024 17:46:30
RecommendedBuildVersions : 15.1.2507.39, 15.1.2507.37, 15.1.2507.36, 15.1.2507.35, 15.1.2507.34, 15.1.2507.32,
15.1.2507.31
ThrottleEnabledDate : 01/05/2024 17:46:30
BlockingEnabledDate : 31/05/2024 17:46:30
NextStageThrottleRate : 0
NextStageBlockRate : 60
NextStageStartDate : 13/09/2024 16:46:54

ServerFQDN : exch-02
Build : 15.1.2507.6
ExchangeServer : ExchangeServer2016
FirstDetectedDate : 10/06/2024 13:19:54
RecommendedBuildVersions : 15.1.2507.39, 15.1.2507.37, 15.1.2507.36, 15.1.2507.35, 15.1.2507.34, 15.1.2507.32,
15.1.2507.31
ThrottleEnabledDate : 10/07/2024 13:19:54
BlockingEnabledDate : 09/08/2024 13:19:54
NextStageThrottleRate : 0
NextStageBlockRate : 60
NextStageStartDate : 14/11/2024 16:46:54
krish70
Copper Contributor
Oct 25, 2024
This is really frustrating when you have situations where companies use On-Prem hosted ERP systems and they have limitations to use SMTP relay puts admin in a
tough situation not been able to help with the essential business requirement like Email Flow. Our on-prem exchange server is 2013 and all our mailboxes are migrated to Office 365 and looking to migrate the Email relay also to office 365 and it has issues which is being looked at to resolve. We have a valid SSL certificate and seeing issue for inbound emails when sent from ERP to inside the organization it fails showing this throttle error. Hope Microsoft can understand this and provide a solution.
diego_fig
Copper Contributor
Oct 25, 2024
hi davidvasta we are all in the same.... we have 2 server both with latest Cu and Hotfixs
PS C:\> Get-OnPremServerReportInfo
ServerFQDN : exch-01.----------.net.ar
Build : 15.1.2375.34
ExchangeServer : ExchangeServer2016
FirstDetectedDate : 28/03/2024 00:14:21
RecommendedBuildVersions : 15.1.2507.39, 15.1.2507.37, 15.1.2507.36, 15.1.2507.35, 15.1.2507.34, 15.1.2507.32,
15.1.2507.31
ThrottleEnabledDate : 27/04/2024 00:14:21
BlockingEnabledDate : 27/05/2024 00:14:21
NextStageThrottleRate : 0
NextStageBlockRate : 60
NextStageStartDate : 08/09/2024 16:46:54

ServerFQDN : exch-01.----------.net.ar
Build : 15.1.2507.6
ExchangeServer : ExchangeServer2016
FirstDetectedDate : 08/06/2024 15:29:15
RecommendedBuildVersions : 15.1.2507.39, 15.1.2507.37, 15.1.2507.36, 15.1.2507.35, 15.1.2507.34, 15.1.2507.32,
15.1.2507.31
ThrottleEnabledDate : 08/07/2024 15:29:15
BlockingEnabledDate : 07/08/2024 15:29:15
NextStageThrottleRate : 0
NextStageBlockRate : 60
NextStageStartDate : 14/11/2024 16:46:54

ServerFQDN : exch-01
Build : 15.1.2375.7
ExchangeServer : ExchangeServer2016
FirstDetectedDate : 28/03/2024 18:13:23
RecommendedBuildVersions : 15.1.2507.39, 15.1.2507.37, 15.1.2507.36, 15.1.2507.35, 15.1.2507.34, 15.1.2507.32,
15.1.2507.31
ThrottleEnabledDate : 27/04/2024 18:13:23
BlockingEnabledDate : 27/05/2024 18:13:23
NextStageThrottleRate : 0
NextStageBlockRate : 60
NextStageStartDate : 09/09/2024 16:46:54

ServerFQDN : exch-02.----------.net.ar
Build : 15.1.2375.34
ExchangeServer : ExchangeServer2016
FirstDetectedDate : 28/03/2024 00:11:25
RecommendedBuildVersions : 15.1.2507.39, 15.1.2507.37, 15.1.2507.36, 15.1.2507.35, 15.1.2507.34, 15.1.2507.32,
15.1.2507.31
ThrottleEnabledDate : 27/04/2024 00:11:25
BlockingEnabledDate : 27/05/2024 00:11:25
NextStageThrottleRate : 0
NextStageBlockRate : 60
NextStageStartDate : 08/09/2024 16:46:54

ServerFQDN : exch-02
Build : 15.1.2507.6
ExchangeServer : ExchangeServer2016
FirstDetectedDate : 08/06/2024 16:38:26
RecommendedBuildVersions : 15.1.2507.39, 15.1.2507.37, 15.1.2507.36, 15.1.2507.35, 15.1.2507.34, 15.1.2507.32,
15.1.2507.31
ThrottleEnabledDate : 08/07/2024 16:38:26
BlockingEnabledDate : 07/08/2024 16:38:26
NextStageThrottleRate : 0
NextStageBlockRate : 60
NextStageStartDate : 14/11/2024 16:46:54

ServerFQDN : exch-02
Build : 15.1.2375.7
ExchangeServer : ExchangeServer2016
FirstDetectedDate : 01/04/2024 17:46:30
RecommendedBuildVersions : 15.1.2507.39, 15.1.2507.37, 15.1.2507.36, 15.1.2507.35, 15.1.2507.34, 15.1.2507.32,
15.1.2507.31
ThrottleEnabledDate : 01/05/2024 17:46:30
BlockingEnabledDate : 31/05/2024 17:46:30
NextStageThrottleRate : 0
NextStageBlockRate : 60
NextStageStartDate : 13/09/2024 16:46:54

ServerFQDN : exch-02
Build : 15.1.2507.6
ExchangeServer : ExchangeServer2016
FirstDetectedDate : 10/06/2024 13:19:54
RecommendedBuildVersions : 15.1.2507.39, 15.1.2507.37, 15.1.2507.36, 15.1.2507.35, 15.1.2507.34, 15.1.2507.32,
15.1.2507.31
ThrottleEnabledDate : 10/07/2024 13:19:54
BlockingEnabledDate : 09/08/2024 13:19:54
NextStageThrottleRate : 0
NextStageBlockRate : 60
NextStageStartDate : 14/11/2024 16:46:54
davidvasta
Microsoft
Oct 25, 2024
Ken_Harrell1145 - I think I saw the case. That said I would ignore the report for now. It's being worked on and we should have a fix out at some point. Just know that if you check the Exchange Versions and you are on the latest one you will not be throttled. Just stay up to date is the best advice at this point until we get the report sorted out.

When you use this command do you see a different array of data that the report in EXO?

Get-OnPremServerReportInfo

Exchange Server editions and versions | Microsoft Learn
Ken_Harrell1145
Brass Contributor
Oct 25, 2024
I'm opening my 4th case on this. Someone from security looks at the report and screams there is a problem, I open a case and there is no real problem, but the report is super misleading and stating it is blocking messages from out-of-date servers (they have the newest patch). When is the reporting going to be corrected? It is driving my leadership crazy. You know, the folks that help pay the bills.