Multi-Tenant Microsoft Exchange Online support
Company I am working for is in the process of migrating our Exchange on premise clients to Microsoft Exchange online. We are partnering with Pax8 for licensing portion of it as well as Microsoft technical support. I want to be able manage all of these tenants through a single interface so we can control access to that select set of accounts so as technicians come and go in our team, we can manage access to that single interface. Wonder what 'best practice' would be in this scenario.
Emails delayed or not received.
Hello Please i need your help on this issue. Emails delayed or not received. We have noticed that since last Friday (3rd Oct) emails sent to @livener.net addresses have been delayed or not received. This is using the Outlook app, Apple Mail App and Outlook Online.so I do not believe it is a client issue. In particular a mail from massenzana @runeXXXX to Tony @liveXXXXX and Bernie @liveXXXXX on Friday evening has not been received. It was received by other recipients. Test mails from Tony @gmailXXXX to Tony @liveXXXXX and bernie @liveXXXXX sent at approx 09:40 have not been received. A mail from Bernie @soundXXXX sent at 07:02 this morning arrived at Tony @liveXXXX at 09:49
Why would a hacker/scammer put a domain INTO my exchange online admin?
OK so this is a weird one. I've been doing this a fairly long time but I'm not a full time exchange admin. I help my clients with exchange online often, but I'm a local IT pro, doing all sorts of screwdriver and software work, not just exchange. So maybe this isn't as bizarre as I think it is, but let's see. My client stopped receiving email 2 days ago. Alerted me to it yesterday. They don't know their password but no devices are asking for passwords, so I suspect it's not a password issue. I get logged into my admin and reset their password so we can get into their account. Suddenly they start getting asked for PW on phone and outlook, so we know that the password hadn't been changed prior. I get into account and see new rules sending all emails into archive and trash. So that explains that. So someone broke into the account with the correct password. Easily enough explained. Though weird that it would happen if the user didn't know their own password. So, one question is how did the scammer get into the account. I have looked at the login logs but I don't know what to sort/filter by to really find out anything helpful. Any ideas? So I got into the account and upon resetting his password he is forced to enable MFA. So that's done. I'm in the admin and what do I find? Two NEW domains in the settings. They are set up for exchange online. No users though. Not only that but I can't REMOVE the domains that aren't mine. I get this error when trying to remove it: "The domain coburnsfleetservices.com can't be removed at this time because it was purchased from Microsoft 365. It can only be used with your current Microsoft 365 account. You can remove it from the account once the subscription expires or is canceled." Also, in the emails missed in the past 48 hours we got one that said this: "A verified domain was added to your Avenue A Realty Advisors LLC account If this domain wasn't added by an admin in your organization, credentials might have been compromised and we suggest reviewing your password and multifactor authentication settings." I searched online and found contact info for one of the stolen/given domains. Called them and they said they had been hijacked 2 weeks ago, and their email used to send out payment requests to thousands of email addresses. Thought they had it solved a few days ago and it had been silent. Now this. So a second thing I'd like to find out is when exactly those domains were put into my exchange online account. Can I find that info from the logs? Additionally, WHY would someone move unrelated domains into my account? Maybe is the assumption that that happened before 2 weeks ago when that company's domain had been used to send out mass mail? Doesn't seem possible, because that company would have figured out that they no longer controlled their own domain and they couldn't have gotten control of the account again. Or...? I don't know. But while I've seen users tricked into giving out their passwords dozens of times, and their email used to try to solicit money from vendors, I've never seen another domain slipped in. Any ideas? And suggestions how to search the logs to get to the bottom of the missing puzzle pieces? Thanks for any leads!We have set RejectDirectSend to true
Hello Please i need your help on this issue. We have set RejectDirectSend to true, but it is still possible to send mail anonymously through tenant Last Friday 3 oct 2025 we configured the tenant not to allow DirectSend from anonymous sources by setting the RejectDirectSend value to true using Powershell command. When we check the status with the Get-command it looks like it is set but it is not working - it is still possible to spoof emails by sending through the mx record as anonymous.
