Send admin notifications on x number of messages from an email address
Hi, We're having a problem with a repeat spam/phishing offender that recycles email addresses from a particular domain. Because the email address is new it hasn't had a chance to be picked up by blacklists, so it doesn't get picked up as spam. We can't block on content, subject or sender because it all changes so for these campaigns we're relying on user reports to give us the heads up. We also can't block the domain because we receive legitimate email from the domain also. I'd like to change this so we can hit them before users notice and possibly whilst the spam campaign is in flight but I'm unsure as to how to go about it. Is there a rule or other setting I can configure which sends notifications to specific e-mail addresses if, say 100 emails were received from any email address (or from a specific domain?) within an hour, or 5 hours? I don't see how I can configure such a rule in mailflow rules so I'm guessing this might be somewhere else. There's an element of us likely being falsely alerted to marketing campaigns, but hopefully it's configurable enough that we can limit it down to only applying this against a specific sender domain, or adding a new custom mailflow rule which will lower the likelihood of false positives. Many thanks, - LswardReporting Recent Distribution List Changes
A recent discussion about reporting changes to Microsoft 365 groups provoked the question about how to report distribution list changes. The answer is that the same structure can be taken in a PowerShell script to fetch and report data, including the audit records containing the information about the changes, but the actual code is very different. Distribution lists Exchange Online objects and not Entra ID groups… https://office365itpros.com/2026/06/02/distribution-list-changes/Tenant-to-Tenant Migration with Orchestrator – Technical Overview (Microsoft 365 | Preview)
Tenant-to-tenant migration with Orchestrator in Microsoft 365 introduces a native, API-driven, and highly validated approach for cross-tenant migrations. It is designed for enterprise scenarios where sequencing, dependencies, and governance are critical. Note: This capability is currently in preview. Features and behavior may change before GA. Architecture and execution model Migration is executed through batches (jobs) managed via Microsoft Graph (Beta) User-level execution: one user failing validation does not block others in the same batch Mandatory Standalone Validation before migration submission Date-driven cutover using completeAfterDateTime Supported workloads (actual scope) Exchange Online Microsoft Teams ODSP (OneDrive for Business) Important clarification on SharePoint Orchestrator does not migrate shared SharePoint content such as Team sites, Channel sites, or collaboration sites. The ODSP workload covers personal user data (OneDrive) only. SharePoint team/workload sites remain out of scope and require separate tooling or processes. Critical prerequisites Identity Mapping (CTIM) is mandatory and must remain stable during migration Target users must not have Exchange mailboxes or OneDrive sites provisioned before migration Licenses must be assigned only after Identity Mapping (ExchangeGuid stamping) Migration apps and service principals (Teams, Meetings, CTMS) must be correctly provisioned Organization Relationships and Migration Endpoints must be in place Exchange autoforwarding must be enabled for Meetings migration Validation and lifecycle Standalone Validation acts as a full “what-if” check Key states include: Cancellation or user removal is possible only before cutover Post-migration cleanup After completion, tenants must be returned to a non-migration state: Remove Identity Mapping data Remove Organization Relationships Remove Migration Endpoints Revoke migration app permissions and service principals Decide whether to retain or remove MailUsers in the source tenant Skipping cleanup leaves the tenant in an exception state. When this approach fits Mergers and acquisitions Divestitures and tenant splits Regulated environments requiring strict control Scenarios where dependency-aware sequencing matters more than speed Technical conclusion Orchestrator is not a one-click solution. It delivers native orchestration, deep validation, and predictable execution when Identity Mapping, licensing order, and scope boundaries are fully understood. For experienced administrators and architects, it represents a major step forward in tenant-to-tenant migrations within Microsoft 365, even while still in preview.
