Background
In the blog post published March 2023, Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online, we explained that for security reasons, messages sent from out-of-date on-premises Exchange servers over an inbound connector of type OnPremises would soon be subject to throttling and blocking. If your out-of-date on-premises connecting servers are getting throttled or blocked, you’ll see one or both of these errors in your on-premises email logs:
4.7.230 Connecting Exchange server version is out-of-date; connection to Exchange Online throttled for n mins/hr.
5.7.230 Connecting Exchange server version is out-of-date; connection to Exchange Online blocked for n mins/hr.
As noted in the previous post, each tenant subject to this restriction can pause enforcement (throttling and blocking) for up to 90 days each calendar year. They can use these days however and whenever they want, within that same calendar year.
How to create an enforcement pause
Using the Exchange Admin Center (EAC)
- In the EAC navigate to Reports > Mail flow > Out-of-date connecting on-premises Exchange servers
- In the report click on the Enforcement Pause link located on the right side just above the bar chart:
- In the fly-out panel for Pause enforcement, enter the number of days you would like to pause, then click Save. Remember, you can only pause enforcement for a total of 90 days per calendar year per tenant.
Create an enforcement pause using Exchange Online PowerShell
- Launch PowerShell and connect to Exchange online using this cmdlet:
Connect-ExchangeOnline - Run the following cmdlet to create, or extend an existing, enforcement pause. For example, to pause throttling and blocking for 90 days run the following cmdlet:
New-TenantExemptionInfo -BlockingScenario UnpatchedOnPremServer -NumberOfDays 90 - To confirm your enforcement pause was created run this cmdlet:
Get-TenantExemptionInfo -BlockingScenario UnpatchedOnPremServer
Please be aware that there is no way to "get back" the pause days you have requested. If you request a 30 day pause but then update your servers within 5 days (as an example) - you would have still used up 30 days from your yearly 90 day pause allocation. Microsoft does not have a way to "refund days not used".
How to check if your servers are subject to throttling and blocking
To check if Exchange Online has detected any connecting out-of-date servers and details like when throttling or blocking will start run this Exchange Online PowerShell cmdlet:
Get-OnPremServerReportInfo
More information
Exchange Online Transport Team
You Had Me at EHLO.