This guide will allow administrators to create a temporary email restriction bypass for users that have exceeded their allowed daily external sending limit.
Email Restricted Entity Methodology
When an account exceeds its daily sending quota, it becomes a restricted entity. This can result from an account sending emails to a large list of CC’ed recipients in a chain, or in less benign cases, exporting of a mailbox to an external server. As such, precaution is taken for these situations, and approval from a technical contact is required before the account is allowed to resume typical behavior.
It is best practice to not unblock the entity unless it has been identified as sanctioned activity, the technical contact for the affected organization will need to be notified and written consent will need to be granted before the actions listed below will be carried out. If no approval is given, do nothing.
Removing a User as a Restricted Entity
- Navigate to the Restricted Entities – 365 Defender portal. If an entity has been identified to be currently restricted and consent has been given for the activity exercised by this user being sanctioned, select the account that is listed followed by selecting the Unblock option for the restricted entity.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.