check before: 2025-09-01
Product:
Exchange, SharePoint
Platform:
Online, US Instances, World tenant
Status:
Change type:
New feature, User impact, Admin impact
Links:
Details:
Summary:
Microsoft Exchange Online introduces a new "Reject Direct Send" parameter to block unwanted Direct Send traffic. Public Preview is available now, with General Availability in September 2025. Admins can enable this feature using PowerShell. Review configurations and notify users. Learn more [here](https://techcommunity.microsoft.com/blog/exchange/introducing-more-control-over-direct-send-in-exchange-online/4408790).
Details:
Direct Send is a method used to send emails directly to a Microsoft Exchange Online customer's hosted mailboxes from on-premises devices, applications, or third-party cloud services using the customer's own accepted domain. It is an advanced method of sending messages to your users and requires proper configuration of SPF, DKIM, and DMARC to ensure messages are delivered successfully.
Many customers do not need to use Direct Send. Because SPF protections do not always outright block messages and sometimes deliver them to the Junk folder, it is possible for malicious senders mimicking Direct Send to have their messages that spoof your own domains land in the Junk folder and potentially confuse your users. Before this rollout, no feature existed to block Direct Send traffic for customers who have no need to use it. We will roll out the new Reject Direct Send setting for Exchange Online.
[When this will happen:]
Public Preview: Available now.
General Availability (Worldwide, GCC, GCC High): We will begin rolling out early September 2025 and expect to complete by early September 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-06-13
updated:
2025-06-13
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft Exchange Online is introducing a "Reject Direct Send" feature to block unauthorized email traffic by requiring authentication, with a Public Preview available and full release expected by September 2025, allowing admins to enable it via PowerShell.
Direct effects for Operations**
Blocking of Legitimate Emails
Enabling the Reject Direct Send feature without proper configuration may block legitimate emails from third-party services or on-premises applications that are not authenticated, leading to communication disruptions.
- roles: Exchange Admin, End Users
- references: https://techcommunity.microsoft.com/blog/exchange/introducing-more-control-over-direct-send-in-exchange-online/4408790
User Confusion and Frustration
Users may receive error messages (550 5.7.68) when trying to send emails that are blocked due to the new setting, causing confusion and frustration among users who are unaware of the change.
- roles: End Users, Help Desk Support
- references: https://techcommunity.microsoft.com/blog/exchange/introducing-more-control-over-direct-send-in-exchange-online/4408790
Increased Support Tickets
The implementation of the Reject Direct Send feature may lead to an increase in support tickets as users encounter issues with email delivery, requiring IT support to address these concerns.
- roles: Help Desk Support, IT Operations
- references: https://techcommunity.microsoft.com/blog/exchange/introducing-more-control-over-direct-send-in-exchange-online/4408790
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
Enhanced Security through Direct Send Blocking
By enabling the Reject Direct Send feature, organizations can significantly reduce the risk of phishing attacks and spam that exploit Direct Send. This is particularly important for organizations that do not use Direct Send, as it prevents unauthorized senders from delivering potentially harmful messages to users' inboxes.
- next-steps: Assess the current usage of Direct Send within the organization, and communicate the benefits of enabling this feature to stakeholders. Prepare to implement the PowerShell command to enable the feature and create documentation for users regarding the changes.
- roles: IT Security Manager, Exchange Administrator, Compliance Officer
- references: https://techcommunity.microsoft.com/blog/exchange/introducing-more-control-over-direct-send-in-exchange-online/4408790
Improved User Experience with Reduced Spam
By blocking unauthorized Direct Send messages, users will experience fewer spam emails and phishing attempts in their inboxes. This leads to a cleaner, more manageable email environment and enhances overall productivity as users spend less time dealing with unwanted emails.
- next-steps: Notify users about the upcoming changes and provide training on identifying legitimate emails versus potential phishing attempts. Gather user feedback post-implementation to ensure the changes are positively impacting their experience.
- roles: End Users, IT Support Staff, Training Coordinators
- references: https://techcommunity.microsoft.com/blog/exchange/introducing-more-control-over-direct-send-in-exchange-online/4408790
Streamlined Email Configuration Management
The introduction of the Reject Direct Send feature allows for better management of email configurations by enabling admins to control which sources can send emails to their organization. This reduces the complexity of managing SPF, DKIM, and DMARC records and enhances overall email deliverability and security.
- next-steps: Review existing email configurations and determine which sources require authenticated access. Set up partner mail flow connectors for any necessary services and ensure documentation is updated to reflect the new configurations.
- roles: Exchange Administrator, IT Operations Manager, Network Administrator
- references: https://techcommunity.microsoft.com/blog/exchange/introducing-more-control-over-direct-send-in-exchange-online/4408790
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 4 weeks ago
