Solving NDR: 550 5.7.705 Access Denied, Tenant Exceeded Threshold Office365
This can be used as an Ambassador or Global Administrator’s guide when they encounter tenant exceeded threshold error when sending emails using their Office365 account.
The purpose of this blog is to identify the root cause of the issue and to avoid it from happening again in the future. Remember that the Microsoft Exchange Online Protection (EOP) is strict when it comes to the security of the tenant.
Cause/Reason:
Microsoft Exchange Online Protection (EOP) detected a huge volume of emails or bulk sending of suspicious and unsolicited emails coming from the tenant. This will block all outgoing emails that will result in NDR 550 5.7.705 Access Denied, Tenant Exceeded Threshold.
Office365 restricts bulk sending of emails beyond the limits allowed. Microsoft enforced Receiving and Sending limits to combat spam and mass-mailing worms or viruses. These limits help to protect the health of Microsoft System and all Office365 users as well.
Note: These are hard limits and cannot be bypassed.
Exchange Online Limits
Sending Limits
Sending limits apply to the number of recipients, number of messages, and number of recipients per message that a user can send from their Exchange Online account.
Note: Distribution groups stored in Office365 Address Book are counted as one recipient. This can be an alternative solution. However, please see Microsoft’s official statement below:
“Exchange Online customers who need to send legitimate bulk commercial emails (for example, customer newsletters) should use third-party providers that specialize in these services.”
If you are a global administrator or an IT of the company, the question is who triggers the limit?
To find out who triggers the limit, you can follow the methods below:
Step 1: Check the Top Sender and Recipient Report
Security and Compliance Admin Center > Reports > Dashboard > Top Sender and Recipients
a. Top Sender and Recipients from Security and Compliance
When you hover over a wedge in the pie chart, you can see a count of messages sent or received.
Click (or tap) the report to open it in a new browser window, where you can get a more detailed view of the report.
Use the Show Data for a list to choose whether to view data for top senders, receivers, spam recipients, and malware recipients. You can also see who received malware that was detected by Microsoft EOP.
b. Show data option in Top Sender and Recipients
You can also select the View details table to see a tabulated detail of the report.
c. Details View in Top Sender and Recipients
Step 2: Check the Message Trace results
Once you identified who is the top sender on the tenant, you need to check what are the messages sent under this account that triggers the limit.
You can perform message trace in 2 ways:
1. Exchange Admin Center
Admin Center > Exchange Admin Center > Mail Flow > Message Trace
2. Security and Compliance Admin Center
Admin Center > Security and Compliance Admin Center > Mail Flow >Message Trace > Start a Trace
a. Add the user (based on the top sender results) on the Sender and click Search.
b. It should show you the past 48 hours (by default, if you don’t customize the date) sender under this account
c. Check with the user if those emails are legitimate or not
Resolution
1. If the emails sent by the user is legitimate
Educate the user regarding the sending limits in Office365. Explain that Office365 does not support bulk sending of emails beyond the limits. Please present the article provided on the top of this page regarding the sending limits in Office365. Once done, you can log a ticket to Microsoft Support to unblock your Office365 tenant. Ensure that the steps above are followed else they won’t unblock it right away and will still ask you to perform the same steps.
2. If the user claims that he did not send the email
There is a high possibility that the account is spoofed or hacked.
To protect the account and avoid further damage. Please follow the link below on how to identify Spoofing or Hacking in Office365.
https://medium.com/jj365/troubleshooting-spoofing-and-hacking-in-office365-8befc5e9d5a2
After enforcing protection to the account by implementing the URL steps above, you can now contact Microsoft Support to release the tenant. Still, the same steps above need to be followed to unblock your account.
Takeaway
Microsoft EOP limits are not a bad thing. It ensures that your account is protected from Hackers/Spoofers/Phishers that may try to compromise your accounts and the system itself. Limits were built to avoid further damage in case the account was compromised.
It is still our responsibility as a user to secure our account and ensure that it will not be prone to those predators. Avoid using your business email to a non-business/ personal site, including social media.
