Skip to main content
All CollectionsCommon Questions
How to Resolve Microsoft 365 Email Bounces Due to Restricted Entities
How to Resolve Microsoft 365 Email Bounces Due to Restricted Entities
Yashal Vagadia avatar
Written by Yashal Vagadia
Updated over 2 months ago

Hey Saleshandy users 👋🏻

If you're a Microsoft 365 organization using Exchange Online or standalone Exchange Online Protection (EOP), you might encounter issues where a user’s email gets blocked. This typically happens when a user exceeds outbound sending limits or violates spam policies. When this occurs, the user is restricted from sending emails, and their account is added to the Restricted entities page in the Microsoft Defender portal.

In this article, we'll explain what happens when a user is restricted, how to identify the issue, and the steps to remove the user from the Restricted entities page.

What Happens When a User Is Restricted?

  1. Email Sending Restrictions: When a user exceeds the service's outbound sending limits or violates spam policies, they are restricted from sending emails. However, they can still receive emails.

  2. Added to Restricted Entities Page: The user is added to the Restricted entities page in the Microsoft Defender portal. A restricted entity could be a user account or a connector that’s blocked due to suspected compromise, often because of exceeding message sending or receiving limits.

  3. Non-Delivery Report (NDR): If the user attempts to send an email after being restricted, they will receive a non-delivery report (NDR), also known as a bounce message, with the error code 5.1.8. The message usually states:

    "Your message couldn't be delivered because you weren't recognized as a valid sender. The most common reason for this is that your email address is suspected of sending spam and it's no longer allowed to send email. Contact your email admin for assistance. Remote Server returned '550 5.1.8 Access denied, bad outbound sender.'

  4. Compromised Accounts: A user being added to the Restricted entities page is often a sign of a compromised account. Before proceeding with unblocking the user, it's crucial to ensure that the account is secure. You can find more information on how to regain control of a compromised account in Microsoft's documentation.

Steps to Remove a User from the Restricted Entities Page

There are two main ways to remove a user from the Restricted entities page: through the Microsoft Defender portal or by using Exchange Online PowerShell.

Method 1: Using the Microsoft Defender Portal

  1. Access the Microsoft Defender Portal:

  2. Identify the Restricted User:

    • On the Restricted entities page, search for the user you want to unblock. You can use the search box or sort by columns to find the user more easily.

  3. Unblock the User:

    • Select the checkbox next to the user's name and click the "Unblock" action.

    • In the Unblock user flyout, review the details and follow the recommendations to ensure that the account is secure.

    • Click "Next" and then "Submit" to unblock the user.

    Note: It usually takes up to one hour for the restrictions to be removed. In some cases, it might take up to 24 hours.

Method 2: Using Exchange Online PowerShell

  1. Connect to Exchange Online PowerShell:

    • Follow the instructions in Microsoft's documentation to connect to Exchange Online PowerShell.

  2. View Restricted Users:

    • Run the following command to see the list of restricted users:

      PowerShellCopy codeGet-BlockedSenderAddress
  3. Remove the User from the Restricted List:

    • To remove a specific user from the restricted list, run the following command:

      PowerShellCopy codeRemove-BlockedSenderAddress -SenderAddress <emailaddress>

For more detailed syntax and parameter information, you can refer to Microsoft's documentation on the Remove-BlockedSenderAddress command.

Verify Alert Settings

To ensure you're notified if a user is blocked in the future, verify that the alert policy named "User restricted from sending email" is enabled:

  1. Access Alert Policies:

    • In the Microsoft Defender portal, go to Email & collaboration > Policies & rules > Alert policy.

    • Locate the "User restricted from sending email" alert.

  2. Check the Alert Configuration:

    • Ensure that the alert is turned on and that the recipients are correctly configured.

By following these steps, you can resolve issues related to restricted users in Microsoft 365, ensuring that your emails are delivered without disruptions. Always remember to verify the security of the account before unblocking to prevent future problems.

If you have any questions or need further assistance, please reach out to your IT administrator or consult Microsoft's support documentation.

References links:

Happy Emailing 🥂

Did this answer your question?