Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Tip
For more information about limits in Exchange Online, see Exchange Online limits. The transport rule restrictions are also applicable when security features are added for on-premises mailbox customers. However, recipient rate and message rate limits for Exchange Online don't apply to add-ons for on-premises mailbox users.
The following limits currently exist for built-in security features for cloud mailboxes. These limits aren’t configurable unless specified otherwise.
Accepted domain limit - You can add up to 5000 accepted domains per tenant. Subdomains can be included in this 5000-limit, or if necessary, as part of a catch-all option, match subdomains. For more information, see Default email protections for cloud mailboxes.
Remote domain limit - You can add up to 200 remote domains per tenant.
Message size limit - For on-premises mailbox users, including attachments, the maximum message size that can be sent to add-ons is 150 MB.
Number of outbound messages sent - The limit for the number of outbound messages sent through built-in security features for cloud mailboxes is high enough to ensure that normal email communication isn’t treated as spam. If you want to send commercial bulk email messages, rather than sending outbound messages through built-in security features, we recommend that:
- You either use a third-party email service provider (ESP) or,
- You send them through your on-premises email servers.
Recipient limit - As long as the sending host can split the message into "chunks" of fewer than 500 recipients, no explicit limit is defined. However, each "chunk" is effectively treated as a new message. Too many messages in a short period, messages from a host with a poor reputation, or messages with questionable content could be throttled or blocked.
IP Allow or IP Block list limit - When configuring an IP allowlist or an IP blocklist in the connection filter, you can specify a maximum of 1273 entries, where an entry is either a single IP address or a CIDR (Classless Inter-Domain Routing) range of IP addresses from /24 to /32.
Message deferral limit - Messages in deferral remain in our queues for 24 hours. Message retry attempts are based on the error type received from the recipient's mail system. Messages are retried every 15 minutes.
Spam quarantine retention period - By default, spam messages sent to the quarantine are retained for 30 days. Administrators can lower this value via content filter policies.
End-user spam quarantine notifications - By default, if enabled, end-user spam quarantine notifications are sent every 3 days. They can be configured to be sent every 1 to 15 days.
Reporting and message trace limits - For reporting and message trace limits, see the Message trace in the Microsoft Defender portal.
Limits across EOP options
| Feature | Built-in security features for on-premises mailboxes add-on | Built-in security features for cloud mailboxes | Exchange Enterprise CAL with Services |
|---|---|---|---|
| Domain limit |
5000 |
5000 |
5000 |
| Remote Domain limit |
200 |
200 |
200 |
| Message size limit (including attachments) |
150 MB |
150 MB |
150 MB |
| Recipient limit |
See "Recipient limit" above |
500 recipients when sending from a hosted mailbox; see "Recipient limit" above for other scenarios |
See "Recipient limit" above |
| Safe sender limit |
1,024 entries |
1,024 entries |
|
| Blocked sender limit per policy |
1,024 entries |
1,024 entries |
|
| IP allowlist or IP blocklist limit |
1,273 entries |
1,273 entries |
1,273 entries |
| Message deferral limit |
1 day, retried every 15 minutes |
1 day, retried every 15 minutes |
1 day, retried every 15 minutes |
| Spam quarantine retention period |
30 days by default but can be lowered |
30 days by default but can be lowered |
30 days by default but can be lowered |
| End-user spam quarantine notifications |
3 days by default, configurable from 1 to 15 days |
3 days by default, configurable from 1 to 15 days |
3 days by default, configurable from 1 to 15 days |
Additional resources
Admin review for user reported messages
Admins can learn how to review messages that were reported by users and give them feedback.
Transition from Report Message or the Report Phishing add-ins
Learn how to transition from the Report Message or the Report Phishing add-ins for all versions of Outlook to the built-in Report button for all versions of Outlook.
Zero-hour auto purge in Microsoft Defender for Office 365
Zero-hour auto purge (ZAP) in all organizations with cloud mailboxes handles messages in mailboxes retroactively identified as spam, phishing, or malware.
Report phishing and suspicious emails in Outlook for admins
Learn how to report phishing and suspicious emails in supported versions of Outlook using the built-in Report button.
Report spam, non-spam, phishing, suspicious emails and files to Microsoft
How do I report a suspicious email or file to Microsoft? Report messages, URLs, email attachments, and files to Microsoft for analysis. Learn to report spam email and phishing emails.
Allow or block email using the Tenant Allow/BlockList
Admins can learn how to allow or block email and spoofed sender entries in the Tenant Allow/BlockList.
Manage allows and blocks in the Tenant Allow/BlockList
Learn about allow entries and block entries in the Tenant Allow/BlockList in Microsoft 365.
View Defender for Office 365 reports
Admins can learn how to find and use the Defender for Office 365 reports that are available in the Microsoft Defender portal.