Microsoft Exchange Online to limit bulk emails to external recipients from Jan 2025, 2K per day

Reading time icon 2 min. read

Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

Key notes

  • Starting January 2025, Exchange Online limits emails to external recipients at 2,000 per day to prevent abuse.
  • The limit applies to new tenants in Jan 2025 and existing ones by July-Dec 2025.
  • Total recipient limit remains 10,000, as long as external recipients are under 2,000.

Microsoft users who use Exchange Online for mass communication will need to change their plans, as the company announced a new limit on emails sent to external recipients.

In a recent blog post, Microsoft explained that Exchange Online was not designed for high-volume transactional emails. To address this and to have fair use of resources, they’re implementing a new policy that restricts the number of external recipients per day.

Starting January 1, 2025, a limit of 2,000 external recipients per 24 hours will be implemented. This policy will be rolled out in two phases:

  • Phase 1 (January 1, 2025): This initial phase applies the limit to cloud-hosted mailboxes of all newly created tenants.
  • Phase 2 (July-December 2025): The second phase expands the limit to existing cloud-hosted mailboxes.

The overall recipient limit of 10,000 per day remains unchanged. This means users can still send emails to a total of 10,000 recipients within a 24-hour period as long as the number of external recipients stays below 2,000.

For organizations with legitimate needs for high-volume email campaigns exceeding the new limit, Microsoft recommends transitioning to Azure Communication Services for Email. This service offers plans that can handle millions of emails per month, made specifically for bulk communication needs.

In related news, earlier this month, The Department of Homeland Security (DHS) unveiled a report showing a big security lapse by Microsoft that led to a cyberattack on its Exchange Online platform in July 2023. The report, made by the Cyber Safety Review Board (CSRB), shows flaws in Microsoft’s security practices and outlines recommendations for the company and the cloud service industry as a whole.

More here.