Exchange Online Mail Flow Disruption: onmicrosoft.com Outbound and Direct Send Changes
Microsoft's upcoming Exchange Online service changes will impact tenants sending outbound mail via the default onmicrosoft.com domain and those relying on Direct Send for inbound routing. The Change Optics Report, available in public preview within the Exchange Admin Center, proactively surfaces affected mail flows before enforcement occurs. Administrators must identify impacted senders, reconfigure outbound connectors to use verified custom domains, and migrate Direct Send sources to SMTP AUTH or an approved relay method to prevent post-enforcement mail flow failures.
Indicators
- Outbound emails being sent from the default onmicrosoft.com domain instead of a verified custom domain
- Incoming mail arriving via Direct Send configuration from on-premises devices, printers, or applications
- Tenant listed in the Change Optics Report as having affected outbound or inbound mail traffic
- Mail flow failures or rejections occurring after Microsoft enforces the service changes
- Applications or devices configured to use Direct Send to route mail through Exchange Online
Likely causes
- Outbound mail connectors or applications configured to send from the default onmicrosoft.com domain rather than a verified custom domain
- Printers, scanners, or line-of-business applications using Direct Send to deliver mail through Exchange Online
- Legacy mail flow configurations not reviewed or updated ahead of Microsoft enforcement deadlines
- Insufficient visibility into which mail flows are non-compliant prior to enforcement
Diagnostic steps
-
Sign in to the Exchange Admin Center (EAC) at https://admin.exchange.microsoft.com
-
Navigate to the Change Optics Report section within the EAC (currently available in public preview) to view all mail flows identified as impacted by upcoming service changes
-
Review the report for outbound mail identified as being sent from the default onmicrosoft.com domain and record the sending sources (applications, connectors, or services)
-
Review the report for incoming Direct Send traffic and identify all responsible devices, applications, or services by IP address or hostname where possible
-
Use Message Trace in the EAC to correlate Change Optics findings with actual sent/received messages to confirm scope and volume of affected traffic
-
For each affected outbound mail source, reconfigure the sending application or connector to use a verified custom domain as the sender address instead of the onmicrosoft.com domain
-
For each Direct Send source, migrate the configuration to SMTP client submission (SMTP AUTH on port 587) or a Microsoft 365 SMTP relay connector compliant with upcoming requirements
-
Re-check the Change Optics Report after making changes to confirm the previously flagged mail flows are no longer listed as affected
-
Run message traces post-change to validate that mail is flowing correctly from reconfigured sources with no delivery failures
Resolution path
- Sign in to the Exchange Admin Center and open the Change Optics Report (public preview)
- Identify all outbound mail flows flagged as using the default onmicrosoft.com domain
- Reconfigure each affected sender or connector to use a verified custom domain for outbound mail
- Identify all incoming Direct Send traffic sources listed in the report
- Migrate Direct Send sources to SMTP AUTH (port 587) or an approved Microsoft 365 SMTP relay connector
- Re-review the Change Optics Report to confirm all flagged flows have been remediated
- Run message traces to validate correct mail flow from all reconfigured sources
- Monitor mail flow after Microsoft enforces the service change to confirm no disruption occurs
Prevention
- Regularly audit mail flow connectors and sender configurations to ensure custom domains are used for all outbound mail
- Avoid configuring devices, printers, or applications to use Direct Send; standardise on SMTP AUTH or Microsoft 365 SMTP relay
- Subscribe to Microsoft 365 Message Center notifications to receive advance warning of upcoming service changes affecting mail flow
- Maintain a documented inventory of all applications, printers, and devices sending mail through Exchange Online, including their send method and authentication
- Periodically review the Change Optics Report during and after its preview period to catch non-compliant mail flows early
- Establish a mail flow change management process that validates connector and sender configurations against current Microsoft compliance requirements before enforcement deadlines
Tools
- Exchange Admin Center (EAC) - https://admin.exchange.microsoft.com
- Change Optics Report (EAC, public preview)
- Message Trace (EAC) - for validating mail flow before and after changes
- Microsoft 365 Admin Center - for Message Center service change notifications
- PowerShell with Exchange Online Management module - for reviewing and updating send connectors