Recently, Microsoft announced a policy change regarding external email sending from the "onmicrosoft.com" domain (referred to as the MOERA domain in the announcement article below) initially set in Microsoft 365 tenants, aimed at improving email security and delivery reliability.
We perceive this policy change as part of a security enhancement to prevent the misuse of the "onmicrosoft.com" domain and reduce the risk of your emails being mistakenly identified as spam.
Many customers use custom domains in their Microsoft 365 tenants, so there is no direct impact on services due to this change.
However, if the "onmicrosoft.com" domain is used as the sender in certain settings (specific email flows or applications), it may affect future email delivery.
1. Overview of Microsoft's Announcement
- Source of Announcement
Limiting .onmicrosoft Domain Usage for Sending Emails (Microsoft Tech Community)
(Announcement article publication date: August 21, 2025) - Effective Date
Gradually applied from October 15, 2025 (Wednesday) - Restriction Details
From October 15, 2025 (Wednesday), email sending from the "onmicrosoft.com" domain will be limited to 100 external recipients per organization every 24 hours.
It is not recommended to use the "onmicrosoft.com" domain for regular email sending, and if the limit is exceeded, emails cannot be sent externally.
※ Please refer to the article above for details.
2. Impact on HENNGE One Environment and Default Domain
The "onmicrosoft.com" domain is typically used for SRS (Sender Rewriting Scheme) forwarding.
※ For other usage purposes, please contact Microsoft or your Microsoft 365 provider.
Sender Rewriting Scheme (SRS) in Microsoft 365
This SRS forwarding is a mechanism where Exchange Online temporarily rewrites the sender address to prevent automatically forwarded emails from being mistakenly identified as spam by the recipient.
The "default domain" on the Microsoft 365 side is used for this rewriting.
If the restriction is applied as is, email sending via SRS forwarding will be subject to the restriction, potentially causing unintended email delivery errors (NDR).
【Particularly Important Points】
If you wish to continue automatic forwarding after the email sending restriction is applied, you need to change the [default domain] in Microsoft 365 to a custom domain other than "onmicrosoft.com".
However, please note the following two points as per Microsoft 365 specifications.
- The domain set as the [default domain] cannot be configured for federation.
- Domains federated with external services such as HENNGE One cannot be set as the default domain in Microsoft 365.
3. Requests and Precautions for Customers
In light of the above specifications, we kindly ask for your understanding and cooperation regarding the [default domain] settings as follows.
- Please consider the necessity of changes
Please consider and decide whether to change the [default domain] to a custom domain based on your current operations and future plans. - Confirmation and response to impacts
When changing the [default domain], please confirm in advance that there will be no impact on your environment, and in case of any issues, please handle the response (such as recovery work) on your side. - Please contact us when changing domain settings
If you add a domain to your Microsoft 365 environment based on this announcement from Microsoft, please be sure to contact our support desk.
We will conduct confirmation and necessary setting adjustments on our side based on the domain name you provide.
I want to add a domain in use
As per Microsoft's specifications, the domain set as the [default domain] cannot be configured for federation with Microsoft Entra ID (formerly Azure AD) and third-party IdPs (ID providers) including our HENNGE Access Control.
Therefore, even if you have multiple custom domains, you need to prepare a domain not used for federation separately and set it as the [default domain].
※ This content is based on information from Microsoft 365.
※ This content may be updated if there are updates to the announcement from Microsoft or changes in product specifications.