How to Remove a User from the Restricted Entities List in Microsoft 365 Defender
When a mailbox sends an unusually high volume of email, Microsoft 365 automatically puts the account on a “Restricted entities” list to prevent spam. If a legitimate user—like User1—hits the default daily limit and you need to restore full mail flow, you can remove them from the list in minutes.
Why Users End Up on the Restricted Entities List
Microsoft’s anti-spam measures kick in when a user exceeds their daily sending limit. This limit protects your tenant reputation by throttling or blocking suspicious mail patterns. But it can also trap high-volume senders, automated systems, or marketing accounts.
Step-by-Step: Removing a User
- Go to the Microsoft 365 Defender portal:
https://security.microsoft.com - In the left menu, expand Email & collaboration.
- Click Review, then select Restricted entities.
- Or navigate directly to https://security.microsoft.com/restrictedentities
- Find User1 in the list.
- Select the checkbox next to their name.
- Click Remove at the top of the page.
User1 is immediately cleared from the restricted list and can resume sending mail up to the daily limit.
Quick Tips
- You can also remove users via Exchange Online PowerShell using the Remove-RestrictedSender cmdlet.
- Monitor sign-in and mail volume in the Reports section to spot recurring issues.
- Consider adjusting mail flow policies or splitting high-volume sends across multiple accounts if the problem repeats.
By regularly reviewing and managing the Restricted entities list, you keep legitimate senders flowing smoothly without compromising your tenant’s security.
