在 Office 365 中从“受限的用户”门户中删除被阻止的用户Remove blocked users from the Restricted Users portal in Office 365

重要

改进的 Microsoft 365 安全中心现已提供公共预览版。The improved Microsoft 365 security center is now available in public preview. 此新体验将 Defender for Endpoint、Defender for Office、365 Microsoft 365 Defender 等引入了 Microsoft 365 安全中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新增功能Learn what's new. 本主题可能同时适用于 Microsoft Defender for Office 365 和 Microsoft 365 Defender。This topic might apply to both Microsoft Defender for Office 365 and Microsoft 365 Defender. 请参阅 适用对象 部分,并查找本文中可能存在差异的特定标注。Refer to the Applies To section and look for specific call-outs in this article where there might be differences.

适用对象Applies to

如果某用户超过服务限制出站垃圾邮件策略中指定的出站发送限制之一,此用户就会被限制发送电子邮件,但仍可以接收电子邮件。If a user exceeds one of the outbound sending limits as specified in the service limits or in outbound spam policies, the user is restricted from sending email, but they can still receive email.

此用户会被添加到安全与合规中心内的“受限用户”门户。The user is added to the Restricted Users portal in the Security & Compliance Center. 如果此用户试图发送电子邮件,邮件就会以未送达报告(亦称为“NDR”或“退回邮件”)形式返回,并显示错误代码 5.1.8 和以下文本:When they try to send email, the message is returned in a non-delivery report (also known as an NDR or bounce messages) with the error code 5.1.8 and the following text:

“你的邮件无法送达,因为系统认为你不是有效的发件人。"Your message couldn't be delivered because you weren't recognized as a valid sender. 这种情形最常见的原因是怀疑你的电子邮件地址正在发送垃圾邮件,且不再允许它发送电子邮件。The most common reason for this is that your email address is suspected of sending spam and it's no longer allowed to send email. 请联系电子邮件管理员获取帮助。Contact your email admin for assistance. 远程服务器返回“550 5.1.8 拒绝访问,错误出站发件人”。Remote Server returned '550 5.1.8 Access denied, bad outbound sender."

管理员可以从安全与合规中心内的“受限的发件人”门户中或使用 Exchange Online PowerShell 删除用户。Admins can remove users from the Restricted Senders portal in the Security & Compliance Center or in Exchange Online PowerShell.

开始前,有必要了解什么?What do you need to know before you begin?

  • 安全与合规中心的打开网址为 https://protection.office.com/You open the Security & Compliance Center at https://protection.office.com/. 若要直接转到“受限的用户”页,请访问 https://protection.office.com/restrictedusersTo go directly to the Restricted Users page, use https://protection.office.com/restrictedusers.

  • 若要连接到 Exchange Online PowerShell,请参阅连接到 Exchange Online PowerShellTo connect to Exchange Online PowerShell, see Connect to Exchange Online PowerShell.

  • 在 Exchange Online 网站中 分配 权限,才能执行本文中的步骤:You need to be assigned permissions in Exchange Online before you can do the procedures in this article:

    • 若要从受限用户门户中删除用户,需要成为 组织管理人员安全管理员 角色组的成员。To remove users from the Restricted Users portal, you need to be a member of the Organization Management or Security Administrator role groups.
    • 若要获得对受限用户门户的只读访问权限,必须成为 全球读者安全读者 角色组的成员。For read-only access to the Restricted Users portal, you need to be a member of the Global Reader or Security Reader role groups.

    有关详细信息,请参阅 Exchange Online 中权限For more information, see Permissions in Exchange Online.

    备注

    • 在 Microsoft 365 管理中心将用户添加到相应的 Azure Active Directory 角色后,将为用户提供所需的权限 Microsoft 365 中其他功能的所需权限。Adding users to the corresponding Azure Active Directory role in the Microsoft 365 admin center gives users the required permissions and permissions for other features in Microsoft 365. 有关详细信息,请参阅 关于管理员角色For more information, see About admin roles.

    • Exchange Online 中的 仅查看组织管理人员 角色组也提供到该功能的只读访问。The View-Only Organization Management role group in Exchange Online also gives read-only access to the feature.

  • 发件人超过出站电子邮件限制是帐户遭到入侵的标志。A sender exceeding the outbound email limits is an indicator of a compromised account. 请务必先按照必需步骤操作来重新获得对帐户的控制,再从“受限的用户”门户中删除用户。Before you remove the user from the Restricted Users portal, be sure to follow the required steps to regain control of their account. 有关详细信息,请参阅在 Office 365 中响应遭入侵的电子邮件帐户For more information, see Responding to a compromised email account in Office 365.

使用安全与合规中心从“受限的用户”列表中删除用户Use the Security & Compliance Center to remove a user from the Restricted Users list

  1. 在安全与合规中心内,依次转到“威胁管理”>“审阅”>“受限的用户”。In the Security & Compliance Center, go to Threat management > Review > Restricted users.

  2. 查找并选择要取消阻止的用户。Find and select the user that you want to unblock. 在“操作”列中,单击“取消阻止”。In the Actions column, click Unblock.

  3. 一个飞出窗口将转到有关其发送受限的帐户的详细信息。A fly-out will go into the details about the account whose sending is restricted. 应按照建议进行操作,确保在帐户实际遭到破坏的情况下采取适当的措施。You should go through the recommendations to ensure you're taking the proper actions in case the account is actually compromised. 完成后,单击 “下一步”Click Next when done.

  4. 下一个屏幕包含可帮助防止以后遭到破坏的建议。The next screen has recommendations to help prevent future compromise. 启用多重身份验证 (MFA) 和更改密码是一种很好的防御措施。Enabling multi-factor authentication (MFA) and changing the passwords are a good defense. 完成后,单击 “解锁用户”Click Unblock user when done.

  5. 单击 “是” 确认更改。Click Yes to confirm the change.

    备注

    从用户中删除所有限制可能需要多达 24 小时。It might take up to 24 hours for all restrictions to be removed from the user.

验证用于受限的用户的警报设置Verify the alert settings for restricted users

默认警报策略“被限制发送电子邮件的用户”会在用户被阻止发送出站邮件时自动通知管理员。The default alert policy named User restricted from sending email will automatically notify admins when users are blocked from sending outbound mail. 可以验证这些设置,并添加其他要通知的用户。You can verify these settings and add additional users to notify. 若要详细了解警报策略,请参阅安全与合规中心内的警报策略For more information about alert policies, see Alert policies in the security and compliance center.

重要

必须启用审核日志搜索,这样警报才能正常运行。For alerts to work, audit log search must to be turned on. 有关详细信息,请参阅启用或禁用审核日志搜索For more information, see Turn the audit log search on or off.

  1. 在安全与合规中心内,依次转到“警报”>“警报策略”。In the Security & Compliance Center, go to Alerts > Alert policies.

  2. 查找并选择 发送电子邮件受限用户 警报。Find and select the User restricted from sending email alert.

  3. 在随即显示的浮出控件中,验证或配置下列设置:In the flyout that appears, verify or configure the following settings:

    • 状态:验证此警报是否已启用 开关打开Status: Verify the alert is turned on Toggle on.

    • 电子邮件收件人:单击“编辑”,然后在随即显示的“编辑收件人”浮出控件中验证或配置下列设置:Email recipients: Click Edit and verify or configure the following settings in the Edit recipients flyout that appears:

      • 发送电子邮件通知:验证此复选框是否已选中(“开”)。Send email notifications: Verify the check box is selected (On).

      • 电子邮件收件人:默认值为“TenantAdmins”(表示“全局管理员”成员)。Email recipients: The default value is TenantAdmins (meaning, Global admin members). 若要添加其他收件人,请单击此框的空白区域。To add more recipients, click in a blank area of the box. 此时,收件人列表会显示,你可以键入名称来筛选并选择收件人。A list of recipients will appear, and you can start typing a name to filter and select a recipient. 若要从此框中删除现有收件人,请单击其名称旁边的 “删除”图标可。You can remove an existing recipient from the box by clicking Remove icon next to their name.

      • 每日通知限制:默认值为“无限制”,但你可以选择每日通知数上限。Daily notification limit: The default value is No limit but you can select a limit for the maximum number of notifications per day.

      完成时,请单击“保存”。When you're finished, click Save.

  4. 返回到“被限制发送电子邮件的用户”浮出控件,单击“关闭”。Back on the User restricted from sending email flyout, click Close.

使用 Exchange Online PowerShell 查看和删除“受限的用户”列表中的用户Use Exchange Online PowerShell to view and remove users from the Restricted Users list

若要查看被限制发送电子邮件的用户列表,请运行以下命令:To view this list of users that are restricted from sending email, run the following command:

Get-BlockedSenderAddress

若要查看特定用户的详细信息,请将 <emailaddress> 替换为相应用户的电子邮件地址,并运行以下命令:To view details about a specific user, replace <emailaddress> with their email address and run the following command:

Get-BlockedSenderAddress -SenderAddress <emailaddress>

若要详细了解语法和参数,请参阅 Get-BlockedSenderAddressFor detailed syntax and parameter information, see Get-BlockedSenderAddress.

若要从“受限的用户”列表中删除用户,请将 <emailaddress> 替换为相应用户的电子邮件地址,并运行以下命令:To remove a user from the Restricted Users list, replace <emailaddress> with their email address and run the following command:

Remove-BlockedSenderAddress -SenderAddress <emailaddress>

若要详细了解语法和参数,请参阅 Remove-BlockedSenderAddressFor detailed syntax and parameter information, see Remove-BlockedSenderAddress.