Share via

First contact safety tip for migrated mailboxes

Peter 120 Reputation points
2025-01-26T16:13:49.7666667+00:00

Hi

We are migrating mailboxes from Exchange onprem to Exchange Online.
We also configured the "First contact safety tip", as this is recommended.

Our problem now is, that users are complaining, that the banner "You don't often get Emails from" is added for almost every external sender, although they are sending and receiving emails for years with these senders. They say that they are going to ignore this banner, because it doesn't seem serious.

Is that by design, because for Exchange Online the migrated mailbox is a new recipient, and of course every sender sends emails for the first time to this recipient via EXO?

What is the best practice for this mail tip when migrating to Exchange Online?

Regards
Peter

Microsoft Exchange Online
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,702 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 151.6K Reputation points MVP
    2025-01-26T16:24:59.17+00:00

    Yea I think enabling this now, after the migration is what is causing this. It will prob take some time to "teach" Defender and they should stop once the users have regular correspondence history built up in ExO.

  2. Jake Zhang-MSFT 8,400 Reputation points Microsoft Vendor
    2025-01-27T09:10:40.3733333+00:00

    Hi @Peter,

    Welcome to the Microsoft Q&A platform!

    Yes, the behavior you're describing is due to the fact that when you migrate mailboxes from Exchange on-premises to Exchange Online, the mailboxes are treated as new recipients in Exchange Online. As a result, the "First contact safety tip" is triggered for external senders who have been communicating with the users for years, because the system treats the recipients as unfamiliar with those contacts.

    Here are some best practices to manage this issue when migrating to Exchange Online:

    1. Inform users about the reason behind this behavior and assure them that it will eventually subside as the system learns their email habits and establishes familiarity with frequently contacted external senders.
    2. If there are specific external domains or email addresses that are frequently used and trusted, you can whitelist them to bypass the safety tip. This can be done through the Exchange Online Protection (EOP) or Advanced Threat Protection (ATP) policies.
    3. Adjust Safety Tip Settings:
    • Navigate to the Security & Compliance Center in the Microsoft 365 admin center.
    • Go to Threat management > Policy > ATP Anti-Phishing.
    • Edit the policy settings to adjust the threshold or disable the "First contact safety tip" temporarily if it becomes too disruptive, and re-enable it gradually after a period of adjustment.
    1. Continuously monitor feedback from users and adjust policies as necessary. Over time, users' interaction history will build up, and the safety tips will become more accurate and less frequent for familiar contacts.

    By using a combination of these strategies, you should be able to mitigate the disruption caused by the "First contact safety tip" during the migration process.

    Please feel free to contact me for any updates. And if this helps, don't forget to mark it as an answer.

    Best,

    Jake Zhang

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.