New High-Severity Alert Sounds
Although Microsoft didn’t issue a message center notification, documentation created on March 23 explains that the Domain Expiring Soon insight would soon appear in the (new) Exchange Online admin center (EAC). Someone must have pressed the switch to allow the new insight to surface because several people asked why they received a high-severity alert message from Office 365 on April 14. I received a notification for one of the domains registered to my tenant (Figure 1).
Insights for Accepted Domains
When you add a domain to Office 365 (through Domains under Settings in the Microsoft 365 admin center), it becomes known as an accepted domain. Users can receive email addresses using the domain and use the address to send and receive email. Making sure that the list of accepted domains is valid, and that the configuration of each domain is correct are important to ensure mail flow.
Insights are automated checks performed by Microsoft intended to detect potential issues early. In this instance, a mail flow insight looks for domains due to expire soon. The insight creates alerts at 90, 60, and 30 days before a domain expires and emails the alerts to tenant administrators. Alerts are also available in EAC under Mail Flow, where I found the information shown in Figure 2.
The same information is available in the Alerts section of the Security and Compliance Center, where you can also see details of the alerts policy used to generate the notification (Figure 3). This is a system alert policy, so you can only modify settings like the daily notification limit and whether to send notifications by email.
The correct action when you receive one of these notifications is to check the highlighted domain and renew it if you want to keep using the domain with Exchange Online. If you don’t want to keep the domain, remove it from the set of accepted domains for the tenant.
Debugging the Expiring Domain Alert
The alert sounded because Exchange Online detected that the microsoft365itpros.com domain was due to expire on April 14, 2021. To verify the information, I checked the domain details with WHOIS by using the URL https://www.whois.com/whois/microsoft365itpros.com (replace my domain name with yours to run a WHOIS check against your domain). The results showed that the expiration date for the domain is 14 April 2022.
Domain Name: microsoft365itpros.com Registry Domain ID: 2514604691_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.sawbuck.com Registrar URL: http://www.automattic.com/ Updated Date: 2021-03-15T11:54:11Z Creation Date: 2020-04-14T11:26:21Z Registrar Registration Expiration Date: 2022-04-14T11:26:21Z
Why the year difference between the data reported by Exchange Online and WHOIS? Well, I use WordPress to host and manage my domain registrations and have automatic renewal enabled. It seems like the data used by Exchange Online was a little old. The WHOIS record says that the last update for the domain was March 15, 2021, which is when I approved the request from WordPress to renew. At that time, the domain was certainly within the 30-day lookahead period to detect potential expirations, so the notification is still good. It’s never bad to be cautious about preventing problems which could stop email flowing.