{"id":14791,"date":"2026-02-03T09:01:58","date_gmt":"2026-02-03T00:01:58","guid":{"rendered":"https:\/\/m365jp.net\/?p=14791"},"modified":"2026-02-03T09:06:12","modified_gmt":"2026-02-03T00:06:12","slug":"mc1226222-prevent-fix-guidance-for-on-premises-connectors-configuration","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2026-02-03-mc1226222-prevent-fix-guidance-for-on-premises-connectors-configuration","title":{"rendered":"MC1226222 | Prevent\/Fix: Guidance for On-Premises Connectors Configuration"},"content":{"rendered":"
\n
\n
\n\n\n\n
MC1226222 | Prevent\/Fix: Guidance for On-Premises Connectors Configuration<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n\n\n\n\n\n\n\n\n
Classification<\/th>\npreventOrFixIssue<\/td>\n<\/tr>\n
Last Updated<\/th>\n02\/02\/2026 23:47:44<\/td>\n<\/tr>\n
Start Time<\/th>\n02\/02\/2026 23:47:07<\/td>\n<\/tr>\n
End Time<\/th>\n06\/30\/2026 07:00:00<\/td>\n<\/tr>\n
Message Content<\/th>\n\n

We are reiterating the guidance for connector settings to ensure customers are using healthy configurations. The key problematic configurations we are seeing are: <\/p>\n

    \n
  1. When a tenant has an Inbound connector of type OnPremises and the connector does certificate-based authentication using a certificate with a subject\/SAN for a domain that is NOT an Accepted Domain of the tenant. <\/li>\n
  2. When a tenant has an Inbound connector of type OnPremises and the connector does IP-based authentication, but the IP is used by other tenants. <\/li>\n<\/ol>\n

    These anti-patterns typically occur when you are using a 3rd party service to relay email through Exchange Online but could also occur if your organization has a single on-premises Exchange Server connecting to multiple Exchange Online tenants. <\/p>\n

    These configurations can cause incorrect mail flow because Exchange Online is a multi tenant service and relies on message attribution to determine which tenant an incoming message belongs to. When messages are received through an Inbound connector of type OnPremises, attribution is determined using the following priority order: <\/p>\n

      \n
    1. The domain on the TLS certificate presented by the sending server <\/li>\n
    2. The P1 MailFrom (envelope sender) domain<\/li>\n
    3. The P1 RcptTo (recipient) domain<\/li>\n<\/ol>\n

      [How this will affect your organization:] <\/p>\n

      We may perform internal changes, such as tenant moves, without notice, which can impact mail flow if a tenant has a bad connector configuration. This means a misconfigured connector that works today may unexpectedly stop working. <\/p>\n

      [What you need to do to prepare:] <\/p>\n

      If you have a single on-premises Exchange Server connecting to multiple Exchange Online tenants, your on-premises Exchange environment must use a unique client certificate to send to each unique Exchange Online tenant belonging to your organization. You must configure a unique Send Connector on-premises for each unique tenant in Exchange Online that you want to route on-premises traffic to: Send connectors in Exchange Server | Microsoft Learn<\/a>. You should also prioritize configuring Inbound connectors of type OnPremises in Exchange Online to use certificate-based authentication, rather than IP based . For best performance, Exchange Online tenants Inbound connector\u2019s should reference the unique client certificate dedicated for that connector path. <\/p>\n

      If you need to use a third-party add-on service to process email messages sent from your organization and then relay through Exchange Online, the third-party service must support a unique certificate for your organization, and the certificate domain (in Subject name or SAN) must be an accepted domain of your organization. In addition, you must update your Inbound connector of OnPremises type to use the unique certificate domain, via property TlsSenderCertificateName. An example of this scenario is your organization using a third-party CRM cloud service to send emails on behalf your organization to mailboxes of your company or other external users. To learn more, see Scenario: Integrate Exchange Online with an email add-on service<\/a>.<\/p>\n<\/td>\n<\/tr>\n

Machine Translation<\/th>\n\n

\u304a\u5ba2\u69d8\u304c\u5065\u5168\u306a\u69cb\u6210\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u3053\u3068\u3092\u78ba\u8a8d\u3059\u308b\u305f\u3081\u3001\u30b3\u30cd\u30af\u30bf\u8a2d\u5b9a\u306e\u30ac\u30a4\u30c0\u30f3\u30b9\u3092\u7e70\u308a\u8fd4\u3057\u307e\u3059\u3002\u79c1\u305f\u3061\u304c\u898b\u3066\u3044\u308b\u4e3b\u306a\u554f\u984c\u70b9\u69cb\u6210\u306f\u4ee5\u4e0b\u306e\u901a\u308a\u3067\u3059:<\/p>\n

    \n
  1. \u30c6\u30ca\u30f3\u30c8\u306bOnPremises\u578b\u306eInbound\u30b3\u30cd\u30af\u30bf\u304c\u3042\u308a\u3001\u305d\u306e\u30b3\u30cd\u30af\u30bf\u304c\u30c6\u30ca\u30f3\u30c8\u306eAccepted Domain\u3067\u306a\u3044\u30c9\u30e1\u30a4\u30f3\u306e\u4e3b\u4f53\/SAN\u4ed8\u304d\u8a3c\u660e\u66f8\u3092\u4f7f\u3063\u3066\u8a3c\u660e\u66f8\u30d9\u30fc\u30b9\u8a8d\u8a3c\u3092\u884c\u3046\u5834\u5408\u3001<\/li>\n
  2. \u30c6\u30ca\u30f3\u30c8\u306bOnPremises\u30bf\u30a4\u30d7\u306e\u30a4\u30f3\u30d0\u30a6\u30f3\u30c9\u30b3\u30cd\u30af\u30bf\u304c\u3042\u308a\u3001\u305d\u306e\u30b3\u30cd\u30af\u30bf\u304cIP\u30d9\u30fc\u30b9\u306e\u8a8d\u8a3c\u3092\u884c\u3063\u3066\u3044\u308b\u304c\u3001\u305d\u306eIP\u304c\u4ed6\u306e\u30c6\u30ca\u30f3\u30c8\u306b\u5229\u7528\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u3002<\/li>\n<\/ol>\n

    \u3053\u308c\u3089\u306e\u30a2\u30f3\u30c1\u30d1\u30bf\u30fc\u30f3\u306f\u901a\u5e38\u3001Exchange Online\u3092\u901a\u3058\u3066\u7b2c\u4e09\u8005\u30b5\u30fc\u30d3\u30b9\u3092\u5229\u7528\u3057\u3066\u30e1\u30fc\u30eb\u3092\u4e2d\u7d99\u3057\u3066\u3044\u308b\u5834\u5408\u306b\u767a\u751f\u3057\u307e\u3059\u304c\u3001\u7d44\u7e54\u5185\u306e\u5358\u4e00\u306e\u30aa\u30f3\u30d7\u30ec\u30df\u30b9Exchange\u30b5\u30fc\u30d0\u30fc\u304c\u8907\u6570\u306eExchange Online\u30c6\u30ca\u30f3\u30c8\u306b\u63a5\u7d9a\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u306b\u3082\u8d77\u3053\u308a\u5f97\u307e\u3059\u3002<\/p>\n

    \u3053\u308c\u3089\u306e\u69cb\u6210\u306f\u3001Exchange Online\u304c\u30de\u30eb\u30c1\u30c6\u30ca\u30f3\u30c8\u30b5\u30fc\u30d3\u30b9\u3067\u3042\u308a\u3001\u53d7\u4fe1\u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u30c6\u30ca\u30f3\u30c8\u3092\u3069\u306e\u30c6\u30ca\u30f3\u30c8\u306b\u5c5e\u3059\u308b\u304b\u3092\u5224\u65ad\u3059\u308b\u305f\u3081\u306b\u30e1\u30c3\u30bb\u30fc\u30b8\u306e\u5e30\u5c5e\u306b\u4f9d\u5b58\u3057\u3066\u3044\u308b\u305f\u3081\u3001\u8aa4\u3063\u305f\u30e1\u30fc\u30eb\u30d5\u30ed\u30fc\u3092\u5f15\u304d\u8d77\u3053\u3059\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002OnPremises\u30bf\u30a4\u30d7\u306eInbound\u30b3\u30cd\u30af\u30bf\u3092\u901a\u3058\u3066\u30e1\u30c3\u30bb\u30fc\u30b8\u304c\u53d7\u4fe1\u3055\u308c\u305f\u5834\u5408\u3001\u5e30\u5c5e\u306f\u4ee5\u4e0b\u306e\u512a\u5148\u9806\u4f4d\u3067\u6c7a\u5b9a\u3055\u308c\u307e\u3059:<\/p>\n

      \n
    1. \u9001\u4fe1\u30b5\u30fc\u30d0\u30fc\u304c\u63d0\u793a\u3059\u308bTLS\u8a3c\u660e\u66f8\u306e\u30c9\u30e1\u30a4\u30f3<\/li>\n
    2. P1 MailFrom(\u5c01\u7b52\u9001\u4fe1\u8005)\u30c9\u30e1\u30a4\u30f3<\/li>\n
    3. P1 RcptTo(\u53d7\u4fe1\u8005)\u30c9\u30e1\u30a4\u30f3<\/li>\n<\/ol>\n

      [\u3053\u308c\u304c\u3042\u306a\u305f\u306e\u7d44\u7e54\u306b\u3069\u306e\u3088\u3046\u306a\u5f71\u97ff\u3092\u4e0e\u3048\u308b\u304b:]<\/p>\n

      \u30c6\u30ca\u30f3\u30c8\u306e\u79fb\u52d5\u306a\u3069\u5185\u90e8\u5909\u66f4\u3092\u4e88\u544a\u306a\u3057\u306b\u884c\u3046\u3053\u3068\u304c\u3042\u308a\u3001\u30b3\u30cd\u30af\u30bf\u69cb\u6210\u304c\u60aa\u3044\u5834\u5408\u306b\u90f5\u4fbf\u306e\u6d41\u308c\u306b\u5f71\u97ff\u3092\u53ca\u307c\u3059\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002\u3064\u307e\u308a\u3001\u4eca\u65e5\u52d5\u4f5c\u3057\u3066\u3044\u308b\u8aa4\u3063\u305f\u63a5\u7d9a\u304c\u3001\u4e88\u671f\u305b\u305a\u6a5f\u80fd\u3057\u306a\u304f\u306a\u308b\u53ef\u80fd\u6027\u304c\u3042\u308b\u3068\u3044\u3046\u3053\u3068\u3067\u3059\u3002<\/p>\n

      [\u6e96\u5099\u306e\u305f\u3081\u306b\u3084\u308b\u3079\u304d\u3053\u3068:]<\/p>\n

      \u5358\u4e00\u306e\u30aa\u30f3\u30d7\u30ec\u30df\u30b9Exchange Server\u304c\u8907\u6570\u306eExchange Online\u30c6\u30ca\u30f3\u30c8\u306b\u63a5\u7d9a\u3055\u308c\u3066\u3044\u308b\u5834\u5408\u3001\u30aa\u30f3\u30d7\u30ec\u30df\u30b9\u306eExchange\u74b0\u5883\u306f\u7d44\u7e54\u306b\u5c5e\u3059\u308b\u5404\u30e6\u30cb\u30fc\u30af\u306aExchange Online\u30c6\u30ca\u30f3\u30c8\u306b\u56fa\u6709\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3092\u9001\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002Exchange Online\u3067\u30aa\u30f3\u30d7\u30ec\u30df\u30b9\u30c8\u30e9\u30d5\u30a3\u30c3\u30af\u3092\u30eb\u30fc\u30c6\u30a3\u30f3\u30b0\u3057\u305f\u3044\u5404\u30e6\u30cb\u30fc\u30af\u306a\u30c6\u30ca\u30f3\u30c8\u3054\u3068\u306b\u3001\u56fa\u6709\u306eSend Connector on-preman\u3092\u8a2d\u5b9a\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059: Exchange Server\u3067Send connectors |Microsoft Learn<\/a>\u3002\u307e\u305f\u3001Exchange Online\u306eOnPremises\u30bf\u30a4\u30d7\u306e\u30a4\u30f3\u30d0\u30a6\u30f3\u30c9\u30b3\u30cd\u30af\u30bf\u3092\u3001IP\u30d9\u30fc\u30b9\u306e\u8a8d\u8a3c\u3067\u306f\u306a\u304f\u8a3c\u660e\u66f8\u30d9\u30fc\u30b9\u306e\u8a8d\u8a3c\u3092\u512a\u5148\u7684\u306b\u8a2d\u5b9a\u3059\u3079\u304d\u3067\u3059\u3002\u6700\u9ad8\u306e\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u3092\u5f97\u308b\u305f\u3081\u306b\u3001Exchange Online\u306e\u30c6\u30ca\u30f3\u30c8\u306e\u30a4\u30f3\u30d0\u30a6\u30f3\u30c9\u30b3\u30cd\u30af\u30bf\u306f\u3001\u305d\u306e\u30b3\u30cd\u30af\u30bf\u30d1\u30b9\u5c02\u7528\u306e\u56fa\u6709\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3092\u53c2\u7167\u3059\u3079\u304d\u3067\u3059\u3002<\/p>\n

      \u7d44\u7e54\u304b\u3089\u9001\u4fe1\u3055\u308c\u305f\u30e1\u30fc\u30eb\u3092\u51e6\u7406\u3057\u3001Exchange Online\u7d4c\u7531\u3067\u4e2d\u7d99\u3059\u308b\u305f\u3081\u306b\u30b5\u30fc\u30c9\u30d1\u30fc\u30c6\u30a3\u306e\u30a2\u30c9\u30aa\u30f3\u30b5\u30fc\u30d3\u30b9\u3092\u5229\u7528\u3059\u308b\u5834\u5408\u3001\u305d\u306e\u30b5\u30fc\u30c9\u30d1\u30fc\u30c6\u30a3\u30b5\u30fc\u30d3\u30b9\u306f\u7d44\u7e54\u56fa\u6709\u306e\u8a3c\u660e\u66f8\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u3001\u8a3c\u660e\u66f8\u30c9\u30e1\u30a4\u30f3(\u4ef6\u540d\u307e\u305f\u306fSAN)\u306f\u7d44\u7e54\u3067\u627f\u8a8d\u3055\u308c\u3066\u3044\u308b\u30c9\u30e1\u30a4\u30f3\u3067\u306a\u3051\u308c\u3070\u306a\u308a\u307e\u305b\u3093\u3002\u3055\u3089\u306b\u3001OnPress\u30bf\u30a4\u30d7\u306eInbound\u30b3\u30cd\u30af\u30bf\u3092TlsSenderCertificateName\u30d7\u30ed\u30d1\u30c6\u30a3\u3092\u901a\u3058\u3066\u56fa\u6709\u306e\u8a3c\u660e\u66f8\u30c9\u30e1\u30a4\u30f3\u3092\u4f7f\u7528\u3059\u308b\u3088\u3046\u66f4\u65b0\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u306e\u30b7\u30ca\u30ea\u30aa\u306e\u4e00\u4f8b\u3068\u3057\u3066\u3001\u7d44\u7e54\u304c\u30b5\u30fc\u30c9\u30d1\u30fc\u30c6\u30a3\u306eCRM\u30af\u30e9\u30a6\u30c9\u30b5\u30fc\u30d3\u30b9\u3092\u5229\u7528\u3057\u3001\u4f1a\u793e\u306e\u30e1\u30fc\u30eb\u30dc\u30c3\u30af\u30b9\u3084\u5916\u90e8\u30e6\u30fc\u30b6\u30fc\u306b\u30e1\u30fc\u30eb\u3092\u9001\u4fe1\u3059\u308b\u5834\u5408\u304c\u6319\u3052\u3089\u308c\u307e\u3059\u3002\u8a73\u3057\u304f\u306f\u300c\u30b7\u30ca\u30ea\u30aa: Exchange Online\u3092\u30e1\u30fc\u30eb\u30a2\u30c9\u30aa\u30f3\u30b5\u30fc\u30d3\u30b9\u3068\u7d71\u5408<\/a>\u3059\u308b\u300d\u3092\u3054\u89a7\u304f\u3060\u3055\u3044\u3002<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

      MC1226222 | Prevent\/Fix: Guidance for On-Premises Connectors Configuration Classification preventOrFixIssue La […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14791","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/14791","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=14791"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/14791\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=14791"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=14791"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=14791"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}