Skip to main content
My preferencesSign out
Proofpoint, Inc.

Emails Rejected for Azure Disabled Accounts

Situation Why are mail emails being rejected for not-Active Accounts / Disabled Accounts in Azure. 
Solution Proofpoint is honoring the Not Active/Active flag within Azure. See below for instructions on how to enable mailflow for Block Sign-In set accounts in Office 365.

 

Why are my emails being rejected for non-Active in Proofpoint/Disabled accounts in Azure ?

As of Proofpoint Essentials version 5.78 

There has been a change in the behavior of Proofpoint Essentials, where we are now honoring the Disabled flag given by Azure. 

Accounts that are Block Sign-In in Azure from logon, will be replicated and Not Active in Proofpoint. This will also prevent mail-flow to that address. 

To access the Block Sign-In setting within Office 365:

  1. Open Exchange Admin Center. 
  2. Navigate to Active Users and search for the mailbox.
  3. Click on the address.
  4. Block Sign-In can be seen.

BlockedSignIN-365.PNG

  • If you are experiencing mail flow issues to accounts, check if the Block Sign-In setting is set to Disabled or Active. Active will need to be set to allow mail flow. 
  • If set to Block Sign-In , the account in Proofpoint will be honored and set to Not Active

How to enable mailflow for Block Sign-In set accounts in Office 365:

Within Proofpoint:

  1. Navigate to Users & Groups > Users.
  2. Set the account from Not Active to Active by selecting Activate User.

PPInterface-Active.PNG

  1. Navigate to Company Settings > Import Users > Azure Active Directory
  2. Click Search Now.
  3. Under Adding/Updating, click Exempt From Sync on the right side of the window.

Exempting.PNG

  1. Click Sync Active Directory.

This prevents future syncs from converting the Active status to Non - Active and mail flow will not be impacted.