Incident Protocols for @Live Schools

[Martin Manjak <mm376 () ALBANY EDU>]

Anyone who has migrated email services to MS @Live, I'm curious as to
what information sharing and incident handling protocols you may have
worked out with MS.

My understanding is that MS applies the following thresholds to client
email activity, and if that activity exceeds these thresholds, the
account is suspended for 24 hours:

100 recipients per email
30 messages per minute
500 recipients per day

My questions are:

Does MS notify your institution when an account has been suspended?

Do these metrics apply to external messages only, or do they also count
internal mailings?

We have a significant number of staff whose current, ad hoc email
distributions would render their accounts inactive under the above
rubric and we're trying to decide how to address this.

We also want to be informed when an account is suspended in the event
the user contacts our Help Desk.
Marty

-- 
Martin Manjak
Information Security Officer
University at Albany
CISSP, GSEC, GCWN

"What information consumes...is the attention of its recipients."
Herbert Simon, 1971