The legal hold notice market is dominated by cloud services that use a wide variety of security methods to send out your notices from their trusted domains. Having implemented a large number of these systems recently, I can tell you how difficult it can be to establish that trust relationship and bypass all the spam/virus/phishing filters to ensure that all custodians receive their hold notices. Legal hold notices with embedded forms and links look like phishing attempts. I have seen custodians report them to security because they believed that they were a phish attempt. This change by Microsoft means that your hold notices could be ‘detonated’ and deleted before reaching custodians. Send your Email admin and your LHN support team that Microsoft MC226683 notice and ask them to verify that your LHN domain uses a mail flow rule rather than just being whitelisted.