How to Block Email Forwarding in Office365
How to block auto-forward emails to external recipients in Office365?
This block is to help you prevent internal users from auto-forwarding emails to external mailbox users to avoid keeping a copy externally and prevent information leakage.
A lot of tenant global administration wanted to disable this feature in Office365 since it can cause risk to their company’s security.
How do users set up Auto-forwarding in the first place?
Method 1 (Through Admin Center) — only administrators can do this
- Admin Center
- Active Users
- Select the user where you want to set up the forwarding
- Click mail
- Manage email forwarding
- select checkbox for “Forward all emails sent to this mailbox”
- Enter the email address where you want the emails to be forwarded.
Note: You can check the “Keep a copy of forwarded email in this mailbox” so the user can have a copy on their respective mailboxes.
Method 2 (Through OWA) — can be done by users
- Log in to Office.com
- Go to OWA
- Settings (Gear Icon)
- Forwarding
Method 3 (Through Exchange Admin Center) — only administrators can do this
- Admin Center
- Exchange Admin Center
- Recipients
- Mailboxes
- Edit the user mailbox where you want to set up the auto-forwarding
- Mailbox Features
- Mail Flow
- Delivery options
- Enable forwarding
Method 4 (Through Powershell) — only administrators can do this
- Connect to Exchange Online Powershell through:
https://medium.com/jj365/https-medium-com-jj365-connecting-to-office-365-through-powershell-exchange-online-a38f0370fcfe - And run this command:
This command delivers email to the mailbox of Jennifer Agustin then forwards all emails sent to Jennifer Agustin to jj@axlemyer.com
Set-Mailbox -Identity “Jennifer Agustin” -DeliverToMailboxAndForward $true -ForwardingSMTPAddress jj@axlemyer.com
How do you disable auto-forwarding at the tenant level?
Method 1 (via Transport rule)
- Admin Center
- Exchange Admin Center
- Rules
- Transport rule
Condition: If the Recipient is located outside the organization and if the message type is auto-forwardAction: Either block or delete the message depending upon your preference
Or block it using the message header as one of the conditions:
Method 2 (Via Remote domains)
- Exchange Admin Center
- Mail Flow
- Remote Domains
- Edit the default
- Uncheck the Allow Automatic Forwarding
In powershell:
Set-RemoteDomain Default -AutoForwardEnabled $false
Method 3 (via Role-Based Access Control)
- Connect to Exchange Online Powershell through:
https://medium.com/jj365/https-medium-com-jj365-connecting-to-office-365-through-powershell-exchange-online-a38f0370fcfe
Step 1: Create a new management role based on the MyBaseOptions role
New-ManagementRole MyBaseOptions-DisableForwarding -Parent MyBaseOptions
Step 2: Remove the forwarding parameters from the MyBaseOptions-DisableForwarding role
Set-ManagementRoleEntry MyBaseOptions-DisableForwarding\Set-Mailbox -RemoveParameter -Parameters DeliverToMailboxAndForward,ForwardingAddress,ForwardingSmtpAddress
Step 3: Exchange Admin Center > Permissions > User Roles > edit the Default Role Assignment Policy
- Clear MyBaseOptions
- then select MyBaseOptions-DisableForwarding
Or you can apply it to a specific user by…
Step 1: Create a new role assignment policy which will contain the MyBaseOptions-DisableForwarding role
New-RoleAssignmentPolicy -Name DisabledForwardingRoleAssignmentPolicy -Roles MyBaseOptions-DisableForwarding,MyContactInformation,MyRetentionPolicies,MyMailSubscriptions,MyTextMessaging,MyVoiceMail,MyDistributionGroupMembership,MyDistributionGroups, MyProfileInformation
Step 2: Apply to specific user
Set-Mailbox –Identity user@domain.com -RoleAssignmentPolicy DisabledForwardingRoleAssignmentPolicy
Thanks, everyone! This blog is based on my work experience with assisting global administrators with their everyday struggles/issues with Office365. Feel free to reach out if you need to add or comment on something about this blog. It’ll be highly appreciated. Email: jj@axlemyer.com