Allowing external email forwarding in Office 365

November 16, 2021

We use Zimbra as our main email server. We also have Office 365 subscription to make working with our clients a bit easier. The challenge is that when customers send us, say, Teams meeting invites, they typically use autofill and the email gets sent to our Office 365 mailboxes which nobody really looks at.

It is possible to fix this by configuring email forwarding. That is theoretically possible out of the box on a per-user basis in https://outlook.office.com/mail/options/mail/forwarding. However, when you actually try it out you will get an error message in your Office 365 inbox because forwarding is disabled on the organizational level by default:

Remote Server returned '550 5.7.520 Access denied, Your organization does not allow external forwarding. Please contact your administrator for further assistance. AS(7555)'

Most of the solution is described in this blog post, but we'll go through the steps in here as well.

The solution is to set up a new outbound antispam policy in Microsoft 365 Defender . You can select to allow forwarding for individual users, groups or the entire domain. Keeping the scope minimal is the best option security-vise. That said, when you try to add the anti-spam policy you may get blocked because your Office 365 organization does not allow customization, with the hint to run the Enable-OrganizationCustomization Cmdlet to fix the issue. Doing that is easier said than done, so the steps are outlined below. Windows Powershell is assumed, though the commands might work on Powershell Core as well.

First you need to connect to Exchange Online. Doing that is a multi-step process. First you install a custom Powershell module:

Install-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.5

Then you import it:

Import-Module ExchangeOnlineManagement

Finally you can actually connect to your Office 365 "Exchange Online" organization, e.g.

Connect-ExchangeOnline -UserPrincipalName [email protected]

Finally you can enable organization changes:

Enable-OrganizationCustomization

Now you should be able to create the outbound spam policy, which in turn allows users to enable email forwarding and expect it to work.

#email #office365

Samuli Seppänen

Author archive

Did you like the article?

Share it with others

Privacy policy

Puppeteers Oy, c/o LOV co-working space, Uudenmaankatu 1, 20500 Turku, Finland. Y-tunnus: 2919313-3 / VAT ID: FI29193133

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.