Exchange 365 Prevent External Forward Rules
How to Prevent Users from Creating Forwarding Rules to External Email Addresses in Exchange Online
In today’s digital landscape, protecting sensitive company information is paramount. One way to ensure data security is by preventing users from creating forwarding rules to external email addresses in Exchange Online. This guide will walk you through the process, ensuring your organisation’s emails stay within your secure environment.
Why Block External Forwarding?
Forwarding rules can be convenient, but they also pose significant security risks. External forwarding can lead to data leaks, unauthorised access, and compliance issues. By blocking this feature, you reduce the risk of sensitive information falling into the wrong hands.
Method 1: Using the Exchange Admin Center (EAC)
The Exchange Admin Center provides an intuitive interface for managing your Exchange Online settings. Follow these steps to create a rule that blocks external forwarding:
Log in to the Exchange Admin Center:
- Open your web browser and navigate to the EAC (usually at https://admin.exchange.microsoft.com).
- Sign in with your admin credentials.
Navigate to the Mail Flow Section:
- On the left-hand menu, click on Mail Flow.
Create a New Rule:
- Under the Rules tab, click on the + (plus) sign and select Create a new rule.
Configure the Rule:
- Give the rule a meaningful name, such as “Block External Forwarding”.
- In the “Apply this rule if” section, select The recipient is located… and then choose Outside the organisation.
- In the “Do the following” section, select Block the message and then choose Reject the message and include an explanation.
- Optionally, add a custom message to explain to users why their forwarding rule is being blocked.
Save the Rule:
- Click Save to apply the rule.
Method 2: Using PowerShell
For those comfortable with command-line tools, PowerShell offers a powerful way to manage Exchange Online settings. Here’s how to create a transport rule to block external forwarding:
Connect to Exchange Online via PowerShell:
- Open PowerShell on your computer.
- Run the following commands to connect to Exchange Online:
1
2
$UserCredential = Get-Credential
Connect-ExchangeOnline -UserPrincipalName user@domain.com -ShowProgress $true
Create a Transport Rule:
- Run the following command to create a transport rule that blocks automatic forwarding to external recipients:
1
New-TransportRule -Name "Block External Forwarding" -Priority 0 -FromScope InOrganization -SentToScope NotInOrganization -RejectMessageReasonText "Automatic forwarding to external recipients is not allowed."
Method 3: Disable Automatic Forwarding Globally
If you prefer a broader approach, you can disable automatic forwarding for all users globally:
Disable Automatic Forwarding:
- Open PowerShell and connect to Exchange Online using the commands provided in Method
- Run the following command to disable automatic forwarding globally:
1
Set-RemoteDomain Default -AutoForwardEnabled $false
Communicating the Change
It’s essential to inform your users about this change. Clear communication can help manage expectations and reduce confusion. Consider sending an internal memo explaining the new policy and the reasons behind it.
Monitoring and Compliance
Regularly review your mail flow rules and user accounts to ensure compliance with your organisation’s policies. Keeping an eye on these settings helps maintain the security of your email environment.