Event banner

Windows Office Hours: September 28, 2023

Event Ended
Thursday, Sep 28, 2023, 08:00 AM PDT
In-Person

Event details

Please note this Windows Office Hours date has been changed to September 28, 2023. Get answers to your questions about adopting Windows 11 and managing the Windows devices used by remote, onsite, a...
Heather_Poulsen
Updated Sep 28, 2023
Office Hours
JohnnyJayMV's avatar
JohnnyJayMV
Occasional Reader
Sep 28, 2023
At work, I faced a situation with a customer trying to route all emails sent to their users but through "*@customername.onmicrosoft.com" email addresses. They don't use Microsoft Defender but a different security solution, which is why they want to route all email traffic (including those emails sent to "customername.onmicrosoft.com" email addresses) to it. This was easily done for their custom domain (customername.com) by changing the DNS MX record and point it to their security solution, but there is no such option to do that for the "customername.onmicrosoft.com" domain in the M365 Admin Center (it only has the option to handle TXT records not MX records). We have spent many many hours in calls with Microsoft Support without any fully successful solution to do this just because the security solution is not the one provided by Microsoft (which I believe is non-sense, because we are not trying Microsoft to configure the 3rd party security system for us, just route the email received by Microsoft - *.onmicrosoft.com domains belong to Microsoft - to it). Official Microsoft documentation says the way this could be achieved is through an ETR (Exchange Transport Rule), but we configured it as instructed (in different Tenants, including a brand new testing one) and it doesn't work (emails are just not getting routed or other issues like quarantined emails and problems forwarding meetings appeared). We found then the reason is because transport rules apply after the recipient is resolved and the post-resolution email address is changed to the user custom domain (which is the user's primary email address) so the ETR is bypassed. Another possible complications is that user's Default domain is still the Fallback domain, not their own custom domain, but we got the exact same experience on another M365 Tenant with the custom domain set as the Default one anyways. I found about Windows Office Hours and I was hoping to find anyone who can help me check if there is any other easier, simpler, or cleaner solution to do this routing. I would really appreciate any help on this matter! 🙏
Date and Time
Sep 28, 20238:00 AM - 9:00 AM PDT