May 20 2018 06:54 PM
May 20 2018 06:54 PM
Overview + Setup Information
This issue relates to Exchange, SharePoint Online and Office 365.
Here's a quick summary of our setup:
Users with on-prem mailboxes are unable to send emails to distribution groups using the 'Send by Email' functionality in SharePoint Online sites.
These users are able to select the distribution group and send the email, however, the message is not received by any of the members of the distribution group.
Disabling the 'Require that all senders are authenticated' option in EMC > Distribution Groups > [desired group] > Mail Flow Settings > Message Delivery Restrictions, fixes this issue. As in, members of the group will then receive emails that users with on-prem mailboxes send using the 'Send by Email' button on SharePoint Online.
FYI, the equivalent setting on Exchange Online seems to be EAC > Recipients > Groups > [desired group] > Delivery Management > Senders inside and outside my organization.
Issue with Solution
This is not an acceptable solution as it leaves the door open for external senders to send emails to all the members in our distribution groups. This is problematic for a number of reasons, particularly from a security perspective.
It seems like either Exchange Online or our on-prem Exchange server is deeming these users (who have on-prem mailboxes) to be unauthenticated/outside the organization - as a reminder, our inbound mail flow goes through Exchange Online.
Hence, how can we make Exchange Online/on-prem Exchange consider these users to be authenticated/inside the organization? I am of course also open to trying other solutions that might fix the issue we're having.
Any help would be much appreciated.
May 21 2018 03:39 AM
The quick answer is...you can't. Exchange Online users are not authenticated on premise, the email originates from Exchange online which is essentially a federated organisation. Maybe MS could implement a separate tick box for "federated partners" but this is unlikely to happen.
May 21 2018 10:04 AMSolution
Moreover those messages are sent from the SPO backend, so Exchange is not even involved. Have you tried allowing just the firstname.lastname@example.org address?
May 21 2018 02:07 PM
May 21 2018 07:57 PM - edited May 21 2018 07:58 PM