SOLVED

Whitelist external senders to a 365 group

%3CLINGO-SUB%20id%3D%22lingo-sub-501089%22%20slang%3D%22en-US%22%3EWhitelist%20external%20senders%20to%20a%20365%20group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-501089%22%20slang%3D%22en-US%22%3E%3CP%3EI%20generally%20want%20to%20block%20external%20email%20traffic%20to%20our%20365%20Groups.%26nbsp%3B%20However%2C%20we%20have%20some%20external%20systems%20producing%20alerts%20or%20updates%20that%20I%20want%20to%20deliver%20to%20a%20365%20Group.%26nbsp%3B%20That%20way%20users%20who%20are%20following%20can%20get%20those%20emails%2C%20or%20even%20stop%20following%20if%20they%20don't%20want%20that%20level%20of%20detail.%26nbsp%3B%20So%20I've%20enabled%20external%20sending%20to%20the%20365%20group%2C%20and%20then%20used%20an%20Exchange%20mail%20flow%20rule%20to%20control%20who%20can%20send%20emails%20to%20the%20group%20address.%26nbsp%3B%20The%20problem%20is%20that%20the%20members%20of%20that%20group%20(the%20subscribers)%20are%20still%20receiving%20the%20email.%26nbsp%3B%20It's%20as%20if%20the%20mail%20flow%20rule%20gets%20processed%20AFTER%20the%20email%20has%20already%20been%20distributed%20to%20the%20members.%26nbsp%3B%20So%20the%20rule%20stops%20the%20external%20emails%20from%20delivering%20to%20Group%40domain.com%20(good)%2C%20but%20still%20deliver%20to%20user1%40dober.com%20(not%20good).%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20way%20to%20whitelist%20certain%20external%20senders%20to%20a%20365%20Group%20email%3F%26nbsp%3B%20Anyone%20know%20why%20the%20mail%20flow%20rule%20is%20affecting%20the%20group%20email%20address%2C%20but%20not%20the%20members%3F%26nbsp%3B%20My%20only%20resolution%20is%20to%20have%20an%20old%20school%20distribution%20list%20to%20send%20the%20alerts%20to%20and%20control%20the%20membership%20manually.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAttached%20is%20how%20the%20mail%20flow%20rule%20is%20configured.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-501089%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%20Groups%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-502534%22%20slang%3D%22en-US%22%3ERe%3A%20Whitelist%20external%20senders%20to%20a%20365%20group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-502534%22%20slang%3D%22en-US%22%3E%3CP%3EYou%20can%20use%20the%20standard%20message%20delivery%20parameters%3A%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EAcceptMessagesOnlyFrom%20%3A%20%7B%7D%3CBR%20%2F%3EAcceptMessagesOnlyFromDLMembers%20%3A%20%7B%7D%3CBR%20%2F%3EAcceptMessagesOnlyFromSendersOrMembers%20%3A%20%7B%7D%3CBR%20%2F%3ERejectMessagesFrom%20%3A%20%7B%7D%3CBR%20%2F%3ERejectMessagesFromDLMembers%20%3A%20%7B%7D%3CBR%20%2F%3ERejectMessagesFromSendersOrMembers%20%3A%20%7B%7D%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-504176%22%20slang%3D%22en-US%22%3ERe%3A%20Whitelist%20external%20senders%20to%20a%20365%20group%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-504176%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%2C%26nbsp%3BI%20had%20looked%20at%20this%20but%20got%20caught%20up%20on%20the%20external%20email%20address%20(the%20parameter%20only%20allows%20you%20to%20add%20users).%26nbsp%3B%20Then%20it%20occurred%20to%20me%20I%20could%20create%20a%20contact%20with%20the%20inbound%20email%20address%2C%20and%20add%20that%20contact%20to%20the%20message%20delivery%20parameters.%26nbsp%3B%20That%20works!%26nbsp%3B%20Thanks%20for%20the%20help!%26nbsp%3B%20%26nbsp%3BFor%20others%20looking%2C%20here's%20Microsoft's%20documentation%20on%20configuring%20delivery%20restrictions%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Frecipients%2Fuser-mailboxes%2Fmessage-delivery-restrictions%3Fview%3Dexchserver-2019%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fexchange%2Frecipients%2Fuser-mailboxes%2Fmessage-delivery-restrictions%3Fview%3Dexchserver-2019%3C%2FA%3E%3CBR%20%2F%3E%3CBR%20%2F%3EAnd%20if%20using%20powershell%2C%20you%20have%20to%20use%20%22set-unifiedgroup%22%20commands%20instead%20of%20%22set-mailbox%22%2C%20but%20the%20concept%20is%20the%20same.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

I generally want to block external email traffic to our 365 Groups.  However, we have some external systems producing alerts or updates that I want to deliver to a 365 Group.  That way users who are following can get those emails, or even stop following if they don't want that level of detail.  So I've enabled external sending to the 365 group, and then used an Exchange mail flow rule to control who can send emails to the group address.  The problem is that the members of that group (the subscribers) are still receiving the email.  It's as if the mail flow rule gets processed AFTER the email has already been distributed to the members.  So the rule stops the external emails from delivering to Group@domain.com (good), but still deliver to user1@dober.com (not good).  

 

Is there a way to whitelist certain external senders to a 365 Group email?  Anyone know why the mail flow rule is affecting the group email address, but not the members?  My only resolution is to have an old school distribution list to send the alerts to and control the membership manually.

 

Attached is how the mail flow rule is configured.  

2 Replies
Highlighted
Solution

You can use the standard message delivery parameters:

 

AcceptMessagesOnlyFrom : {}
AcceptMessagesOnlyFromDLMembers : {}
AcceptMessagesOnlyFromSendersOrMembers : {}
RejectMessagesFrom : {}
RejectMessagesFromDLMembers : {}
RejectMessagesFromSendersOrMembers : {}

Highlighted

@Vasil Michev, I had looked at this but got caught up on the external email address (the parameter only allows you to add users).  Then it occurred to me I could create a contact with the inbound email address, and add that contact to the message delivery parameters.  That works!  Thanks for the help!   For others looking, here's Microsoft's documentation on configuring delivery restrictions: https://docs.microsoft.com/en-us/exchange/recipients/user-mailboxes/message-delivery-restrictions?vi...

And if using powershell, you have to use "set-unifiedgroup" commands instead of "set-mailbox", but the concept is the same.