Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Differentiaing between different tenants Do not forward emails

Copper Contributor

Is there a way to identify emails which emails were protected using our tenants do not forward permissions versus another tenants do not forward permissions. We need to block our own emails from being sent externally but the not ones that we have received and are replying back too.  I tried reviewing the message headers specifically the MSIP labels and do sometimes see a different SiteID compared to ours. But i have seen some emails that we received from an external party that we are replying too which then has our SiteID instead of theirs.



2 Replies

If you're using sensitivity labels with forwarding permissions disabled then you can use activity explorer under data loss prevention in If you're specifically trying to make certain emails "internal use only" you might find it easier creating a dlp policy for exchange in which you can choose conditions contains "sensitivity label" and "content is sent outside of organisation" with the action as block.

Hi Kennan, 


I was asking about the default Do not forward setting within outlook and not sensitivity labels. I understand the usage of those. But if i create a new email and select the Do Not Forward option and send that to external party. I can see our tenant ID listed within the MSIP label headers.


But if i receive a do not forward email from an outside company and then reply back to it. I sometimes see our tenant ID and other times i do not. So the times where i dont see our tenant id in the MSIP label header. i can exclude them from a blocking rule


What i am trying to find is there something consistent in these Do Not Forward emails that can differentiate our tenant generated Do not forward emails apart from ones that we are replying too from another companies generated one?