Forum Discussion

Mark Andrich's avatar
Mark Andrich
Copper Contributor
Aug 03, 2017

On demand disable forwarding? OWA and Outlook?

Hello,   I recently saw a video (that I can no longer find) that seemed to show that it was possible to limit forwarding "ala cart" on outgoing e-mails in a way that would disallow forwarding withi...
admin
microsoft 365 admin center
VasilMichev's avatar
VasilMichev
MVP
Aug 04, 2017

This is nothing new, the only new part about it is that it got included as part of the Secure Score recommendations/actions: https://blogs.technet.microsoft.com/office365security/mitigating-client-external-forwarding-rules-with-secure-score/

 

Here's the actual rule syntax: IF The Sender is located ‘Inside the organization’ AND IF The Recipient is located ‘Outside the organization’ AND IF The message type is ‘Auto-Forward’ THEN Reject the message with the explanation ‘External Email Forwarding via Client Rules is not permitted’

  • Michael Daly's avatar
    Michael Daly
    Copper Contributor
    Apr 06, 2018

    I do not have this condition: AND IF The message type is ‘Auto-Forward’ 

    I can't use powershell because I am also AD on-prem. Any ideas?

    • VasilMichev's avatar
      VasilMichev
      MVP
      Apr 06, 2018

      Make sure to press the "More options" link on the bottom of the New rule dialog, it will bring up all the other conditions.

      • Michael Daly's avatar
        Michael Daly
        Copper Contributor
        Apr 06, 2018

        I got it.. 

        I had to go to 'The message properties', then 'include message type'

        then select Auto-Forward

  • Mark Andrich's avatar
    Mark Andrich
    Copper Contributor
    Aug 04, 2017

    Thanks for the response. To be clear, I'm looking to give the end user the ability to choose on a "per e-mail" basis on whether or not to disallow forwarding through their Outlook. I.E. Sending an e-mail that contains sensitive information and enabling "DO Not Forward" for just that particualr e-mail.

    • TonyRedmond's avatar
      TonyRedmond
      MVP
      Aug 04, 2017

      Well, if you want control in the user's hands, you might look at Azure Information Protection labels. AIP allows users to select a label to identify the level of sensitivity of information in a message. The policy behind a label can apply an IRM template to really sensitive stuff and that would block the ability of external people to read the content,

  • TonyRedmond's avatar
    TonyRedmond
    MVP
    Aug 04, 2017

    To be specific, what Vasil has highlighted is an Exchange transport rule that will check for messages autoforwarded by users and block them. The advantage of this approach is that it is guaranteed to work because all email must flow through the transport system and be checked against the tenant's rules. However, introducing such a rule without prior advice and consultation with users might provoke a negative reaction from people, so perhaps user education is a better first step.

Resources