0

Block Users From Sending to External Recipients in Office 365

Have you ever wondered if it’s possible to block users from sending to external recipients in Office 365? If you have, just know that this can be done using Exchange Transport Rules, ETR for short. Today we’re going to cover the steps on how restrict emails to internal users only for a specific set of users or groups.

Requirements

If this is something we are considering than let’s take a look at the options we have available to us. As mentioned, the best (and most practical) way to handle this task is to do so via a transport rule. Furthermore, let’s list the requirements here.

  • Exchange Administrator Role
  • Exchange Online with a valid mail license

 

Block Users From Sending to External Recipients in Office 365

Regarding use cases, I’m sure someone somewhere can justify a good reason why we would want to block mail to an external domain like Gmail, yahoo or anyone outside of your domain. Perhaps they want to prevent someone from leaking information, whatever the reason may be, we’ll show you how to get this done.
 

First we’ll want to open a browser of your choice.

Exchange Transport Rule
 

  • Next Click on the “+” to create a new rule
  • Select Create a new rule

Create new transport rule
 

  • Name the rule Block Sending to External Domains
  • Scroll down a bit and click on the more options link
  • Under apply this rule if dropdown, select the recipient.. -> is external/internal -> select outside the organization
  • Click Add Condition
  • Under the next and statement, select the sender.. -> is a member of this group -> select a mail-enabled security group
    • We have the option to choose individual users but it’s always best to use groups for easier administration
  • Under do the following -> select block this message -> select delete the message without notifying anyone
  • Apply exceptions as needeed

Transport Rule
 

Testing The Exchange Transport Rule

Now that we have the rule in place, we should be able to test that it’s actually working. To do that, we’ll send an email to both an external domain and to someone in our tenant.
 

In this instance, we can run a simple message trace to see the status and the event type.

Testing Transport Rule

Testing Transport Rule Detail

Conclusion

Hopefully this article was informative and we were able to show you how to block users from sending to external recipients. We showed you how to create an Exchange Transport Rule as well as confirming that the actual email was being blocked at the Exchange level.
 

If you’re looking to implement something like this, just be sure that you have the right parameters in place. If this is not configured correctly, you can imagine the mayhem you’d cause by blocking all outbound emails.
 

Finally, if you’re looking for more articles on Exchange, be sure to check out how to block legacy authentication in Office 365

5/5 - (4 votes)

Paul Contreras

Hi, my name is Paul and I am a Sysadmin who enjoys working on various technologies from Microsoft, VMWare, Cisco and many others. Join me as I document my trials and tribulations of the daily grind of System Administration.

Leave a Reply

Your email address will not be published.