Sundeep V
asked on
how to block external emails from Office365 with AD groups
Hi all
Working at school
I have request for primary school students to have access to emails but only be able to send internal and reciveve internal only. So block external emails alltogether
Heres what i have done,
Created a Universal distribution group in AD - Added the releveant groups to it i.e. primary school students
In office 365 created a new rule
- The recipent is located - Outside the organisation and the sender is member off (the distribution group i created in AD)
Do the following - delete the message without notifying anyone
After the above, i have been testing by sending email to a test student via my gmail account and test student can send emails and receive externally.
So seems like this is not working, any ideas?
one thing i noticed was in members of that distribution list, i am unable to locate the AD security groups, could this be the reason? my security groups seems are not automativally synced. I had to go in Attribute of the distribution list to make it sync to Office 365 not sure if its same for this
Working at school
I have request for primary school students to have access to emails but only be able to send internal and reciveve internal only. So block external emails alltogether
Heres what i have done,
Created a Universal distribution group in AD - Added the releveant groups to it i.e. primary school students
In office 365 created a new rule
- The recipent is located - Outside the organisation and the sender is member off (the distribution group i created in AD)
Do the following - delete the message without notifying anyone
After the above, i have been testing by sending email to a test student via my gmail account and test student can send emails and receive externally.
So seems like this is not working, any ideas?
one thing i noticed was in members of that distribution list, i am unable to locate the AD security groups, could this be the reason? my security groups seems are not automativally synced. I had to go in Attribute of the distribution list to make it sync to Office 365 not sure if its same for this
ASKER
I have exactly as per your link and it hasnt worked as per my question The rule is created but the thats in a security group to deny send emails is still being able to.
Take a screen shot and let me see the mail flow rule
Wait are you dropping in other groups or users into your group? Drop the users directly in there.
ASKER
In the distributon list in AD i added the security groups within the AD
But its not showing in office 365.
I have 600 users to add from around 1500 users so ideally wanted to avoid adding users 1 by 1
But its not showing in office 365.
I have 600 users to add from around 1500 users so ideally wanted to avoid adding users 1 by 1
You don't add them one by one you use powershell.
If it's not showing in o365 is your Directory sync working as expected?
If it's not showing in o365 is your Directory sync working as expected?
ASKER
none of our security groups has synced and never has.
For the Distribution list i created in AD - i had to edit the attribute tab in AD and add few details only then it synced online.
Users are all syncing ok just not sec groups (but we do have numerous groups like 50-60) which maybe reason why its not syncing
Which powershell command do i use for this? do you have link so i run the correct one than mess up!
For the Distribution list i created in AD - i had to edit the attribute tab in AD and add few details only then it synced online.
Users are all syncing ok just not sec groups (but we do have numerous groups like 50-60) which maybe reason why its not syncing
Which powershell command do i use for this? do you have link so i run the correct one than mess up!
You are on the right track, a transport rule should do the trick. You will need one rule for Sending email and another one for Receiving. It's hard however to tell you why it's not working without having all the details, can you post a screenshot of the rule configuration?
You should be using a DG in Exchange however, as it cannot evaluate the membership on on-premises groups.
Alternatively, you can use the message delivery settings and for each of the users configure a list of users (members of a group) that is allowed to send messages. It's easily done via PowerShell, but you will again need an Exchange Online DG to begin with.
You should be using a DG in Exchange however, as it cannot evaluate the membership on on-premises groups.
Alternatively, you can use the message delivery settings and for each of the users configure a list of users (members of a group) that is allowed to send messages. It's easily done via PowerShell, but you will again need an Exchange Online DG to begin with.
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Full guide there, follow it and let me know :D
Thanks
Alex