External users cannot send emails to Office 365 groups. receive bounce back saying: Your message can't be delivered because delivery to this address is restricted.

Hello Experts. In our env, we have Exchange 2013 CU21 in a hybrid configuration with Office 365. We also leverage Azure AD Connect to sync our AD with Azure AD, so we are fully in a hybrid scenario, when centralized mailflow. My issue is, I create an office 365 group from Exchange online portal, and select 'Let people outside the organization send email to the group', people from outside the organization still cannot  send emails to the group, or any office 365 group for that matter. I've noticed in the Office 365 portal, when i select the office 365 group, i see the option: Allow outside senders --- set to OFF, when i try to change it to ON, it gives an error saying it cannot be done, and if the group has been recently created, please try again. although it has been more then a few days since the Office 365 group was created. People from outside the organization receive a bounce back when they try to email the group saying: Your message can't be delivered because delivery to this address is restricted.

Is anyone else facing this issue, please let me know how this can be resolved. the Office 365 group is successfully being written back to our on-prem AD, and our on-prem Email filtering solution, the email makes it through to our organization but gets rejected...i believe by Office 365.
Newguy 123Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
Since you've tried a few times time to get office 365 support involved. they probably can fix it right away.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Michael B. SmithManaging ConsultantCommented:
Create it on-premises and configure it on-premises.

When you try to use both O365 and on-premises you run into situations such as this.
FOXActive Directory/Exchange EngineerCommented:
connect to powershell on o365 and run the following against that distribution group

Set-DistributionGroup 'emailaddressofthedistributiongroup' -RequireSenderAuthenticationEnabled $False
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Above command needs to be done from onpremise exchange shell I believe since you are getting error while allowing external sender

This is because when group write backed to onpremise AD, it turned into AD synced object which don't allow you to alter settings from cloud shell I believe
Using your Exchange Admin Center (on premises):

Remove the group

Create the group again, assign group membership again with only you and another IT team member.

Make sure in Delivery Management,  "Senders inside and outside of my organization"  is selected.

Make sure the desire email address is correct and is included on your email/spam filter.

Test emailing the group from within the organization first... then test from the outside (outlook.com, google.com, etc.) If you still get the error post it here.  If not, go back to the group and add members in groups of 2 or 3, test and repeat until you find a failing group or success after all members are in.  Just to remove the possibility of a loop somewhere!!!
FOXActive Directory/Exchange EngineerCommented:
@Mahesh- If he created the DL directly on O365 the commands run against the dL in fact will work via powershell connected to o365.  

If the dl was created on prem and synced to  o365 he would have to edit the settings of the dl from on prem.
he enabled group write back in O365

But obvious, groups are replicated to on premise and became synced identities
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Office

From novice to tech pro — start learning today.