Avatar of Newguy 123
Newguy 123
 asked on

External users cannot send emails to Office 365 groups. receive bounce back saying: Your message can't be delivered because delivery to this address is restricted.

Hello Experts. In our env, we have Exchange 2013 CU21 in a hybrid configuration with Office 365. We also leverage Azure AD Connect to sync our AD with Azure AD, so we are fully in a hybrid scenario, when centralized mailflow. My issue is, I create an office 365 group from Exchange online portal, and select 'Let people outside the organization send email to the group', people from outside the organization still cannot  send emails to the group, or any office 365 group for that matter. I've noticed in the Office 365 portal, when i select the office 365 group, i see the option: Allow outside senders --- set to OFF, when i try to change it to ON, it gives an error saying it cannot be done, and if the group has been recently created, please try again. although it has been more then a few days since the Office 365 group was created. People from outside the organization receive a bounce back when they try to email the group saying: Your message can't be delivered because delivery to this address is restricted.

Is anyone else facing this issue, please let me know how this can be resolved. the Office 365 group is successfully being written back to our on-prem AD, and our on-prem Email filtering solution, the email makes it through to our organization but gets rejected...i believe by Office 365.
Microsoft OfficeExchangeMicrosoft 365Active Directory

Avatar of undefined
Last Comment

8/22/2022 - Mon
David Johnson, CD

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
Michael B. Smith

Create it on-premises and configure it on-premises.

When you try to use both O365 and on-premises you run into situations such as this.

connect to powershell on o365 and run the following against that distribution group

Set-DistributionGroup 'emailaddressofthedistributiongroup' -RequireSenderAuthenticationEnabled $False

Above command needs to be done from onpremise exchange shell I believe since you are getting error while allowing external sender

This is because when group write backed to onpremise AD, it turned into AD synced object which don't allow you to alter settings from cloud shell I believe
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck

Using your Exchange Admin Center (on premises):

Remove the group

Create the group again, assign group membership again with only you and another IT team member.

Make sure in Delivery Management,  "Senders inside and outside of my organization"  is selected.

Make sure the desire email address is correct and is included on your email/spam filter.

Test emailing the group from within the organization first... then test from the outside (outlook.com, google.com, etc.) If you still get the error post it here.  If not, go back to the group and add members in groups of 2 or 3, test and repeat until you find a failing group or success after all members are in.  Just to remove the possibility of a loop somewhere!!!

@Mahesh- If he created the DL directly on O365 the commands run against the dL in fact will work via powershell connected to o365.  

If the dl was created on prem and synced to  o365 he would have to edit the settings of the dl from on prem.

he enabled group write back in O365

But obvious, groups are replicated to on premise and became synced identities
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.