We help IT Professionals succeed at work.

External users cannot send emails to Office 365 groups. receive bounce back saying: Your message can't be delivered because delivery to this address is restricted.

1,226 Views
1 Endorsement
Last Modified: 2019-01-01
Hello Experts. In our env, we have Exchange 2013 CU21 in a hybrid configuration with Office 365. We also leverage Azure AD Connect to sync our AD with Azure AD, so we are fully in a hybrid scenario, when centralized mailflow. My issue is, I create an office 365 group from Exchange online portal, and select 'Let people outside the organization send email to the group', people from outside the organization still cannot  send emails to the group, or any office 365 group for that matter. I've noticed in the Office 365 portal, when i select the office 365 group, i see the option: Allow outside senders --- set to OFF, when i try to change it to ON, it gives an error saying it cannot be done, and if the group has been recently created, please try again. although it has been more then a few days since the Office 365 group was created. People from outside the organization receive a bounce back when they try to email the group saying: Your message can't be delivered because delivery to this address is restricted.

Is anyone else facing this issue, please let me know how this can be resolved. the Office 365 group is successfully being written back to our on-prem AD, and our on-prem Email filtering solution, the email makes it through to our organization but gets rejected...i believe by Office 365.
Comment
Watch Question

Simple Geek from the '70s
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)
UNLOCK SOLUTION
Michael B. SmithManaging Consultant
CERTIFIED EXPERT

Commented:
Create it on-premises and configure it on-premises.

When you try to use both O365 and on-premises you run into situations such as this.
FOXActive Directory/Exchange Engineer
CERTIFIED EXPERT
Top Expert 2015

Commented:
NewGuy,
connect to powershell on o365 and run the following against that distribution group

Set-DistributionGroup 'emailaddressofthedistributiongroup' -RequireSenderAuthenticationEnabled $False
MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Above command needs to be done from onpremise exchange shell I believe since you are getting error while allowing external sender

This is because when group write backed to onpremise AD, it turned into AD synced object which don't allow you to alter settings from cloud shell I believe
hecgomrecNetwork Administrator
CERTIFIED EXPERT

Commented:
Using your Exchange Admin Center (on premises):

Remove the group

Create the group again, assign group membership again with only you and another IT team member.

Make sure in Delivery Management,  "Senders inside and outside of my organization"  is selected.

Make sure the desire email address is correct and is included on your email/spam filter.

Test emailing the group from within the organization first... then test from the outside (outlook.com, google.com, etc.) If you still get the error post it here.  If not, go back to the group and add members in groups of 2 or 3, test and repeat until you find a failing group or success after all members are in.  Just to remove the possibility of a loop somewhere!!!
FOXActive Directory/Exchange Engineer
CERTIFIED EXPERT
Top Expert 2015

Commented:
@Mahesh- If he created the DL directly on O365 the commands run against the dL in fact will work via powershell connected to o365.  

If the dl was created on prem and synced to  o365 he would have to edit the settings of the dl from on prem.
MaheshArchitect
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
he enabled group write back in O365

But obvious, groups are replicated to on premise and became synced identities