Link to home
Start Free TrialLog in
Avatar of Newguy 123
Newguy 123

asked on

External users cannot send emails to Office 365 groups. receive bounce back saying: Your message can't be delivered because delivery to this address is restricted.

Hello Experts. In our env, we have Exchange 2013 CU21 in a hybrid configuration with Office 365. We also leverage Azure AD Connect to sync our AD with Azure AD, so we are fully in a hybrid scenario, when centralized mailflow. My issue is, I create an office 365 group from Exchange online portal, and select 'Let people outside the organization send email to the group', people from outside the organization still cannot  send emails to the group, or any office 365 group for that matter. I've noticed in the Office 365 portal, when i select the office 365 group, i see the option: Allow outside senders --- set to OFF, when i try to change it to ON, it gives an error saying it cannot be done, and if the group has been recently created, please try again. although it has been more then a few days since the Office 365 group was created. People from outside the organization receive a bounce back when they try to email the group saying: Your message can't be delivered because delivery to this address is restricted.

Is anyone else facing this issue, please let me know how this can be resolved. the Office 365 group is successfully being written back to our on-prem AD, and our on-prem Email filtering solution, the email makes it through to our organization but gets rejected...i believe by Office 365.
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Create it on-premises and configure it on-premises.

When you try to use both O365 and on-premises you run into situations such as this.
connect to powershell on o365 and run the following against that distribution group

Set-DistributionGroup 'emailaddressofthedistributiongroup' -RequireSenderAuthenticationEnabled $False
Above command needs to be done from onpremise exchange shell I believe since you are getting error while allowing external sender

This is because when group write backed to onpremise AD, it turned into AD synced object which don't allow you to alter settings from cloud shell I believe
Using your Exchange Admin Center (on premises):

Remove the group

Create the group again, assign group membership again with only you and another IT team member.

Make sure in Delivery Management,  "Senders inside and outside of my organization"  is selected.

Make sure the desire email address is correct and is included on your email/spam filter.

Test emailing the group from within the organization first... then test from the outside (,, etc.) If you still get the error post it here.  If not, go back to the group and add members in groups of 2 or 3, test and repeat until you find a failing group or success after all members are in.  Just to remove the possibility of a loop somewhere!!!
@Mahesh- If he created the DL directly on O365 the commands run against the dL in fact will work via powershell connected to o365.  

If the dl was created on prem and synced to  o365 he would have to edit the settings of the dl from on prem.
he enabled group write back in O365

But obvious, groups are replicated to on premise and became synced identities