Microsoft Education in the Cloud

Read all about the wonderful world of the Microsoft cloud stack and how it applies to education. Your feedback and comments are always welcome. Enjoy!

Turning off forwarding in Exchange Online

Turning off forwarding in Exchange Online

  • Comments 7
  • Likes

 

I had a customer recently ask me about removing forwarding. There are two steps to do this the first is to remove the UI settings and the other to change the mailbox settings. The original article written for Live@edu was a little different as the rule set has changed in Office 365. I owe my efforts to the original article here.

Please use the following instructions to disable forwarding in Office 365:

1. Create new role which parent is “MyBaseOptions

New-ManagementRole -Parent MyBaseOptions -Name NewMyBaseOptions

2. Remove some options related “forwarding” in “Set-Mailbox”

Set-ManagementRoleEntry NewMyBaseOptions\Set-Mailbox -Parameters DeliverToMailboxAndForward,ForwardingAddress,ForwardingSmtpAddress -RemoveParameter

3.Create new role assignment policy which contains “NewMyBaseOptions”

New-RoleAssignmentPolicy -Name DenyForwardingRoleAssignmentPolicy -Roles NewMyBaseOptions,MyContactInformation, MyRetentionPolicies,MyMailSubscriptions,MyTextMessaging,MyVoiceMail,MyDistributionGroupMembership,

MyDistributionGroups, MyProfileInformation

4. Assign the new policy to the appropriate mailbox.

Set-Mailbox –Identity XXX -RoleAssignmentPolicy DenyForwardingRoleAssignmentPolicy

Of course if you have multiple user sets then create different policies and assign. For example if you want some to forward and some not to create two policies. Smile

Comments
  • Thanks Greg!  Could you also add to this Policy one that disables users from adding other email accounts to their cloud account?

  • Great post Greg - you really helped me out. Thanks!

    Something additional for anyone else is looking to do this - I implemented the new RoleAssignmentPolicy as detailed above which removes the "Forward" button in OWA, but it is still possible to create rules to forward or redirect  messages  using InboxRules.  If you wanted to remove this ability as well, consider removing the following parameters from "Set-InboxRule" variable: ForwardTo,ForwardAsAttachmentTo,RedirectTo,

    i.e. run the cmd below.

    Set-ManagementRoleEntry NewMyBaseOptions\Set-InboxRule -Parameters ForwardTo,ForwardAsAttachmentTo,RedirectTo -RemoveParameter

  • GregK's info seemed to work pretty well (my test mailbox, through OWA, no longer has the section for Forwarding on the Options (all options) -> Account => Connected Accounts page...(I have not yet tested whether this restricts an Outlook client install)...

    JC's info almost worked also - it did removed (in OWA) the options in creating a rule for "ForwardTo" and "ForwardAsAttachmentTo" ....but, I can still create a rule that has an action of "Redirect" (although in PowerShell, there does not seem to be a parameter for "RedirectTo" any longer....but, it is still an option in the OWA Rule actions, and does still function......My assumption is that there is another parameter related to redirection, but I haven't figured out a way to get an actual list that is completely readable, from a PowerShell prompt (it gets truncated after displaying the first 3 parameter names...)...documentation online does not list any other redirection parameters besides "RedirectTo".

    (by the way - an overlooked  on many posts regarding O365, and PowerShell management of it.....there is a "Microsoft Online Services Module for PowerShell"....which allows some functionality for management (runs with a black-background window).....and a direct Windows PowerShell method (runs with a blue-background window)...the blue background is what is needed for this topic (allows server-side session - see help.outlook.com/.../cc952755.aspx, or search for "Office 365 Connect Windows PowerShell to the Service")).

  • I got a Microsoft 365 forum person to respond with an alternate command that removed the Redirect to that was not being removed with the other command.

    Set-ManagementRoleEntry NewMyBaseOptions\New-InboxRule -Parameters ForwardTo,ForwardAsAttachmentTo,RedirectTo –RemoveParameter

    This has allowed us to effectively remove any ability to set a rule now to forward mail on an Exchange 2013 tenet on Office 365

  • Hi Greg and Mike Mentioned Commands Worked for me Command1 $LiveCred=Get-Credential Provide O365 Admin Credentials Command2 $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection Command3 Import-PSSession $Session Command 4 Enable-OrganizationCustomization Command 5 New-ManagementRole -Parent MyBaseOptions -Name NewMyBaseOptions Command 6 Set-ManagementRoleEntry NewMyBaseOptions\New-InboxRule -Parameters ForwardTo,ForwardAsAttachmentTo,RedirectTo –RemoveParameter Command 7 New-RoleAssignmentPolicy -Name DenyForwardingRoleAssignmentPolicy -Roles NewMyBaseOptions,MyContactInformation, MyRetentionPolicies,MyMailSubscriptions,MyTextMessaging,MyVoiceMail,MyDistributionGroupMembership,MyDistributionGroups, MyProfileInformation Command 8 Set-Mailbox –Identity XXX -RoleAssignmentPolicy DenyForwardingRoleAssignmentPolicy

  • hi Greg, Thanks a lot for Nice Article. Mentioned Commands Worked for me 1.$LiveCred=Get-Credential 2.$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $LiveCred -Authentication Basic –AllowRedirection 3.Import-PSSession $Session 4.Enable-OrganizationCustomization 5.New-ManagementRole -Parent MyBaseOptions -Name NewMyBaseOptions 6.Set-ManagementRoleEntry NewMyBaseOptions\Set-Mailbox -Parameters DeliverToMailboxAndForward,ForwardingAddress,ForwardingSmtpAddress -RemoveParameter 7.New-RoleAssignmentPolicy -Name DenyForwardingRoleAssignmentPolicy -Roles NewMyBaseOptions,MyContactInformation, MyRetentionPolicies,MyMailSubscriptions,MyTextMessaging,MyVoiceMail,MyDistributionGroupMembership,MyDistributionGroups, MyProfileInformation 8.Set-Mailbox –Identity XXX -RoleAssignmentPolicy DenyForwardingRoleAssignmentPolicy

  • For Bulk disable of Forwarding from OWA, i have Created CSV with one Column named it as Alias and Put Alias name of Mailboxes and Tried mentioned Command Import-CSV "C:\DisableOWAforward.csv" | foreach{Set-Mailbox –Identity $_.Alias -RoleAssignmentPolicy DenyForwardingRoleAssignmentPolicy}

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment