For reasons of their own, some users create Inbox rules to auto-forward their work mails to their private mail or other external domains. As an administrator thats not necessarily at desired scenario.
To prevent internal users from auto-forwaring mails to external recipients you can create a Transport Rule.
Log into the Microsoft Online Portal, and navigate to the Exchange Online Control Panel (ECP)
In the dialog "New Rule", clicking ”More Options” …
...will enable adding more conditions
After clicking ”Add Condition” twice you have a triple AND-condition
For the first condition, in the "If..." section pick ”the sender….” and then ”is external/internal”
In the ”Select Scope” dialog pick ”Inside the organisation”
For the second condition repeat the above with ”the recipient…” and then ”is external/internal” and then ”Outside the organisation”
For the third and final condition pick ”the message properties…” and then ”include the message type”
In the ”Select Message Type” dialog pick ”Auto-forward”
Finally set the Action to be taken if the above condition is met. Under the ”Do the following….” click ”Add Action”
Pick ”Block the message…” and then ”Reject the message and include an explanation”
If the conditions are met and the message is rejected, a non-delivery report (NDR) is returned to the sender. You can create customized text, which appears in the NDR, to explain why a message was rejected (e.g. Auto-forwarding from internal to external is blocked)
Optional – name the rule
Click Save to save the rule.
I followed exactly the above steps, but no success, my incoming emails are still being forwarded to my personal address.
I tried sending from external to my company email and then from internal to my company emails, in both cases it failed!
This only works for Outlook clients. Kiosk accounts can still forward to personal email accounts.
Hi Team, need help on how we can prevert users to set up email forwarding from OWA
Tim is right, "This only works for Outlook clients. Kiosk accounts can still forward to personal email accounts."
I think it is better to hide the option to forward or redirect through RBAC. After connecting to Exchange Online through PowerShell run the following: New-ManagementRole -Name "Disable-Auto-Forward" -Parent MyBaseOptionsSet-ManagementRoleEntry "Disable-Auto-Forward\Set-Mailbox" -Parameters DeliverToMailboxAndForward,ForwardingAddress,ForwardingSmtpAddress –RemoveParameterSet-ManagementRoleEntry "Disable-Auto-Forward\New-Inboxrule" -Parameters ForwardAsAttachmentTo,ForwardTo,RedirectTo –RemoveParameterSign into the EAC click on Permissions > User Roles > Click on the Plus sign to add an additional Role Assignment Policy naming it whatever you want and under MyBaseOptions you will see the Disable-Auto-Forward option that you will want to place a check mark in. Save the Role Assignment Policy. Assign the Role Assignment Policy to the user(s) desired.
In Public Folder you can say explicit forward to. Does this one have an inpact of this rule as well?
Thank you for this post. Very helpfull. I have only one question. I added a rejection reason but that reason is not send.
We are using Exchange 2013 SP1
Use a rule within a DLP policy to block auto-forwards attempted via a rule created in Office 365 OWA. The rule would use the same conditions as the transport rule.