Enable External Email Forwarding in Microsoft 365 (Office 365)

Automatic email forwarding is a convenient feature that allows users to redirect their incoming emails to another email address automatically. In a business environment, enabling external email forwarding can be useful for productivity and collaboration.

But this feature is disabled by default. When a user sets up an automatic forwarding rule and gets triggered, they will receive a non-delivery report similar to the screenshot below.

This error is misleading because the recipient’s email provided did not reject the forwarded message. Your organization’s outbound anti-spam policy blocked the message.

Further inspection of the NDR reveals the real reason for the bounce. As you can see below, the error states: “Your organization does not allow external forwarding.”

Microsoft 365 offers a straightforward process to enable this feature, allowing users to forward emails to external addresses without hassle. On the other hand, external email forwarding can also be abused. So be mindful and consider all scenarios before allowing automatic forwarding in your tenant.

In this blog post, we will explore the steps to enable external email forwarding in Microsoft 365 and provide additional insights on tracking forwarded emails.

Requirements

This tutorial is for Microsoft 365 administrators with permission to modify and create organization-wide policies.

Option 1: Modify the Default Anti-Spam Outbound Policy in Microsoft 365 Defender (All Users)

External email forwarding is not allowed by default. The setting that controls this restriction is the default outbound anti-spam policy in Microsoft 365 Defender.

We must modify that setting to turn on automatic forwarding to enable it.

1. Sign in to the Microsoft 365 Defender Security Center using your administrative credentials.
2. Navigate to Email & collaboration → Policies & rules → Threat policies.
   
3. Under Policies, click Anti-spam.
   
4. Click Anti-spam outbound policy (Default) and Edit protection settings.
   
5. Under the Automatic forwarding rules, select “On – Forwarding is enabled” and click Save.
   

Now external forwarding is enabled for all users in your Microsoft 365 tenant.

Note. Check how to configure Organization’s Password Policy in Office 365.

Option 2: Create a New Anti-Spam Outbound Policy in Microsoft 365 Defender (Selected Users or Groups)

Instead of allowing automatic forwarding for all users, it would make sense to fine-tune it and control which users can automatically forward messages.

We can achieve this by creating a new outbound anti-spam policy in Microsoft 365 Defender.

1. Sign in to the Microsoft 365 Defender Security Center using your administrative credentials.
2. Navigate to Email & collaboration → Policies & rules → Threat policies.
   
3. Under Policies, click Anti-spam.
   
4. Click Create policy → Outbound.
   
5. Provide a descriptive name for your new Anti-Spam Outbound Policy. Choose a name that reflects the purpose or focus of the policy to identify it in the future quickly. Click Next.
   
6. Specify the users or groups you want this policy to apply. In this example, I have a group named Allow External Forwarding that I want to allow. Once you’ve specified the targets, click Next.
   
7. On the next step, set Automatic forwarding rules to “On – Forwarding is enabled” and click Next.
   
8. On the Review step, click Create to create the policy.
   
9. Finally, click Done.
   

External forwarding is now allowed for the members of the group.

Note. Learn how to configure redirect rules with the IIS URL Rewrite module.

Tracking Auto Forwarded Messages Report

If you’re wondering how to get an insight into your organization’s automatic forwarding activities, it is available in the Exchange Admin Center.

All you need is to log in to the Exchange Admin Center, navigate to Reports → Mail Flow → Auto forwarded messages report.

And you’ll see the summary of the Auto forwarded message showing the Forwarding type, Recipient domain, and Forwarding users.

Scrolling further down, you’ll see the details that you can export. The reports range is available for 7, 30, and 90 days. You can also choose a custom start date.

Conclusion

We began by understanding the purpose of external email forwarding and its benefits. By configuring this feature, you can consolidate your email accounts, manage multiple inboxes in one place, and ensure that important messages are not missed. It allows you to stay organized and maintain efficient communication across various platforms.

It’s important to note that while external email forwarding can be a helpful tool, it’s crucial to exercise caution and ensure the security of your communications. Always be mindful of potential risks, such as phishing attacks or unauthorized access to forwarded emails. Implementing strong security measures and staying vigilant are vital to protecting sensitive information.