Microsoft 365 Preventing Distribution Group from Receiving Outside Emails

After getting too many spam emails sent to the distribution group, it’s time to tighten things a bit and restrict these groups from getting emails from outside parties.

For regular Microsoft 365 groups, you can simply go to the Exchange Dashboard, open the group, switch to the Settings tab, and uncheck the option “Allow external senders to email this group“.

To make these changes in PowerShell,

Set-UnifiedGroup -Identify $group -RequireSenderAuthenticationEnabled $true

That won’t work if these groups are synced from an on-premise Active Directory. In that case, you will need to set the msExchRequireAuthToSendTo attribute to True in AD’s group properties.

And if you have many to update, the following PowerShell script can lend a hand.

$groups = Get-ADGroup -Filter * -SearchBase "OU=Groups,DC=TestDomain,DC=Local"
$newvalue = $true

ForEach ($group in $groups){
    $groupinfo = [ADSI]"LDAP://$($user.DistinguishedName)"
    $groupinfo.put('msExchRequireAuthToSendTo', $newvalue)
    $ + ' ' + $groupinfo.msExchRequireAuthToSendTo

Leave a Reply

Your email address will not be published. Required fields are marked *