Exchange Online

Office 365 ATP External email forwarding

I have been discussing with several customers on the upcoming change to block auto forwarding in Exchange Online. The announcement from Microsoft is for Roadmap ID 63831 and goes into effect September 1st 2020.

There is no impact on external forwarding in this update, however automatic forwarding will be disabled based on the policy in a future update currently planned for September 1, 2020 and we will communicate via Message center. Once the policy takes effect messages that are being automatically forwarded outside the organization will be blocked and non-delivery report (NDR) will be sent to the user.

If like many of my customers you have a legitimate reason to forward to external addresses you need to login to and change the “Outbound spam filter policy (always ON)”

The setting you are looking for is under Automatic forwarding and you should set this to “On – Forwarding is enabled”

Now if you want to be more secure you can create a new Outbound policy and scope this to just the mailboxes that need forwarding enabled.


ADConnect Filtering Settings

I was working with a customer that asked if there was a way to export from ADConnect the OU filtering settings. From PowerShell on the server where ADConnect is installed I was able to run the following:

You will need to change the name of the AD domain on the 4th line and the exported text files will be saved to the C:\Export folder.

Office 365

Update 365 License from F1 to E3

Here is a script that can be used if you need to bulk change a license subscription from an F1 to E3 for a list of 365 user. In this script the requirement is to remove the license for Office 365 F1 and also Exchange Online (Plan 2) and adds a license for Office 365 Enterprise E3. The second requirement was to turn on E3 but only enable it for some of the services. 

To review which services are included with the E3 license subscription I ran the following:

In the script below I only enable the services for To-Do (Plan 2), Azure Rights Management, Office 365 ProPlus, Skype for Business Online (Plan 2), Office Online, SharePoint Online (Plan 2) and Exchange Online (Plan 2). As you can see the remaining services were all added to the $DisabledPlans variable. You should be able to change this as necessary to meet your needs.

This script is my version of the TechNet one that changes E1 to E3 licenses.