You would like to allow auto-forwarding to specific domains. Great! What if you want to allow specific users to Auto-Forward? Back in the day you could probably only allow / disable domains from auto-forwarding. However, with the ever changing landscape that is M365 you now can get more granular with the process. Now you can specify exactly what users are allowed to do this.
It is a bit of a trick. If you know a bit about Exchange Online Admin and the Security Portal, you will have no problem, especially if your users aren’t using Microsoft Flow. I can show you in two steps.
Allow Specific Domains to Auto-Forward in Exchange Online Admin
It is extremely important that you set this up correctly or the next step won’t work. Basically, you need to disable all domains (* – default domain) from auto-forwarding and then specify exceptions. When done like this, the exceptions are processed first. Go to Remote Domains in Exchange Admin:
These are the settings you need to have for the default domain:
Next, in the list of remote domains you want to allow forwarding for are set up like this:
Allow Specific Users to Auto-Forward in Exchange Online Admin
Now that you are done step one, navigate to the Microsoft Security Portal Under Email and Collaboration / Policies and Rules / Anti-Spam. Here you will see your Anti-Spam Policies:
The Anti-Spam Outbound Policy (Default) should already be there. You just need to add your own Custom Outbound Anti-Spam Policy. Below is what the Default Anti-Spam policy should look like:
Unfortunately specifying groups does not work. I have tried several ways and even reached out to Microsoft about this. They tried their best to help but, in the end, I was told it is a limitation of the software. They encouraged me to go to Microsoft’s Feedback Portal and put a request in. If it gets enough votes, it might make it into a future release.
Happy IT’ing
Dan