There might be situations when it’s necessary to block the mail flow outside an organization for specific users or user groups. Let’s find out how you can use Exchange Online mail flow rules to prevent Office 365 users from sending emails to external recipients.
Block emails sent outside your Office 365 organization
To restrict all (or specific) users to sending only internal emails and block their emails when they’re sent to external recipients, follow the steps below:
- Log in to your Office 365 portal, then go to the Microsoft 365 admin center by clicking the Admin app.
- In the Admin centers section, click Exchange.
- Then, in the Exchange admin center, click mail flow and then rules. Using the plus icon, add a new rule.
- In the new rule window, under the Apply this rule if section, select The recipient is located > Outside the organization.
- If you don’t want the rule to apply to all users, you can add another condition that narrows down its scope. To do so, click More options at the bottom of the window, and then click the add condition button (the button shows up once you have enabled more options). You can, for example, add a selected user group so that only its members won’t be allowed to send emails outside the organization.
- In the Do the following section, select Block the message > reject the message and include an explanation.
- Provide a short explanation that says why the email is blocked. Users will get this explanation along with an NDR message after trying to send an email outside the organization. You can also choose not to notify anyone and simply delete the message (by selecting the delete the message without notifying anyone option).
- Save the changes to the rule and test whether it works as expected. Note that it may take up to 30 minutes before the changes to the rule take effect.
- That’s it. Now, if the users included in this rule try to send emails outside the Office 365 organization, these messages will be rejected, and the senders will get the notification that their email was blocked.
How to create the rule using PowerShell
Open Windows PowerShell or PowerShell ISE with administrative privileges.
Install the Exchange Online Management module if you haven’t done so already. You can install it by running this command:
Install-Module -Name ExchangeOnlineManagement
- Connect to Exchange Online PowerShell using the following command:
- Sign in with your Office 365 administrator credentials when prompted.
- Now, create the mail flow rule by running the following command:
New-TransportRule -Name "Block External Email" -SentToScope "NotInOrganization" -RejectMessageReasonText "External email sending is not allowed" -RejectMessageEnhancedStatusCode "5.7.1" -Priority 0 -SenderInRecipientListScope "InOrganization"
New-TransportRule -Name “Block External Email” -SentToScope “NotInOrganization” -RejectMessageReasonText “External email sending is not allowed” -RejectMessageEnhancedStatusCode “5.7.1” -Priority 0 -SenderInRecipientListScope “InOrganization”
- Verify that the rule has been created by running:
Get-TransportRule -Identity "Block External Email"
Once the rule is in place, emails sent to external recipients by users within your Office 365 organization will be blocked, and the sender will receive the custom rejection message you specified.
- When you’re done, you can disconnect from Exchange Online PowerShell by running: