Microsoft 365 Forwarding Mail to External Domains

The default behavior for Microsoft 365 is to allow users to forward mail to internal recipients only.  The setting “Automatic forwarding” controls this.

Security > Policies & rules > Threat Policies > Anti-spam policies > Anti-spam outbound policy (Default)

The problem, however, is the Outlook Web Interface will still allow you to enter an external e-mail forwarding address.

 

And the result is a bounce which is very confusing to the user.

If you want to allow users to forward e-mail to external addresses, you need to change the Anti-spam outbound policy for Automatic Forwarding to “On – Forwarding is enabled”.  This is not a good idea.

If you must forward mail to an external e-mail address, it’s much better handled by a Mail Flow Transport Rule in Exchange Admin Center.  Here, you can redirect mail to an external address while retaining the default Anti-spam outbound policy for Automatic Forwarding “Automatic – System-controlled”.  A Transport rule also supersedes forwarding set by the user in the Outlook.

The question remains: Why doesn’t Microsoft provide an error message when a user attempts to configure forwarding to an external address when it is not allowed by policy?