Prevent users from Autoforwarding Emails in Office 365 - Exchange Online


Data Security in the cloud (okay, not just in cloud) is of utmost importance to any sort of business out there, irrespective of its nature or size. One common mean of company information leakage used by its own employees is automatic email forwarding to their personal email addresses.

If you as an administrator, are concerned that your users might be forwarding business critical  information they receive in emails to their personal emails, you can STOP them. In Exchange Online, you can disable the features so that no user can start automatic forward of emails.

It requires you to use PowerShell because Office 365 does not has the options to set it from Admin Dashboard (Portal).IF this is the first time you are using powershell, go configure your computer to make it work.

You can run this powershell command set from your own computer. To run this powershell, the computer must have (one time download):

2.       Windows Azure Active Directory Module for Windows PowerShell (64-bit version). | find 32 bit version if your pc is x86 (or 32 bit) based

After downloading the required tools mentioned above, you should be able to create a remote powershell session with Exchange Online:

Finally, here is what you need to run on the console to create the NoForwarding policy. Copy below commands and run across. 


New-ManagementRole -Parent MyBaseOptions -Name NoForwarding

Set-ManagementRoleEntry NoForwarding\Set-Mailbox -Parameters DeliverToMailboxAndForward,ForwardingAddress,ForwardingSmtpAddress -RemoveParameter

New-RoleAssignmentPolicy -Name DenyForwardingRoleAssignmentPolicy -Roles NoForwarding,MyContactInformation,MyRetentionPolicies,MyMailSubscriptions,MyTextMessaging,MyVoiceMail,MyDistributionGroupMembership,MyDistributionGroups, MyProfileInformation

At this time, your new policy is created and ready to be applied to users. To set this new Policy on Multiple Mailboxes (listed in the disableForwardingMembers.csv file), run:

Import-CSV "D:\DisableForwardingMembers.csv" | foreach{Set-Mailbox –Identity $_.Alias -RoleAssignmentPolicy DenyForwardingRoleAssignmentPolicy}

Bingo, now your users would not see the very option to set the automatic forwarding. Great nah?


I welcome you to write your comments here..