Email messages are sent to restricted groups in Office 365 Dedicated/ITAR


After directory synchronization to Azure Active Directory (Azure AD) is enabled for Microsoft Office 365 Dedicated/ITAR customers, you discover that email messages from the Internet can be sent to restricted groups.


This issue occurs if the msExchRequireAuthToSendTo property is not set to True.

Note Directory synchronization to Azure AD requires the msExchRequireAuthToSendTo property be set to True in order to restrict external recipients from sending email messages to distribution groups. When Microsoft Managed Services Service Provisioning Provider (MMSSPP) is used to synchronize to Office 365 Dedicated/ITAR managed environments, a value of Null in the on-premises environment sets the msExchRequireAuthToSendTo property to True in the managed environment.


For all groups that should restrict external senders, you must explicitly set the msExchRequireAuthToSendTo property to True in their on-premises Active Directory environments. In Exchange Server, this property is called RequireSenderAuthenticationEnabled.

Article ID: 3098063 - Last Review: Sep 23, 2015 - Revision: 1