Hello, 

I'm trying to restrict a group of users outside mail access and only allow internal mail communication within our organization. In the management console for Exchange 2007 and 2010 it was pretty straight forward creating transport rules. How ever through the Exchange Admin Center in Exchange 2013 I seem to be having more difficulty. 

I logged into EAC, from recipients, i went to the groups page and created a new security group, and then went into its properties. Under properties I click on delivery management and have "Only senders inside my organization" selected. I was under the impression this would stop email from the outside coming in, but I was incorrect because I can still send mail from my gmail or yahoo account to useres I put in this group.

Stop users from sending outside email, I haven't even attempted since conditions and actions in the transport rules seems to have changed and I can't seem to find the correct action to do what I want.

Anyone have success doing the above with outlook 2013 and EAC? I'm not opposed to doing this via powershell either if needed. 

Thank you!

Hi ,



Please use the below mentioned command to stop the distribution group from receiving the emails from internet and it doesn't prevent the mail delivery while anyone of the external user send an email to any of the individual member of that group.

Set-DistributionGroup -Identity "Distribution group name" -RequireSenderAuthenticationEnabled $true .

Then if you want to have only the selected users in your organisation to receive emails from internet you need to make use of the transport rules.

On the above transport rule i will add the recipients to the group "test error 1" to those i need to provide access to receive emails from int

Hello, thank you for the reply. Just to verify I am understanding your post correctly:

Set-DistributionGroup -Identity "Distribution group name" -RequireSenderAuthenticationEnabled $true .

This will set people in the distribution group to stop receiving emails from outside our domain, but will still allow others from within our domain to send the distribution group email?

A majority of our organization needs outside email. Only users in the NoInternetMail distribution group need to be denied outside mail access. So, can I skip the second portion of the post and just apply Set-DistributionGroup -Identity "NoInternetMail" -RequireSenderAuthenticationEnabled $true to my distribution group and people in the this group will no longer send/receive outside emails?

Hi ,

For both of your questions.

The given command is to block the email delivery from internet to that particular distribution group  and it doesn't mean that the emails from external users will not get delivered if it is been sent to the individual member of that group.

I mean if the sender from gmail , yahoo  keep the recipient as distribution group by sending the message then the message will get failed because the distribution is under restriction.

If the sender from gmail , yahoo keep the the recipient as individual user mailbox who is been as an member of restricted group on such case by sending that message will not get failed because the restriction is set only for the group and not for the individual mailbox.

In case if you wanted to restrict individual users from receiving the emails through internet then you can make use of the transport rule as i mentioned above.

So there is no way to do the following:

If user is a member of GroupA, then do not allow outside email

What you're saying to do is make everyone unable to receiving outside mail and then make a group that can. My only issue with that is it requires 2 steps instead of 1 and 90% of our users can receive outside mail, only a small group we want to remove this ability.

Hi,

According to your description, I understand that restrict a group of users outside mail access and only allow internal mail flow.
If I misunderstand your concern, please do not hesitate to let me know.

It also can be done by transport rule. Figure as below:
 
Note: please click More Option  to add additional condition.

Thanks

This is exactly what I was looking for. I had a hard time figuring out the correct logic to get this to work. I did vice versa of above to stop them from receiving email outside the organization too.

Thank you for the help!