There is a lot of discussion about auto-forwarding emails to external email addresses and a lot of companies are preventing internal users from auto-forwarding emails to external mailbox users. When it comes to preventing users from auto-forwarding emails we have a couple of options.
One of the options is to disable forwarding for all remote domains and make exclusions if needed. Disadvantage with this approach is that users are not notified that their forwarded message is dropped.
You can do it with Get-RemoteDomain | Set-RemoteDomain -AutoForwardEnabled $false
Another way is to create mail flow rule. With mail flow rules we have option to notify users that their messages are blocked and we can easily add exceptions. Problem with this is it does not block the OWA start/stop forwarding. It is a good choice when using rules to combine them with assignment policies to block OWA forwarding.
Recommended way is to create a new role assignment policy and then assign it to all users.
This script will create new managemenet role “MyBaseOptions-DisableOWAForwarding” and it will remove DeliverToMailboxAndForward, ForwardingAddress, ForwardingSmtpAddress parameters from it. If you want to choose another name for the role you will have to edit the script.
Next, it will create new role assignment policy and include all roles that Default policy has except MyBaseOptions. Script will add our custom one instead.
Script will assign policy to all user and shared mailboxes. The only thing you have to do is to choose name for the policy and provide exchange online credentials.
Login to Exchange Online Admin Center and you will see new policy
Double-click on it. My base options will be unchecked and our new role will be enabled.
No more forwarding in OWA.
You can download script here.
I hope this has been informative for you.