Forwarding to External Email Addresses Fails in Microsoft 365 Exchange

Support » Email Support » Exchange » Forwarding to External Email Addresses Fails in Microsoft 365 Exchange

By default, Microsoft’s security policies prevent forwarding to email addresses outside of organizations. This can be helpful from a security perspective however you can disable this feature on a per-user or an organization-wide basis if you need to allow forwarding to other email recipients outside of your Microsoft 365 domain such as Gmail addresses.

Symptoms of this can policy's behavior can include:

Undeliverable email with the message: Delivery has failed to these recipients or groups: Your message wasn't delivered because the recipient's email provider rejected it.

Undeliverable email with the message: Remote Server returned '550 5.7.520 Access denied, Your organization does not allow external forwarding. Please contact your administrator for further assistance. AS(7555)'

Inability to send an email and have it automatically forwarded despite setting a forwarding email address

To allow email forwarding in Microsoft 365, you can have your 365 administrator or any global administrator in your tenant account follow these steps:


Click on the “Show all” in the left column to expand your Admin centers


Click on the “Security” center in the sidebar


When Microsoft 365 Defender opens, click on the “Polices & rules” link in the sidebar


Click on the “Threat Policies” link


Click on the “Anti-spam” link under the “Policies” section


Now click on the “Anti-spam outbound policy (Default)” link and when the card opens, click on the “Edit protection settings” link.


Under “Forwarding rules” change “Automatic forwarding rules” to “On – Forwarding is enabled” and click the “Save” button.


If you don’t see any further prompts then you’re done!

The "Your organization settings need to be updated" Error

If you should see an error such as: “Your organization settings need to be updated. Do you want to continue?”  that pops up while trying to save your changes then click the “Yes” button.

Microsoft 365 may then return this error: “Client Error: The command you tried to run isn't currently allowed in your organization. To run this command, you first need to run the command: Enable-OrganizationCustomization.”

Clicking on “OK” may result in the error: “Sorry! We couldn't update your organization settings. Please try again.” You can safely click “OK” and then Cancel.

You’ll need for the organization customization settings to propagate in 365 before attempting the steps 1-9 above again. For something so simple, this can take anywhere between an hour to a day for reasons only known to Microsoft. You can try the steps 1-9 above again and once the tenant is updated you shouldn’t seen an error but if you do, try again later (you may need to wait up to a day).