Moderated Messages issues with Exchange Online (EXO) hybrid configurations


I’ve been using Exchange 2016 in a hybrid configuration for a few years now and have a few moderated groups I manage. An issue I ran into with this is that when messages come in for moderation I did not have Accept\Reject buttons coming up in Outlook or in OWA. After some research, I found that some changes were needed both in Exchange 2016 and EXO configs, all of which need to be done with PowerShell.

The issue stems from the approval messages coming in from SystemMailbox{}@.onmicrosoft.com. But the Hybrid configuration wizard only sets up a remote domain entry for .mail.onmicrosoft.com, using the New-RemoteDomain cmdlet. This cmdlet registers and SMTP name space so policies and mail-flow can be controlled for it specifically, via the Set-RemoteDomain cmdlet

You can check your current remote domain list by running: Get-RemoteDomain. This should return a Default\* entry and one for each SMTP domain you are using with EXO. By default these hybrid entries are named “Hybrid Domain – “, you should at least have one called “Hybrid Domain – .mail.onmicrosoft.com” with a DomainName of .mail.onmicrosoft.com.

To fix the issue, so you can Accept\Reject moderated messages you need to do the following on-premises

  1. Create a new remote domain entry for SMTP domain being used to send these messages
New-RemoteDomain -Name "Hybrid Domain - <your tenant>.onmicrosoft.com" -DomainName <your tenant>.onmicrosoft.com
  1. Update the setting for this new RemoteDomain entry to make it a trusted domain
Set-RemoteDomain -Name "Hybrid Domain - <your tenant>.onmicrosoft.com" -IsInternal $true -TargetDeliveryDomain $true -AllowedOOFType InternalLegacy -MeetingForwardNotificationEnabled $true -TrustedMailOutboundEnabled $true -TrustedMailInboundEnabled $true -UseSimpleDisplayName $true -TNEFEnabled $true
  • The value is the short name for DNS domain setup in Office 365 1st, in my case I used izken.onmicrosoft.com

Then you need to do the following to update Exchange Online

  1. Connect to EXO, run the below cmdlet from any PowerShell prompt:
$UserCredential= Get-Credential ; $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $UserCredential -Authentication Basic -AllowRedirection ; Import-PSSession $Session
  1. Create, if they don’t already exist, a RemoteDomain entry for every SMTP domain that may send email to EXO
  • Run Get-AcceptedDomain to check which SMTP domains are setup in EXO if needed

New-RemoteDomain -Name “Hybrid Domain – ” -DomainName

  1. Once your SMTP domains are added, you will need to set them as trusted using the following cmlet
Set-RemoteDomain -Name "Hybrid Domain - <domain name>" -IsInternal $true -TargetDeliveryDomain $true -AllowedOOFType InternalLegacy -MeetingForwardNotificationEnabled $true -TrustedMailOutboundEnabled $true -TrustedMailInboundEnabled $true -UseSimpleDisplayName $true -TNEFEnabled $true

Once the cmdlets are ran above moderated message approval should start working.

In my research, I found this blog post, that covers the same info I did above: http://seanblee.blogspot.com/2014/08/office-365-exchange-online-hybrid.html

About jasonsherry

I am a 20 year Exchange consultant and expert. I currently work for Commvault as a Solutions Specialist for Microsoft Infrastructure For more info see my resume at: http://jasonsherry.org
This entry was posted in Exchange, Microsoft, O365, Technical and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s