Moderated Messages issues with Exchange Online (EXO) hybrid configurations

I’ve been using Exchange 2016 in a hybrid configuration for a few years now and have a few moderated groups I manage. An issue I ran into with this is that when messages come in for moderation I did not have Accept\Reject buttons coming up in Outlook or in OWA. After some research, I found that some changes were needed both in Exchange 2016 and EXO configs, all of which need to be done with PowerShell.

The issue stems from the approval messages coming in from SystemMailbox{} But the Hybrid configuration wizard only sets up a remote domain entry for, using the New-RemoteDomain cmdlet. This cmdlet registers and SMTP namespace so policies and mail-flow can be controlled for it specifically, via the Set-RemoteDomain cmdlet

You can check your current remote domain list by running: Get-RemoteDomain. This should return a Default\* entry and one for each SMTP domain you are using with EXO. By default these hybrid entries are named “Hybrid Domain – “, you should at least have one called “Hybrid Domain –” with a DomainName of

To fix the issue, so you can Accept\Reject moderated messages you need to do the following on-premises

  1. Create a new remote domain entry for SMTP domain being used to send these messages
New-RemoteDomain -Name "Hybrid Domain -" -DomainName
  1. Update the setting for this new RemoteDomain entry to make it a trusted domain
Set-RemoteDomain -Name "Hybrid Domain -" -IsInternal $true -TargetDeliveryDomain $true -AllowedOOFType InternalLegacy -MeetingForwardNotificationEnabled $true -TrustedMailOutboundEnabled $true -TrustedMailInboundEnabled $true -UseSimpleDisplayName $true -TNEFEnabled $true
  • The <tenate> value is the short name for DNS domain setup in Office 365, mine is for example.

Then you need to do the following to update Exchange Online

  1. Connect to EXO, run the below cmdlet from any PowerShell prompt:
$UserCredential= Get-Credential ; $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection ; Import-PSSession $Session
  1. Create, if they don’t already exist, a RemoteDomain entry for every SMTP domain that may send email to EXO
  • Run Get-AcceptedDomain to check which SMTP domains are setup in EXO if needed
New-RemoteDomain -Name "Hybrid Domain  - " -DomainName
  1. Once your SMTP domains are added, you will need to set them as trusted using the following cmlet
Set-RemoteDomain -Name "Hybrid Domain - " -IsInternal $true -TargetDeliveryDomain $true -AllowedOOFType InternalLegacy -MeetingForwardNotificationEnabled $true -TrustedMailOutboundEnabled $true -TrustedMailInboundEnabled $true -UseSimpleDisplayName $true -TNEFEnabled $true

Once the cmdlets are run above, moderated message approval should start working.

In my research, I found this blog post, that covers the same info I did above:

About jasonsherry

I am a 20 year Exchange consultant and expert. I currently work for Commvault as a Solutions Specialist for Microsoft Infrastructure For more info see my resume at:
This entry was posted in Exchange, Microsoft, O365, Technical and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s