Moderated Messages issues with Exchange Online (EXO) hybrid configurations

I’ve been using Exchange 2016 in a hybrid configuration for a few years now and have a few moderated groups I manage. An issue I ran into with this is that when messages come in for moderation I did not have Accept\Reject buttons coming up in Outlook or in OWA. After some research, I found that some changes were needed both in Exchange 2016 and EXO configs, all of which need to be done with PowerShell.

The issue stems from the approval messages coming in from SystemMailbox{} But the Hybrid configuration wizard only sets up a remote domain entry for, using the New-RemoteDomain cmdlet. This cmdlet registers and SMTP namespace so policies and mail-flow can be controlled for it specifically, via the Set-RemoteDomain cmdlet

You can check your current remote domain list by running: Get-RemoteDomain. This should return a Default\* entry and one for each SMTP domain you are using with EXO. By default these hybrid entries are named “Hybrid Domain – “, you should at least have one called “Hybrid Domain –” with a DomainName of

Note: The YourTenant value is your tenant’s short name setup in Office 365, mine is for example.

To fix the issue, so you can Accept\Reject moderated messages you need to do the following on-premises

  1. Create a new remote domain entry for, using the cmdlet below
New-RemoteDomain -Name "Hybrid Domain -" -DomainName
  1. Update the setting for these new RemoteDomain entry to make it a trusted domain
Set-RemoteDomain -Name "Hybrid Domain -" -IsInternal $true -TargetDeliveryDomain $true -AllowedOOFType InternalLegacy -MeetingForwardNotificationEnabled $true -TrustedMailOutboundEnabled $true -TrustedMailInboundEnabled $true -UseSimpleDisplayName $true -TNEFEnabled $true
  1. Add to Send Connector to Exchange online.
    Below my Send Connector is called “Send to EXO”, this name will vary. Run Get-SendConnector if needed to get the name.
Set-SendConnector "Send to EXO" -AddressSpaces: @{"}

Then you need to do the following to update Exchange Online:

  1. Connect to EXO, run the below cmdlet from any PowerShell prompt
$UserCredential= Get-Credential ; $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $UserCredential -Authentication Basic -AllowRedirection ; Import-PSSession $Session
  1. Create a new RemoteDomain entry for
  2. Repeat the step below for each of your domains, replacing “” with the DNS domain name for each hybrid SMTP domain.
    Note: You should have a RemoteDomain entry for each of your SMTP domains, where messages need to be routed back to on-premises.
New-RemoteDomain -Name "Hybrid Domain" -DomainName



  1. Set this new remote domain as trusted, internal, and several other settings using the following cmlet
    Repeat this for the other remote domains to, or replace “” in the -Name parameter with just “*” to update them all at once.
Set-RemoteDomain -Name "Hybrid Domain" -IsInternal $true -TargetDeliveryDomain $true -AllowedOOFType InternalLegacy -MeetingForwardNotificationEnabled $true -TrustedMailOutboundEnabled $true -TrustedMailInboundEnabled $true -UseSimpleDisplayName $true -TNEFEnabled $true

Once the cmdlets are run above, moderated message approval should start working.

In my research, I found this blog post, that covers the same info I did above:

About Jason Sherry

I am a ~30 year Exchange consultant and expert. I currently work for Commvault as a Solutions Specialist for Microsoft Infrastructure For more info see my resume at:
This entry was posted in Exchange, Microsoft, O365, Technical and tagged , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s