How to enable automatic external forwarding for all mailboxes in Microsoft365 Tenant-Wide

    Prerequisites

    • You must be a Microsoft 365 administrator with sufficient privileges to modify anti-spam / outbound policies.

    • Be aware of your organization’s security policies: enabling forwarding across all mailboxes can have security implications (data leak risk, etc.).

    • Access to Microsoft 365 Defender / Security admin center.

    Steps

    1. Log in to the Microsoft 365 Defender portal as an administrator:

      Navigate to Email & CollaborationPolicies & rulesThreat policiesAnti-spam policies

    2. Find the Anti-spam outbound policy (Default)


    3. Click Edit protection settings (or similar edit link) for that outbound policy.

    4. Scroll to the Forwarding Rules section.

    5. Locate the dropdown for Automatic Forwarding Rules and set it to “On – Forwarding is enabled.”


    6. Save the policy. 

    Aftermath / Considerations

    • The change applies to all users in the tenant, meaning any mailbox can now forward externally (if user-level forwarding settings also allow it).

    • Monitor for misconfigurations or unintended forwarding rules (may affect compliance, security).

    • If external forwarding is still blocked for some users, there might be additional policies, transport rules, or settings that override or block external forwarding. In that case contact Microsoft 365 support.

    Published