Restrict External Senders To Mail Office 365 Group

Microsoft 365 Group is a central place for Microsoft 365, by which we can manage and share the services between the collection of users. The resources, which are associated with Microsoft 365 group are Outlook Calendar, Outlook Conversations, OneNote notebook, SharePoint team site, SharePoint Folders, Planner Plans, Intune device Management. The resources can be shared between internal users and external users. 

By default, external users won't be able to send the mails to Microsoft 365 group. The group setting "Allow external senders to email this group" which helps to decide whether external users can send mail to the group or not.

In this post, I would like to show you how to restrict external users from sending emails to the Microsoft 365 group.

Admin UI

  • Navigate to Microsoft 365 Admin Center
  • Expand Teams & groups menu from the left navigation
  • Select Active teams & groups
  • Choose or click the group name to open
  • From the opened right side panel, click the Settings tab
  • In the General Settings section, uncheck Allow external senders to email this group
  • Click Save button

.

Microsoft Graph API

We can also use the Microsoft Graph API to do the same action. Use the below options in Microsoft Graph Explorer to block the same option.

Microsoft Graph API EndPoint

PATCH https://graph.microsoft.com/v1.0/groups/<group id>

Consent Permission

Delegated Permission: Group.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All

Application Permission: Group.ReadWrite.All, Directory.ReadWrite.All

The below request headers should be sent along with the request to update the settings,

Request Header

Content-Type: application/json

Request Body

{
    "allowExternalSenders": false
}

In Microsoft Graph Explorer, click Run Query to send the request and update the settings for the Microsoft 365 Group.

Output

Now the external senders or users won't be able to send the emails to the Group mail id The below response will be returned after submitting the request.

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups/$entity",
    "id": "6e4axxxx-xxxx-xxxx-xxxx-xxxxxxxx51eb",
    "AccessType": "Public",
    "allowExternalSenders": false,
    "autoSubscribeNewMembers": false,
    "description": "GraphTeam Description",
    "displayName": "Graph Team",
    "EmailAddress": "graphteam@contoso.onmicrosoft.com",
    "isSubscribedByMail": false
}