How to Disable Direct Send in Microsoft 365

Direct Send allows devices and applications to send emails to recipients within your Exchange Online organization without requiring authentication. To send an email using Direct Send, you will need the MX endpoint of a domain, which is generally in a format like: yourdomain-com.mail.protection.outlook.com.

This method can be used to send emails within your own tenant or to other Exchange Online tenants. It does not work with third-party external domains like Hotmail, Gmail, Yahoo, etc. As of now, Direct Send is enabled by default in every Microsoft 365 tenant. However, Microsoft is working on a way to disable Direct Send by default across all tenants to enhance email security.

In this blog post, I wil demonstrate the steps to disable direct send in Microsoft 365/Exchange online tenants using Exchange Online PowerShell commands. Let’s take a look.

Disable Direct Send in Microsoft 365

To disable Direct Send in a Microsoft 365 tenant, we will use Exchange Online PowerShell V3 module (EXO V3 module). You will need to install and import this module in order to run the necessary Exchange PowerShell commands. If you encounter any issues during the installation of the module, refer to [this post] for troubleshooting steps.

  • Open PowerShell console as administrator and execute below commands.

Install Exchange Online PowerShell V3 module

Install-Module -Name ExchangeOnlineManagement -Force

Connect to Exchange Online using Global admin or Exchange administrator account

Connect-ExchangeOnline

Verify the status of Direct Send

Get-OrganizationConfig | Select-Object Identity, RejectDirectSend
Identity                                 RejectDirectSend
-------- ----------------
73dvgy.onmicrosoft.com False

Use below PowerShell command to disable direct send in Microsoft 365 tenant

Disable Direct Send in Microsoft 365

Set-OrganizationConfig -RejectDirectSend $true

Verify the status of Direct Send

Get-OrganizationConfig | Select-Object Identity, RejectDirectSend
Identity                                 RejectDirectSend
--------                                  ----------------
73dvgy.onmicrosoft.com                          True

Test to confirm if Direct send is disabled

If you try to test and verify whether Direct Send is disabled immediately after making the change, you may notice that the change has not taken effect right away. It can take up to 30 minutes for the change to fully propagate. During my testing, the change took approximately 10 minutes to take effect.

To test and confirm whether Direct Send is working or has been successfully disabled, you can send a test email from a made-up (non-authenticated) account within your organization to a real user in the tenant. This method uses SMTP port 25, which is the standard for Direct Send. You can use below sample script/template and update it with your tenant-specific information to perform the test.

Send a Test email

$props = @{
    To         = "[email protected]"
    From       = "[email protected]"
    Subject    = "Scan Copy 01"
    Body       = "This is the Scanned Copy Attachment"
    SmtpServer = "techpress-net.mail.protection.outlook.com"
    Port       = "25"
    UseSSL     = $true
}

Send-MailMessage @props

If you are able to send an email using the command above and it is delivered successfully, then Direct Send is enabled in your organization. However, if Direct Send is blocked or disabled, you will receive the following error message:

Send-MailMessage : Mailbox unavailable. The server response was: 5.7.68 TenantInboundAttribution; Direct Send not allowed for this organization from unauthorized sources. [AM1PEPF000252E1.eurprd07.prod.outlook.com
2025-07-21T15:45:30.998Z 08DDC66DB5084A42]
At line:1 char:1
+ Send-MailMessage @props
+ ~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.Mail.SmtpClient:SmtpClient) [Send-MailMessage], Sm
tpFailedRecipientException
+ FullyQualifiedErrorId : SmtpException,Microsoft.PowerShell.Commands.SendMailMessage

Below screenshot shows the error message which is displayed on the console when trying to send an email using direct send method.

Leave a Comment