We have our AD synced to Office 365 and I want to control who can send to a particular synced distribution group (usually done through Exchange Admin Centre, Delivery Management) which I believe is done through the AuthOrig and dlMemSubmitPerms attributes.
I can add users & groups that are from our AD but I don't know how to add an external email address (added as a contact in Exchange) or an address that is cloud only, if it's possible at all.
If it is, what is the format to use as it doesn't accept email addresses.
Thanks.
It is not feasible to add external email address directly to allow sender list of the DL. We also could confirm this via Set-DistributionGroup https://docs.microsoft.com/en-us/powershell/module/exchange/users-and-groups/set-distributiongroup?view=exchange-ps
The AcceptMessagesOnlyFrom parameter specifies who is allowed to send messages to this recipient. Messages from other senders are rejected. Valid values for this parameter are individual senders in your organization (mailboxes, mail users, and mail contacts). You can use any value that uniquely identifies the sender.
So you need to create mail contacts for the external users. For your reference: Bulk Create Exchange Contacts via PowerShell https://gallery.technet.microsoft.com/office/Bulk-Create-Exchange-d5dbb9e0
If you create the mail contact in Exchange on-premises server, it can be added to the DL which is also created in Exchange on-premises server. You could add it both in EAC or ADUC, in ADUC, please remember to select “Contacts”:
If you create it directly in Office 365, it isn’t be synced into local AD, so we cannot find it in local AD, and we cannot add it to the DL.