Welcome to our new blog post about How to disable Direct Send in Microsoft 365. Managing email flow securely and efficiently is a top priority for IT administrators using Microsoft 365. One common method used by devices and applications to send email is called Direct Send. While it’s simple to set up, it can pose security and compliance risks if left unchecked. In this post, we’ll explain what Direct Send is, why you might want to disable it, and how to do so effectively in your Microsoft 365 environment.
Table of Contents
What is Direct Send?
Direct Send is a method used by on-premises devices or applications—such as printers, scanners, or custom business apps—to send emails through Microsoft 365 without using a mailbox or authenticating. Instead of signing in with credentials, these devices connect to Microsoft 365 using your domain’s MX endpoint (e.g., yourdomain.mail.protection.outlook.com) and send emails directly to internal recipients. While this method allows for easy setup and avoids SMTP authentication requirements, it only works for sending emails to recipients within your own domain and does not support sending to external addresses.
Why Disable Direct Send?
Disabling Direct Send is often a smart move for organizations focused on tightening email security. Because it doesn’t require authentication, it opens the door to potential abuse, such as spoofing internal addresses or unauthorized devices sending mail through your domain. Additionally, messages sent via Direct Send are harder to track and audit, which can be a problem for compliance-focused environments. By disabling this method, you can ensure that only authenticated and approved systems are allowed to send mail, greatly reducing the risk of misuse or data leakage.
How to disable Direct Send in Microsoft 365
Step 1: Install and Import Exchange Online Module
First we will connect to the Exchange Online PowerShell module. If you are experience problems, make sure you use PowerShell 7.
First we will install the Exchange Online PowerShell module.
- Open PowerShell as an administrator
Run the following command to Install the Module. Accept with Yes to All.
Install-Module ExchangeOnlineManagement
Next we will Import the Module.
Import-Module ExchangeOnlineManagement
Step 2: Connect to Exchange Online PowerShell
Now we will connect to the ExchangeOnlineManagement module. Make sure you have you Microsoft 365 administrator ready. We will need this to authenticate.
Connect-ExchangeOnline -Device
You will now need to open the website shown. There you will need to enter the shown code to the field.
- Open a Browser
- Go to https://microsoft.com/devicelogin
- Enter the code which is shown in the PowerShell command
- Login with your administrator and allow the Rest API
After you have logged in with your administrator, you will see in your PowerShell command that the login was successfully.
It should look something like this. You can go ahead to step 3.
Step 3: Verify Direct Send status in Microsoft 365
Verify the direct send status in your Microsoft 365 tenant.
Get-OrganizationConfig | Select-Object Identity, RejectDirectSend
Step 4: Block Direct Send in Microsoft 365
To block the Direct Send feature, use the command below.
Set-OrganizationConfig -RejectDirectSend $true
Step 5: Allow Direct Send in Microsoft 365
To allow the Direct Send feature, use the command below.
Set-OrganizationConfig -RejectDirectSend $false
Conclusion
In this blog post we Learn about How to disable Direct Send in Microsoft 365. In the first step, we installed the Exchange Online Management PowerShell Module and connected to our tenant. We then verified the direct send status. Last we showed you, how you can block or allow direct send in Microsoft 365. We hope this guide has provided you with valuable insights to improve your device management strategy. Did you enjoy this article? Dont forget to follow us and share this article. If you have any questions or need further assistance, feel free to reach out or leave a comment below.
