Listen to this Post
Direct Send is a method used to send emails directly to an Exchange Online customer’s hosted mailboxes from on-premises devices, applications, or third-party cloud services using the customer’s own accepted domain.
This method does not require any form of authentication because, by its nature, it mimics incoming anonymous emails from the internet, apart from the sender domain.
Direct Send is enabled by default in every Microsoft 365 tenant. That’s even if your organization doesn’t use this feature.
That’s why Microsoft released a new feature allowing you to disable Direct Send to PROTECT your organization!
Learn more in the article below:
Microsoft will enable the Reject Direct Send feature for new tenants by default in the future. However, old tenants must do this manually.
You Should Know:
How to Disable Direct Send in Microsoft 365
Step 1: Connect to Exchange Online PowerShell
First, ensure you have the Exchange Online PowerShell module installed. If not, install it using:
Install-Module -Name ExchangeOnlineManagement -Force -AllowClobber
Then, connect to Exchange Online:
Connect-ExchangeOnline -UserPrincipalName [email protected] -ShowProgress $true
Step 2: Check Current Direct Send Status
Verify if Direct Send is enabled:
Get-TransportConfig | Select-Object SmtpClientAuthenticationDisabled
- If
False, Direct Send is enabled. - If
True, it is disabled.
Step 3: Disable Direct Send
Run the following command to block Direct Send:
Set-TransportConfig -SmtpClientAuthenticationDisabled $true
Step 4: Verify Changes
Confirm the setting is applied:
Get-TransportConfig | Select-Object SmtpClientAuthenticationDisabled
Step 5: Additional Security Measures
To further secure your Exchange Online, consider:
- Enabling SPF, DKIM, and DMARC to prevent spoofing.
- Restricting mail flow rules to block suspicious senders.
3. Enabling Multi-Factor Authentication (MFA) for admin accounts.
What Undercode Say:
Securing Microsoft 365 is critical in preventing email-based attacks. Disabling Direct Send is a proactive step, but organizations should also:
- Monitor Exchange logs for unusual activities:
Get-MessageTrace -StartDate (Get-Date).AddDays(-1) -EndDate (Get-Date) | Where-Object {$_.Status -eq "Failed"} - Use PowerShell to block malicious IPs:
New-TenantAllowBlockListSpoofItems -SpoofedUser "[email protected]" -SpoofType "External" -Action Block
- Enable Advanced Threat Protection (ATP):
Set-AtpPolicyForO365 -EnableATPForSPOTeamsODB $true
- Audit mailbox rules for suspicious forwarding:
Get-Mailbox | Get-InboxRule | Where-Object { $_.ForwardTo -ne $null }
For Linux admins managing hybrid environments, use curl to check Exchange Online API health:
curl -X GET "https://outlook.office365.com/api/v1.0/me/messages" -H "Authorization: Bearer $access_token"
Expected Output:
A secure Microsoft 365 environment with reduced phishing risks, enforced authentication, and monitored mail flow.
Prediction:
As Microsoft enhances default security, more organizations will disable legacy protocols like Direct Send. Expect increased adoption of AI-driven email filtering and stricter DMARC enforcement in 2024.
References:
Reported By: Alitajran Microsoft365 – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
