The Incoming Email feature of SharePoint works great when all of your services are on-premises, but what do you do if you are using Exchange Online (or are looking to migrate to Exchange Online) and SharePoint on-premises? As it turns out, there’s a little bit of additional configuration, but it’s very easy to do! In this post, I will walk you through the settings you need to configure to get Incoming Email working in a hybrid environment.

If you haven’t seen this blog yet, Drew Lanclos does a great job explaining how to configure this exact scenario with Forefront Online Protection for Exchange (FOPE), however, there are a few problems:

  • FOPE has been replaced by Exchange Online Protection (EOP), and the settings have changed slightly
  • Using his method, only users from Exchange Online can email into mail-enabled lists (external parties cannot)

So, let’s walk through how to configure Incoming Email through EOP. I will assume you have:

  • Exchange Online configured with a sub-domain (i.e.
  • DNS Records in place (i.e. an MX record for
  • Firewall rules in place to allow SMTP (TCP/25) traffic from the outside in
  • Configured the basics of SharePoint Incoming Email (SMTP Server, Central Admin settings, services started, etc.)

If you haven’t, there are TechNet articles that can help you out. For example, this one.

First, you will need to setup an Outbound Connector in Exchange Online. To do this, open the Exchange Admin Center, and click on Mail Flow on the left. From there, click Connectors and add a new Outbound Connector.

Name it whatever you would like, then choose a Connector Type of On-premises. You can leave the connection security as Opportunistic TLS, however, if you have more stringent security needs, you can use an SSL certificate. For the Outbound Delivery, choose to route mail through smart hosts, and then add the hostname/IP of your SharePoint server which is running the SMTP service (note: this is the hostname/external IP that is configured to allow SMTP traffic to the SMTP Server). Finally, make sure you check the box to use criteria based routing (this is important…otherwise the connector won’t show up in the next step!). Finally, click Save.

Next, we need to configure a Mail Rule to redirect incoming messages to the external connector. To do this, flip over to the Rules tab and create a new rule.

First, make sure you click the More Options link at the bottom. This will expose more rules and actions for us to play with. You can set the conditions for the rule to be whatever you’d like. In this case, I will set it so it matches on every message sent to a particular domain (i.e. For the action, set it to redirect the message to the outbound connector we created above. It should look something like this when you’re done.

By using the outbound connector/rule method, we can ensure that any email sent to our domain is forwarded to our SharePoint server. This way we can allow external parties to email into our mail-enabled lists. If you do not want this functionality, you can add another condition to the rule where the senders domain is

Finally, in order for Exchange Online to receive an email, you must setup a user/mailbox. In this case, we don’t need to setup a mailbox (and hence don’t need to use a license). Instead, we can just create a mail user. For example, you could create a Mail User called

Now, when an email comes in for, our rule will run on the message, redirect it to our Outbound Connector, which will then send it to our SharePoint server’s SMTP Server, which will store it in the mailroot drop folder. From there, the Microsoft SharePoint Foundation Incoming E-Mail timer job will pick it up and place it into the appropriate SharePoint list.

So, there it is. Nice and easy, right? If you have any questions, feel free to leave a comment, and I’ll do my best to help you out.

Comments (Closed)