After getting too many spam emails sent to the distribution group, it’s time to tighten things a bit and restrict these groups from getting emails from outside parties.
For regular Microsoft 365 groups, you can simply go to the Exchange Dashboard, open the group, switch to the Settings tab, and uncheck the option “Allow external senders to email this group“.
To make these changes in PowerShell,
Set-UnifiedGroup -Identify $group -RequireSenderAuthenticationEnabled $true
That won’t work if these groups are synced from an on-premise Active Directory. In that case, you will need to set the msExchRequireAuthToSendTo attribute to True in AD’s group properties.
And if you have many to update, the following PowerShell script can lend a hand.
$groups = Get-ADGroup -Filter * -SearchBase "OU=Groups,DC=TestDomain,DC=Local"
$newvalue = $true
ForEach ($group in $groups){
$groupinfo = [ADSI]"LDAP://$($user.DistinguishedName)"
$groupinfo.put('msExchRequireAuthToSendTo', $newvalue)
$groupinfo.setinfo()
$group.name + ' ' + $groupinfo.msExchRequireAuthToSendTo
}