<p>As we started migrating users to O365 Exchange we have run into a problem for one user. When we tried to send this user an e-mail outside of O365 tenant we receive the following error message:</p>
<p><strong>550 5.4.1 Recipient address rejected: Access denied [VE1EUR02FT035.eop-EUR02.prod.protection.outlook.com]</strong></p>
<p><img class="alignnone size-full wp-image-3558" src="https://www.wincert.net/wp-content/uploads/2020/02/email-3249062_640.png" alt="" width="640" height="358" /></p>
<p>From the error message, we could see that the e-mail address rejected was actually the master UPN address with <strong>*.onmicrosoft.com </strong>domain. Once I have checked this user&#8217;s account I could see that he was missing the email alias <strong>*.onmicrosoft.com</strong> where * is replaced with our tenant name. And that was the reason why external e-mail messages were rejected. The external mail servers could not find this user with <strong>*.onmicrosoft.com UPN</strong>.</p>
<p>To fix this we had to add the <strong>*.onmicrosoft.com</strong> alias for this user account.</p>
<h4>How to add an alias to the O365 email account</h4>
<p>Navigate to O365 admin portal at <a href="https://admin.microsoft.com/AdminPortal" target="_blank" rel="noopener noreferrer">https://admin.microsoft.com/AdminPortal</a><br />
Click on <strong>Users</strong> and then <strong>Active users</strong><br />
Search for the user and click on his display name to open Properties<br />
Under <strong>Account tab</strong> look for <strong>Aliases</strong> and click on <strong>Manage email aliases link.<br />
</strong>Once an alias has been added your problem should be solved.</p>
<p>On the other hand, if you are using <strong>on-premises organization synchronization with O365 Azure services</strong> you might receive the following error message when trying to add email alias.</p>
<p><strong>The operation on mailbox <;username>; failed because it&#8217;s out of the current user&#8217;s write scope. The action &#8220;Set-Mailbox&#8217;, ?EmailAddresses&#8217;, can&#8217;t be performed on the object <;username>; because the object is being synchronized from your on-premises organization. This action should be performed on the object in your on-premises organization.</strong></p>
<p><img class="alignnone wp-image-3552 size-full" src="https://www.wincert.net/wp-content/uploads/2020/02/manage-aliases-o365.png" alt="550 5.4.1 Recipient address rejected" width="578" height="175" /></p>
<p>Considering that email alias cannot be added using on-premise Active Directory services we can add it by using <strong>Exchange Online Powershell module</strong>.</p>
<p>To add email alias using <strong>Exchange Online Powershell module</strong> here&#8217;s what you need to do:</p>
<p>Run <strong>Powershell in elevated mode</strong> (run as administrator)<br />
Type <strong>Set-ExecutionPolicy RemoteSigned</strong> and hit enter<br />
Type <strong>Install-Module -Name ExchangeOnlineManagement</strong> and hit enter to install Exchange Online Management module<br />
Select <strong>[A] Yes to All to All</strong> to allow installation of this module from <strong>PSGallery</strong>.<br />
Type <strong>$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection</strong> to connect to Exchange Online Management<br />
Enter your <strong>O365 credentials</strong> in the following prompt</p>
<p><img class="alignnone wp-image-3553 size-full" src="https://www.wincert.net/wp-content/uploads/2020/02/azure-credentials-prompt.jpg" alt="550 5.4.1 Recipient address rejected" width="322" height="261" /></p>
<p>Please note that if you are using <strong>2FA authentication</strong> you won&#8217;t be able to authenticate and might receive the access denied error message:<br />
<strong>Connecting to remote server outlook.office365.com failed with the following error message : Access is denied. For more information, see</strong><br />
<strong>the about_Remote_Troubleshooting Help topic.</strong></p>
<p>To be able to login to the Exchange Online Management module when using <strong>2FA authentication</strong> we have to install the <strong>Exchange Online Management Powershell V2</strong> <strong>module</strong>.</p>
<p>Type <strong>Install-Module PowerShellGet -Force</strong> and hit enter<br />
Type <strong>Set-ExecutionPolicy Unrestricted</strong> and hit enter. Now <strong>restart</strong> Powershell to continue.</p>
<p>To connect to Exchange Online Management services type:<br />
<strong>Connect-ExchangeOnline -UserPrincipalName <;UPN>;</strong><br />
Replace <strong><;UPN>;</strong> with your <strong>UPN</strong>.</p>
<p>Now you will get a new type of credentials prompt where you&#8217;ll be able to use 2FA.</p>
<p><img class="alignnone size-full wp-image-3556" src="https://www.wincert.net/wp-content/uploads/2020/02/code.jpg" alt="" width="507" height="222" /></p>
<p>After you have logged in, type the following commands to add an alias for the user:<br />
<strong>Set-Mailbox -Identity <;UPN>; -WindowsEmailAddress <span style="color: #ff0000;"><;UPN>;</span></strong><br />
<strong>Set-Mailbox -Identity <;UPN>; -WindowsEmailAddress <;UPN>;</strong></p>
<p><span style="color: #ff0000;"><;UPN>;</span> marked in <span style="color: #ff0000;">RED</span> has to be replaced <strong>with email alias address</strong>.</p>
<p>After you have added a new alias, please wait for <strong>Azure AD Connect</strong> sync to finish before testing the e-mail again.</p>
<p>More info can be found here:<br />
<a href="https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/exchange-online-powershell-v2/exchange-online-powershell-v2?view=exchange-ps" target="_blank" rel="noopener noreferrer">https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/exchange-online-powershell-v2/exchange-online-powershell-v2?view=exchange-ps</a><br />
<a href="https://www.powershellgallery.com/packages/ExchangeOnlineManagement/0.3555.1" target="_blank" rel="noopener noreferrer">https://www.powershellgallery.com/packages/ExchangeOnlineManagement/0.3555.1</a></p>
<p>If you&#8217;ll need help regarding this topic please post your comment below.</p>