Create a Distribution List and Configure Shared Mailbox Forwarding

A common Exchange Online pattern is to route inbound mail from a public-facing address (e.g. info@company.com) to a small team rather than a single person. The clean way to do this is:

1. Create a mail-enabled distribution list (DL) that contains the recipients.
2. Ensure any non-tenant members exist as Mail Contacts (DLs cannot contain raw external addresses — they need directory objects).
3. Configure the DL to accept mail from external senders.
4. Set mailbox forwarding on the shared mailbox so every message (including those delivered to its SMTP aliases, such as dex@company.com) is redirected to the DL.

Run this recipe when you are standing up a new shared inbox, reorganising who owns an existing one, or consolidating multiple aliases behind a single team-routing address.

Important platform note: Microsoft Graph cannot create classic distribution lists, cannot create Exchange mail contacts, and in most tenants cannot modify a mailbox's forwarding SMTP address. These are Exchange Online objects owned by the Exchange service. The authoritative tooling is Exchange Online PowerShell or the Exchange Admin Center. Graph is only useful here for preflight lookups (confirming users, aliases, and existing groups).

After completing this recipe you will have:

• A mail-enabled distribution list {dl_address} visible in the Exchange Admin Center and GAL.
• All required members (internal users and/or external mail contacts) added to the DL.
• The DL configured to accept mail from senders outside the organization.
• The source shared mailbox {source_mailbox} forwarding all inbound mail to the DL, with or without keeping a local copy.
• Verified that mail sent to any SMTP alias of the shared mailbox (e.g. {alias_address}) also flows to DL members, because aliases are accepted addresses on the same mailbox and follow the same forwarding rule.

Warnings and gotchas

• Graph API limitation: POST /v1.0/groups with mailEnabled:true and securityEnabled:false returns Request_BadRequest — Graph does not author distribution lists. Do not loop on this; switch to Exchange Online PowerShell.
• External members must be Mail Contacts. A distribution list cannot store a bare external SMTP address; you must first create a MailContact with New-MailContact, then add it with Add-DistributionGroupMember.
• Anti-auto-forwarding policy: Many tenants have an outbound anti-spam policy that blocks auto-forwarding to external recipients. If the DL contains external contacts and the shared mailbox forwards to it, recipients may silently stop getting mail. Review Anti-spam outbound policy → Automatic forwarding rules before going live.
• External senders to the DL: Setting RequireSenderAuthenticationEnabled $false allows anyone on the internet to mail the list. This is usually desired for info@-style addresses but increases spam exposure — keep the DL protected by your normal inbound mail hygiene.
• Keep a copy? Decide whether the shared mailbox should also retain a local copy (DeliverToMailboxAndForward $true) for auditing/compliance, or forward only ($false). Forwarding-only means no archive in the source mailbox.
• Graph mailbox forwarding is restricted. Even with MailboxSettings.ReadWrite, setting ForwardingSmtpAddress via Graph is blocked in most tenants for anti-exfiltration reasons. Use Set-Mailbox in Exchange Online PowerShell.
• Licensing: The source shared mailbox under 50 GB does not require a license, but must not be converted to a regular mailbox during this work.