Introducing cross-tenant message recall in Exchange Online

🚨 The Signal: Exchange Online now allows cross-tenant message recall, enabling external M365 tenants to recall messages sent to your users. This feature is disabled by default and requires explicit allow-listing of trusted external tenant IDs by administrators.

The Impact

Exchange Online administrators are affected, facing a new data governance risk if cross-tenant message recall is misconfigured, potentially allowing unauthorized message deletion.

  • Exchange Online Admins: Must securely configure allow-lists to prevent unauthorized message recall by external parties.
  • Security Teams: Need to assess the risk of external entities deleting internal data and ensure policy alignment.
  • Data Owners: Risk of data loss or alteration if external tenants are granted recall permissions without proper vetting.

The Action

  1. Review existing data retention and information governance policies for external collaboration.
  2. Assess the necessity and risk of enabling cross-tenant message recall with specific external partners.
  3. If enabling, use Exchange Online PowerShell to add only explicitly trusted external tenant IDs to the allow-list.
  4. Regularly audit the configured cross-tenant message recall allow-list for unauthorized entries.

Domain: Exchange · Impact: high · Workload: Exchange Online · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898