Our Central IT is Pushing Back on "Foward All" with Attach

Derek Jones · ‎05-14-2025

I believe that I'm posting this in vain, but here goes.

Recently, our instance's "help this address for help" system account was moved from the old on-prem mail servers to our Microsoft 365 tenant. When the account was on-prem, there was a rule that forwarded all emails to <our instance>@service-now., and life was fine. However, after the migration, the emails with attachments started being blocked, so there are no vendor-generated quotes for procurements, no schedule reports as XLSXs or PDFs, and so on, now reaching our users. Our central networking group, which owns the Microsoft tenant, returned with the general "forwarding with attachments is not best practice so it's blocked" response when we reported the issue.

So far as I know, forwarding is just how it's done, but to be honest, this type of configuration isn't the type that I've had to change much over the years, so maybe I'm missing something, or there's been a new approach since what I remember from configuring this on the likes of Fuji or Helsinki.

Has anyone done anything different, maybe specific to Microsoft 365/Azure?

Mark Manders · ‎05-15-2025

This really is an IT problem (people/person problem?) because it doesn't make sense that attachments are being blocked 'because it's a forward'.

It also doesn't really feel right. You have an email address in front of your instance because of company requirements (otherwise you would have used the <company>@service-now.com address. It's your IT system that forwards the emails, that's the rule your company (read: IT department) created.

You could check if the rule can be changed from 'forward' to 'redirect'. It sounds to me as someone being unable to think in solutions.

Maybe email the IT manager why he thinks it's a good idea to miss millions of revenue because of his team blocking functionality that is standard everywhere and not providing a solution. Be sure to add your CEO, CFO, COO and anyone else with a 'C' in their job title in CC. (that's why they call it CC, right? 😉 )

Please mark any helpful or correct solutions as such. That helps others find their solutions.
Mark

Vishal Jaswal · ‎05-15-2025

Hello @Derek Jones

1. Work with IT to list all such domains which are sending these e-mail and have forwarding exceptions to only those. If not all at least to get the work going have the highest priority ones as exceptions

2. If possible, have such e-mail directly go to ServiceNow mailbox instead of a forward and have inbound e-mail actions within ServiceNow to handle such e-mail (if possible).

3. AWS Lambda functions and Power Automate are some solutions too.

Hope that helps!

James Peno · ‎05-15-2025

I recommend setting up an IMAP email account via OAuth 2.0 in ServiceNow. This will read the email directly from the mailbox. I found this on the ServiceNow Documentation site: Advanced Email Setup. This YouTube video shows POP 3 being configured but it is similar steps. OAuth will require a few more steps: Enable OAuth 2.0 for email

You may have to work with your central networking group to allow the "help this address for help" system account to be setup this way.

Another option is to use the Microsoft Graph API which I do not have experience with.

Derek Jones · ‎05-15-2025

Okay, this is new to me. I'll take a look at setting this up in our dev instance and see. Thanks and I'll accept it as a solution when I can confirm.

Thanks a lot for all the links too!