550 5.7.520 Access denied & 550 5.4.142 RESOLVER.FWD.LoopingTarget

Since a couple of months Office365 and Exchange Online are blocking the auto forwarding of email to external domains.

And this is the error that can be found in the message trace results:

Error: 550 5.7.520 Access denied, Your organization does not allow external forwarding. Please contact your administrator for further assistance. AS(7555)

While this is a good idea in general, sometimes you want to enable it.

Here's how:

Go to https://protection.office.com/antispam

And create a new outbound policy.

Give it a name, description, decide whether you to be notified or not and if you want to apply recipient limits with an action if the limits are exceeded.

The the following is important.
At the automatic forwarding choose "On - Forwarding is enabled".
Choosing "Automatic - System-controlled" will not let the email be sent. This is the setting for the default policy "Outbound spam filter policy ‎(always ON)‎".

Then add a condition at "Applied to".

The easiest condition is to create a mail enabled security group that holds all the user accounts that you want to grant this right.

If you add 2 conditions, such as a security group and a separate user then you will receive this error in the message trace results:

Reason: [{LED=550 5.4.142 RESOLVER.FWD.LoopingTarget; forwarding to a looping external address};{MSG=};{FQDN=};{IP=};{LRT=}]