Microsoft announced on July 10, 2026, that Exchange Online will gain a cross-tenant message recall feature, rolling out in mid-August. The new capability allows a sender in one Microsoft 365 tenant to attempt a recall of a message from the mailbox of a recipient in another tenant—provided both organizations use Exchange Online and specific conditions are met. For the first time, the familiar “recall” function extends beyond the boundaries of a single company’s email environment.
How the New Cross-Tenant Recall Will Work
Message recall in Exchange Online has always been a hit-or-miss affair. Currently, it works only within a single tenant, and even then only when both sender and recipient use Outlook for Windows, the message hasn’t been read, and it hasn’t been moved or touched by any rule. The cross-tenant recall expands that scope dramatically, but it comes with its own strict prerequisites.
According to the Microsoft 365 blog post announcing the feature, cross-tenant recall is an extension of the existing intra-tenant mechanism. When a sender realizes they’ve made an error—a misdirected confidential attachment, a reply-all that never should have happened—they can attempt a recall from Outlook on Windows (as with today’s feature). The system then checks two critical conditions: whether the message remains unread in the recipient’s mailbox, and whether the recipient’s tenant has enabled the new cross-tenant recall setting. If both are true, the recall attempt is processed and the original message is removed from the recipient’s inbox.
What makes this possible is a new trust relationship between tenants. Microsoft is leveraging the existing cross-tenant access architecture that already governs Teams external collaboration and Azure AD B2B. Administrators will find a new control in the Exchange admin center under Organization > External Access—expected to be labeled “Allow cross-tenant message recall requests.” By default, it’s likely to be off, meaning tenants must explicitly opt in to allow their users’ mailboxes to be subject to external recall attempts. Similarly, senders will only be able to recall if their own tenant’s setting permits outbound recall requests.
Microsoft’s announcement stressed that even when all prerequisites are met, recall is not guaranteed. The standard Exchange Online recall limitations still apply: the message cannot be protected by Azure Information Protection (unless the recall includes a replacement message with the same protection), it cannot be in a public folder, and the recall attempt itself can be blocked by recipient-side rules or third-party add-ins.
What This Means for Microsoft 365 Users and Admins
For everyday users
If you’ve ever sent an email to a customer, partner, or vendor and immediately regretted it, cross-tenant recall offers a safety net that simply didn’t exist before. However, it’s not an “undo” button. The recipient must not have read the message, and their organization must have opted into the feature. If they use Outlook on the web, Outlook for Mac, or mobile, the recall will fail. The best practice remains unchanged: pause before sending, double-check addresses, and use delay-delivery rules when possible.
For IT administrators
Admins face a series of decisions. The primary one is whether to allow inbound recall requests from external tenants. Enabling it could improve business relationships—nobody likes being the organization that refuses to allow a partner to fix a mistake. But it also opens a potential disruption vector: a malicious sender could attempt a recall as a form of denial-of-service, snatching back an important email moments after it arrives. While the unread requirement mitigates this somewhat, Microsoft is expected to provide detailed logging and possibly an alerting mechanism.
Admins should watch for the following configuration options when the feature becomes available:
- Inbound recall setting: On/Off, likely per tenant or per domain.
- Outbound recall setting: On/Off for your users.
- Recall logging: New entries in the message tracking log and the unified audit log, enabling investigation of recall attempts.
- End-user notifications: Both sender and recipient may get additional status messages.
Because cross-tenant recall will not work unless both ends have the feature enabled, early coordination with trusted partner organizations will be key. A pilot with a friendly tenant is strongly recommended before broad deployment.
For compliance and legal teams
Recall does not erase evidence. If a message is recalled, the original may still persist in Sent Items, in journaling or archiving systems, or in eDiscovery holds. Compliance officers should treat cross-tenant recall as a convenience feature, not a data purging tool. Organizations with strict data retention policies may want to block the feature entirely.
The Long Road to Cross-Tenant Recall
Microsoft introduced message recall in Exchange Server 5.5 decades ago, and it was notoriously unreliable—failing silently, working only with unread messages, and often simply moving the message to the trash rather than truly deleting it. Exchange Online brought slight improvements, but the tenant boundary remained an impenetrable wall. You could only recall a message sent to a colleague within the same organization.
That wall began to crack in 2024 and 2025, when Microsoft rolled out cross-tenant mailbox migration and Teams shared channels, both requiring new levels of inter-tenant trust. Cross-tenant message recall is a natural progression. Why allow users to collaborate seamlessly across organizational borders but not let them fix an email mistake that crosses that same border? The change reflects the increasingly porous nature of modern business communication, where external partners are often as tightly integrated as internal teams.
Competitive pressure also played a role. Gmail’s “undo send” feature, while fundamentally different (a timed delay rather than a post-send recall), has set user expectations. While Exchange Online isn’t adopting a delay model, extending recall beyond the tenant is Microsoft’s answer to the same basic human need: “I wish I hadn’t sent that.”
How to Prepare for the Mid-August Rollout
Don’t wait until the feature hits your tenant. Here’s what you can do today:
-
Monitor the Microsoft 365 Roadmap
Once the specific roadmap ID is published, you can track the rollout and activate early release options. Check https://www.microsoft.com/en-us/microsoft-365/roadmap regularly. -
Review your external access policies
Start a conversation with your security and legal teams: under what circumstances would you allow an external organization to recall a message from your users? Draft a policy now. -
Identify pilot partners
If your organization works closely with certain tenants, reach out to their Exchange admins to arrange a joint test once the feature reaches public preview or targeted release. -
Educate users
Many users overestimate what recall can do. Prepare a short communication explaining the new capability and its limitations. Emphasize that recall is a last resort, not a substitute for careful sending. -
Check your client configuration
Recall in Outlook on Windows requires specific settings—for example, the message must be sent from a cached Exchange mode profile, and the recipient must also be using cached mode. Ensure your Outlook clients are properly configured to maximize recall success, whether intra- or cross-tenant.
Looking Ahead
Cross-tenant recall is part of a broader push by Microsoft to blur organizational boundaries in Microsoft 365. We should expect it to eventually extend to Outlook on the web and possibly even mobile clients, though no timeline has been given. There’s also the possibility of a “recall with replacement” feature that lets you substitute a corrected message—a capability that already works within a tenant and may logically come to cross-tenant scenarios.
Longer term, Microsoft might add more granular controls, such as allowing recalls only from specific trusted domains, or requiring a reason for each recall attempt. But for now, the mid-August rollout marks a significant step toward making email a little more forgiving—and, if used wisely, a lot less dangerous.