Table of Contents
Hide Individual Distribution List Members to Keep Their Identity Secret
A question in the Office 365 Technical Discussions Facebook group asked whether it is possible to hide individual distribution list members. This necessity might arise when you want to use a single distribution list to communicate information and you don’t want people to know the full set of recipients. Perhaps some recipients are external advisors or maybe you want to hide the fact that information is being shared with certain people within the organization.
The simple answer is no. Exchange Online supports the hiding of complete membership, but not an individual member of a distribution list. The same applies to hidden membership for Microsoft 365 groups. One workaround is to hide the distribution list from Exchange address lists. This stops users browsing the Global Address List (GAL), Offline Address List (OAB), or All Distribution Lists address list to find the list. Even if some discovers the SMTP address of the distribution list and sends a message, they can’t see the membership.
To hide a distribution list, edit its properties using the Exchange admin center (Figure 1). Hiding the list from the GAL is shorthand for hiding it from all address lists, including the OAB.

Alternatively, you can hide membership for a distribution list with PowerShell:
Set-DistributionList -Identity "Accounting Department" -HiddenFromAddressListsEnabled $True
Using a Nested Distribution List to Hide Members
However, hiding a distribution list that people might want to use removes a lot of its value. A better workaround exists dating back to Exchange 2000 or thereabouts, which is when I think the hidden membership feature first arrived (or maybe Exchange 2003).
The idea is simple. A distribution list can include nested distribution lists in its membership list. What we do is create a distribution list with hidden membership and include it in the membership of the public list. Here are the steps:
- Create a distribution list that includes all the users that you are happy for other users to know about.
- Create a second distribution list and set it to have hidden membership.
- Add the people you want to hide to the membership list of the second list.
- Add the second list to the membership of the first list.
You end up with a situation like that shown in Figure 2. The Public People List includes a distribution list called Secret People List in its membership.

If someone clicks on the Secret People List entry, they see the properties of the distribution list but not its membership (Figure 3). The members of the nested distribution list are invisible.

PowerShell Commands to Create the Public and Secret Lists
Here are the steps to use PowerShell to create what’s shown above. First, create the public list:
New-DistributionGroup -Name 'Public People List' -Alias Public.People.DL -Description 'People who want to be in a DL and be seen' -DisplayName 'Public People List' -IgnoreNamingPolicy
Now add the members that should be visible to the distribution list:
Add-DistributionGroupMember -Identity Public.People.DL -Member Hans.Geering Add-DistributionGroupMember -Identity Public.People.DL -Member Otto.Flick Add-DistributionGroupMember -Identity Public.People.DL -Member Michelle.duBois Add-DistributionGroupMember -Identity Public.People.DL -Member James.Ryan Add-DistributionGroupMember -Identity Public.People.DL -Member Ken.Bowers
The next step is to create the secret list. In this case, the HiddenGroupMembershipEnabled property is set to $True.
New-DistributionGroup -Name 'Secret People List' -Alias Secret.People.DL -Description 'People who want to be in a DL but not be seen' -DisplayName 'Secret People List' -HiddenGroupMembershipEnabled:$True -IgnoreNamingPolicy
Add the members of the secret list:
Add-DistributionGroupMember -Identity Secret.People.DL -Member Ann.Conroy Add-DistributionGroupMember -Identity Secret.People.DL -Member Lotte.Vetler
Finally, add the secret list to the membership of the public list:
Add-DistributionGroupMember -Identity Public.People.DL -Member Secret.People.DL@office365itpros.com
To validate that the membership is as expected, run the Get-DistributionGroupMember cmdlet to check the membership of the public list:
Get-DistributionGroupMember -Identity Public.People.DL | Format-Table DisplayName, RecipientType DisplayName RecipientType ----------- ------------- James Ryan UserMailbox Ken Bowers UserMailbox Otto Flick UserMailbox Hans Geering (Project Management) UserMailbox Michelle Dubois UserMailbox Secret People List MailUniversalDistributionGroup
When users send a message to the public list, the Exchange Online transport service resolves the membership, including the nested secret list. Figure 4 shows the recipients for a message sent to the public list as viewed through OWA. The secret list is in the recipients, and we know that this copy was delivered to Ann Conroy, a member of the secret list, because her name is in the window title bar.

You can run a message trace to confirm that the Exchange transport service expanded the message recipients to include members of the list:
Get-MessageTrace -MessageId DB7PR04MB441021BCEDA43033408C417C8B7B2@DB7PR04MB4410.eurprd04.prod.outlook.com | ft received, 'recipientaddress', subject Received RecipientAddress Subject -------- ---------------- ------- 24/01/2024 22:37:16 ken.bowers@office365itpros.com Interesting Information to Read 24/01/2024 22:37:16 public.people.dl@office365itpros.com Interesting Information to Read 24/01/2024 22:37:16 hans.flick@office365itpros.com Interesting Information to Read 24/01/2024 22:37:16 secret.people.dl@office365itpros.com Interesting Information to Read 24/01/2024 22:37:16 michelle.dubois@office365itpros.com Interesting Information to Read 24/01/2024 22:37:16 lotte.vetler@office365itpros.com Interesting Information to Read 24/01/2024 22:37:16 james.ryan@office365itpros.com Interesting Information to Read 24/01/2024 22:37:16 ann.conroy@office365itpros.com Interesting Information to Read 24/01/2024 22:37:16 hans.geering@office365itpros.com Interesting Information to Read
Note that the name of the secret list does not feature in the set of recipients reported by the message trace, but the public list does. This is because the event reported by the message trace for the list is the expansion of the recipient list while the other events are deliveries.
Old Secrets Can Be the Best
Sometimes the old tricks are the best. In this instance, using a nested distribution list to cloak the identities of some recipients is a nice workaround and solves the question asked in the group.
Learn about maximizing your usage of Exchange Online and the rest of Office 365 by subscribing to the Office 365 for IT Pros eBook. Use our experience to understand what’s important and how best to protect your tenant.