Block external forwarding in Exchange Online

External forwarding should always be disabled by default in any tenant.This feature is most often used by intruders wanting to extract certain type of confidential email from key people in the organization. One example of these malicious inbox rules could be the following: After the message arrives and…. The message includes specific words in the … Read more

Find External Email Forwarding rules in Microsoft365 Exchange Online

NOTE: This has been added as a GUI view in the new Modern Exchange Admin Center. https://admin.exchange.microsoft.com/#/reports/autoforwardedmessages I have experienced users with mailbox rules that sent out all of their important emails to an external email address. This is a common way of silently stealing important data from users. One example of these malicious inbox … Read more