With more than 200 million active Office 365 users in FY20Q1 (now nearing 258 million) and the corresponding urge to up the security features, Microsoft has now introduced a ‘stop auto-forwarding emails’ configuration. It helps enterprises disable Office 365’s email forwarding capabilities to external recipients by default, putting a tap on enterprise data theft which takes place through email forwarding. Office 365 has now been rebranded as Microsoft 365.
Stop Auto-Forwarding Emails
Threat actors are leveraging fear of the current pandemic situation to carry out smishing and phishing attacks. With work from home and remote access via less or unsecured endpoints, it’s easier for threat actors to compromise an organization’s security perimeter. Consider if one gets access to a user’s mailbox, they can then auto-forward the user’s confidential email(s) to an outside address and access the individual’s and/or organization’s proprietary information. To prevent this malpractice, users need to create a default mail flow rule with the following steps:
- Go to Microsoft 365 admin center, select Exchange à mail flow, and on the Rules tab, select the plus sign and choose Create a new rule.
- Select More options and enter your new rule Name.
- Then click on the drop-down for Apply this rule if, select The sender…, and then is external/ internal.
- Select the sender location as Inside the organization and click OK.
- Click on the add condition button to open a drop-down. Select The message properties… and further click on include the message type.
- On select message type drop-down, choose Auto-forward, and click OK.
- Open the Do the following… drop-down, select Block the message…, then reject the message and include an explanation.
- Specify a reason for your rejection. This message will pop-up when one tries to send emails to external entities, then select OK.
- At the bottom of the screen select Save.
Congratulations! The rule has been created and the threat actors will no longer be able to auto-forward your confidential and critical email messages to external entities. The email forwarding configuration will allow Office 365 admins to enable the feature only to select employees in their organizations.