Skip to main content

Ensure all forms of mail forwarding are blocked and/or disabled

Remediation Considerations

MaxScoreImplementationCostUserImpact
5UnknownUnknown

Remediation Impact

Care should be taken before implementation to ensure there is no business need for case-by-case auto-forwarding. Disabling auto-forwarding to remote domains will affect all users and in an organization. Any exclusions should be implemented based on organizational policy.

Remediation

NOTE: In this control, remediation is carried out in two stages - Step 1 is manual and will not be monitored automatically by secure score, whereas Step 2 is monitored automatically:

STEP 1: Transport rules

**To alter the mail transport rules so they do not forward email to external domains, ** use the Microsoft 365 Admin Center:

  1. Select Exchange to open the Exchange admin center.

  2. Select Mail Flow then Rules.

  3. For each rule that redirects email to external domains, select the rule and click the 'Delete' icon.

**To perform remediation you may also use the Exchange Online PowerShell **
Module:

  1. Connect to Exchange Online user Connect-ExchangeOnline.
  2. Run the following PowerShell command:

*Remove-TransportRule * 3. To verify this worked you may re-run the audit command as follows:

Get-TransportRule | Where-Object | ft
Name,RedirectMessageTo

STEP 2: Anti-spam outbound policy

Configure an anti-spam outbound policy:

  1. Navigate to Microsoft 365 Defender https://security.microsoft.com/
  2. Expand E-mail & collaboration then select Policies & rules.
  3. Select Threat policies > Anti-spam.
  4. Select Anti-spam outbound policy (default)
  5. Click Edit protection settings
  6. Set Automatic forwarding rules dropdown to Off - Forwarding is disabled and click Save
  7. Repeat steps 4-6 for any additional higher priority, custom policies.