Cheat Sheet for Office 365 Forwarding Rules

by Sarah Harvey / September 22nd, 2020

Protecting Your Office 365 Accounts

A key part of your organization’s information security strategy is correct configurations for Office 365, because compromising your Office 365 accounts is a gateway to much more sophisticated attacks. Many industry breach reports speculate that hacking Office 365 email accounts is the first thing an attacker wants to do, because it has the potential to give them access to so much more information. Phishing is an obvious attack method when it comes to email. In fact, in 2017, the Microsoft Office 365 security research team detected between 180-200 million phishing emails each month. These types of bulk attacks can pay off for attackers. According to Symantec, hacked email accounts in groups of 2,500 or more can be worth anywhere from $1 to $15.

Although more and more organizations are incorporating strong security measures into their strategies, it’s still crucial to actively protect Office 365 accounts. Following Office 365 best practices, receiving CISA alerts, and keeping up with new patches are three ways that you can stay up-to-date in your security measures. Microsoft has named 10 best practices for Office 365 business plans:

  1. Set up MFA
  2. Train your users
  3. Use dedicated admin accounts
  4. Raise the level of malware protection
  5. Protect against ransomware
  6. Stop auto-forwarding for email
  7. Use encryption
  8. Protect emails from phishing attacks
  9. Protect against malicious attachments and files
  10. Protect against phishing attacks using ATP Safe Links

Let’s highlight auto-forwarding – does your organization know how to check whether your Office 365 mail accounts have forwarding rules turned on and configured? This will let your team know if any emails are auto-forwarded outside of your domain – which could be a sign of a compromised account. This is a default alert in Office 365 – but do you how to you verify it?

Download this guide to learn how to correctly configure your forwarding rules.

How to Verify Office 365 Forwarding Rules
1. Login to Microsoft Admin Center
2. Navigate to Office 365 Security and Compliance
3. Alerts > Alert Policies
4. Verify that rule “Creation of forwarding/mail redirect rule” is turned on and set to notify the
appropriate parties

How to Block Auto Forwarding with Exchange Mail Flow Rules
1. Log in to Exchange Admin Center
2. Navigate to Mail Flow
3. Create new rule, “Disable auto forward outside domain”

• Apply this rule if > the sender is located > inside the organization
• And
• The recipient is located > outside the organization
• And
• The message type is > Auto Forward
• Do the following
• Reject the message with the explanation > auto forward outside the
organization is not allowed

4. Save

For more information about how KirkpatrickPrice can assist you in meeting your compliance objectives, contact us today.