Automatic forwarding to external domains SHALL be disabled.

Why This Matters

Automatic email forwarding to external domains can expose your organization to data exfiltration and phishing risks. Malicious actors or compromised accounts may use forwarding rules to send sensitive information outside your tenant without detection. Disabling this feature reduces the attack surface and helps maintain control over your data boundaries.

What Aether365 Checks

Aether365 verifies that the automatic forwarding of emails to external domains is disabled across your Microsoft 365 tenant. This check appears in the Aether365 dashboard under Microsoft 365 checks as CISA.MS.EXO.1.1.