Contact folders SHALL NOT be shared with all domains.

Why This Matters

Allowing contact folders to be shared with all domains exposes your organization's internal contact data to external parties. This can lead to information disclosure, social engineering attacks, and unauthorized access to business relationships. Administrators should restrict contact folder sharing to trusted domains only to maintain control over sensitive directory information.

What Aether365 Checks

This security check verifies that contact folders in Exchange Online are not configured with sharing permissions set to "All Domains." In the Aether365 dashboard, this appears under microsoft-365 checks as CISA.MS.EXO.6.1.