Ensure inbound anti-spam policies do not contain allowed domains
Why This Matter
One of the most common attack vectors is spoofing trusted domains to bypass security filters. When you configure allowed domains in your anti-spam policies, messages from those domains skip most email authentication checks like SPF, DKIM, and DMARC, as well as spam and phishing filters. This creates a high risk that attackers can impersonate those domains and deliver malicious emails directly to user inboxes.
What Aether365 Checks
Aether365 verifies that no inbound anti-spam policies in Exchange Online have any entries configured in the allowed domains list. This check appears in your Aether365 dashboard under microsoft-365 checks with the identifier M365.2109.