Ensure all forms of mail forwarding are blocked and/or disabled
Why This Matters
Automatic email forwarding can be exploited by attackers to exfiltrate sensitive data from your tenant after compromising an end-user account. Malicious insiders may also use forwarding rules as a secondary channel to leak information. Without blocking all forms of mail forwarding, your organization remains at risk of data loss through Outlook inbox rules, OWA settings, Power Automate flows, or admin-configured forwarding.
What Aether365 Checks
This check verifies that a mail flow transport rule and an anti-spam outbound policy are configured to block all forms of automatic email forwarding in Exchange Online. It appears in the Aether365 dashboard under the Microsoft 365 category.