Ensure mail transport rules do not whitelist specific domains
Why This Matters
Mail flow rules that whitelist specific domains create a dangerous blind spot in your email security posture. These rules bypass standard malware and phishing scanning for messages originating from those domains, giving attackers a direct path to deliver malicious content to your users. Without this check, an attacker could compromise a whitelisted domain and use it as a launchpad for targeted attacks against your organization.
What Aether365 Checks
This check verifies that no Exchange Online mail transport rules are configured to whitelist specific domains by combining the SetSCL parameter value of -1 with a SenderDomainIs condition. It appears in the Aether365 dashboard under the microsoft-365 checks category as M365.2128.
How to Fix
Using the Microsoft 365 Admin Center: