Disable automatic forwarding through Defender for Office 365

After this new feature came out I thought it was time to review on the new functionality and how to enable this feature.

Automatic forwarding is a very basic way for hackers to capture email traffic from compromised users.
Because a compromised account (certainly through password guessing) is not always blocked directly, email traffic for this account is very easy to capture.

Microsoft saw this kind of behavior and thought it was time to give administrators the option to prevent this kind of “email stealing”.

Today we are going to take a look at disabling automatic forwarding through Defender for Office 365.

To enable this feature we will need a license subscription which contains at least Defender for Office 365 Plan 1.
More details about licensing can be found here:


Enabling the feature

To enable the feature we go into the protection.office.com portal, then go to Threat Management and select Policy.

Here we will find the Anti-spam tile.

By clicking on this tile we will go in to the Anti-Spam settings where we will find the Outbound spam filter policy.

Expand the Outbound spam policy and select Edit policy.

The last thing we will need to do here is set the Automatic forwarding option to Off – Forwarding is disabled

The End Result

To see if the option does it’s job we’ll create a mailbox rule which forwards all the received emails to a fake address.
As you can see in the video below the message will not be forwarded to the recipient but instead will be blocked by the Defender policy.

A very easy but important feature to enable and I’m glad Microsoft added this to their already rich feature set of Defender for Office 365.

This concludes my blog post, please let me know if you have any questions.

And don’t forget to connect with me via the following platforms:

Dit vind je misschien ook leuk...

Geef een reactie

%d bloggers liken dit: