It takes less than two minutes to check all your Office 365 or Google Workspace mailboxes.
How to restrict external forwarding Microsoft 365
For a discussion about whether you should restrict external forwarding, read Should you disable external email auto-forwarding. If you've decided to go ahead, read on.
To restrict external auto-forwarding in Exchange Online, it's best to use. Although there are other approaches available, using outbound spam filters means users can still create external auto-forwarding rules, but they receive a mail delivery failure when the rule is used. This allows you to continue to monitor for malicious rules being created, which is a high fidelity alert for account compromise, whilst preventing the impact of the attack.
You might find you already have an outbound spam filter in place restricting external auto-forwarding of mail. In September 2020, Microsoft applied this policy to all tenants that were not using the feature.
Before you start
Before starting, make sure the change won't negatively impact your users by checking if there are any external auto-forwarding rules already in place.
Configure your spam filter policy
Use spam filters to make external forwarding rules ineffective. Keep the detection of account compromise but remove the impact.
Select "Anti-spam outbound policy" and "Edit protection settings"
Select "Automatic forwarding rules" and then "Off - Forwarding is disabled"