Phishing 2.0 - Detecting AitM and BitM Toolkits // Watch Now

Ready to help

How to restrict external forwarding Microsoft 365

For a discussion about whether you should restrict external forwarding, read Should you disable external email auto-forwarding. If you've decided to go ahead, read on.

To restrict external auto-forwarding in Exchange Online, it's best to use outbound spam filters. Although there are other approaches available, using outbound spam filters means users can still create external auto-forwarding rules, but they receive a mail delivery failure when the rule is used. This allows you to continue to monitor for malicious rules being created, which is a high fidelity alert for account compromise, whilst preventing the impact of the attack.

You might find you already have an outbound spam filter in place restricting external auto-forwarding of mail. In September 2020, Microsoft applied this policy to all tenants that were not using the feature.

Before you start

Before starting, make sure the change won't negatively impact your users by checking if there are any external auto-forwarding rules already in place.

Use our free tool to check your user's mailboxes for malicious mail rules

It takes less than two minutes to check all your Office 365 or Google Workspace mailboxes.

Configure your spam filter policy

Use spam filters to make external forwarding rules ineffective. Keep the detection of account compromise but remove the impact.

  1. Visit

  2. Select "Anti-spam outbound policy" and "Edit protection settings"

  3. Select "Automatic forwarding rules" and then "Off - Forwarding is disabled"