EXT-07: Detect External Mail Forwarding
Frequently asked questions about implementing and managing the EXT-07 security control in Microsoft 365 and Entra ID.
QWhat is EXT-07 (Detect External Mail Forwarding)?▼
EXT-07 is a security control that attackers commonly set up mail forwarding rules after compromising accounts. these rules silently copy all emails to external addresses, enabling ongoing data theft even after the initial compromise is remediated. It requires that mailbox forwarding rules to external addresses are identified and inbox rules forwarding to external domains are flagged, no unexpected external forwarding rules exist.
QWhy is Detect External Mail Forwarding important for Microsoft 365 security?▼
Attackers commonly set up mail forwarding rules after compromising accounts. These rules silently copy all emails to external addresses, enabling ongoing data theft even after the initial compromise is remediated.
QHow do I implement EXT-07 in my tenant?▼
EXT-07 requires manual implementation. Requires Exchange admin access or Microsoft Graph Reports API
QWhat license do I need for EXT-07?▼
This control can be implemented with any Microsoft 365 subscription, including free Azure AD.
QWhich security baseline includes EXT-07?▼
EXT-07 is included in the TrueConfig Recommended Secure baseline (Level 1). This is the foundation level suitable for most organizations.
QWhy is EXT-07 marked as critical severity?▼
EXT-07 is rated critical because failure to implement this control significantly increases the risk of security incidents. Attackers commonly set up mail forwarding rules after compromising accounts. These rules silently copy all emails to external addresses, enabling ongoing data theft even after the initial compromise is remediated.
6
Questions
1
Related Controls
—
Categorized
Related Resources
Still have questions?
Our security experts are here to help. Start a free trial and get personalized guidance for your Microsoft 365 environment.
Start Free Trial