Detect External Mail Forwarding for Professional Services & Consulting

Professional Services & Consulting organizations face specific regulatory requirements including soc2, iso27001, cis. The EXT-07 control helps address these requirements by:

• Mailbox forwarding rules to external addresses are identified
• Inbox rules forwarding to external domains are flagged
• No unexpected external forwarding rules exist

Attackers commonly set up mail forwarding rules after compromising accounts. These rules silently copy all emails to external addresses, enabling ongoing data theft even after the initial compromise is remediated.

When implementing EXT-07 in a professional services & consulting environment, consider:

• **Regulatory requirements**: soc2, iso27001, cis may mandate specific configurations
• **Risk tolerance**: Professional Services & Consulting organizations typically have moderate to low risk tolerance
• **Audit frequency**: Plan for regular compliance reviews
• **Documentation**: Maintain detailed records for regulatory inspections

To implement EXT-07 in your Microsoft 365 environment:

• Mailbox forwarding rules to external addresses are identified
• Inbox rules forwarding to external domains are flagged
• No unexpected external forwarding rules exist

This control requires manual implementation through the Entra admin center.