Forum Discussion
Disable auto forwarding email to external recipients using Microsoft Flow
There are several ways to block auto forwarding of email to external recipients via Exchange Online. However there's also an option to create a flow for new email enabling auto forwarding to external recipients using Microsoft Flow!
Problem with this method is that none of the existing methods of blocking these emails is applicable. These emails are directly sent form the users mailbox and therefor not apply to the existing rules.
The DLP option for flow is also not able to prevent this because it only blocks sharing data between connectors.
Because everyone with enabled Azure AD account is able to use Microsoft Flow (even if they don't have the feature enabled within their license plan), there's no way to block this (as far as I know).
Is there any way to avoid this?
11 Replies
- Not sure about how to block forwarding using Microsoft Flow! Have heard this first time. I had a word with my O365CloudExperts team and they answered me that you can block it EXO as there are several options:
blogs.technet.microsoft.com/exchange/2017/12/22/the-many-ways-to-block-automatic-email-forwarding-in-exchange-online/Regards,AkshayAkshay_ManeThe Exchange part is clear (and in place) but this does not prevent Flow form using EXO to forward emails to external recipients.
That's most likely because Flow doesn't do an actual "forward" action, but simply prepares a new message and copies all the relevant details. You as the admin are able to see the types of Flows your users are using, and delete them if needed.
VasilMichevI agree that as an Admin you're able to (re)view flows which users have created but the problem with that is that it will always be reactive. We need to be able to prevent users to use this functionality and with that prevent all mailbox data to leave the organization.
Well you've proactively enabled the users to use Flow :)
I don't disagree with you, it would be nice to be able to control such flows, but as you noted above this one doesn't seem to be captured by the Flow DLP capabilities. You can crawl the Unified audit log for any events corresponding to the Flow or even attach an alert to them, but that's still reactive. Then again, there are potentially dozen other Flows that can be abused to send/save data to an external location, so you might as well re-evaluate the need to enable Flow.
