Forum Discussion
Disable users ability to create rules...
There's now way to disable this for the desktop client afaik. The only thing I could think of is to disable the corresponding buttons/UI controls, but for that to work you will need to know the actual control IDs. Check here for more info: https://www.slipstick.com/how-to-outlook/group-policy-disable-commands/
VasilMichev Thank you, I don't think that would help. The purpose is to stop any malicious people who have stolen credentials from creating rules. They would be accessing it from outside our domain.
Rules to do what? auto-Forward emails? You can easily prevent that in better ways. Otherwise, I'm not sure what rules you are concerned about.
- Hi Andy, Can you please help me with the ways to prevent users to create rules to forward the emails.
Andy David Typically once a users credentials are stolen, the malicious individual creates a rule to move all (or sometimes specific) emails to a specified folder, that the actual user would never typically check. That way the user is unaware of any suspicious activity until it is usually too late.
We have implemented multi-factor authentication, which should make it much more difficult for this to occur. But as an added security the partners of my company would like to block the creation of any rules.
Also, rules to move emails do not fall under the forwarding/redirect rules. So the option to prevent that does not apply sadly...
Well, to be honest, I think this is an unnecessary concern - esp with the implementation of MFA.
If you were to block the ability to create rules, that would hamper your user's from being able to manage their mailboxes effectively and, as in all these things, security has to be balanced with practicality . I'm still not seeing what real harm is being done to a mailbox if a bad actor moved a message to another folder.
