Forum Discussion

BlatniBPMCP's avatar
BlatniBPMCP
Copper Contributor
Feb 02, 2023

Forwarding email – to external no EPO polices are applied

Important, I have configure policy to allow external forwarding and add effected users to policy..

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/outbound-spam-policies-external-email-forwarding?view=o365-worldwide#how-the-outbound-spam-filter-policy-settings-work-with-other-automatic-email-forwarding-controls

 

I have Phishing policy : Anti-Phishing Policy (All Domains) + default

Anti-spam policies

Anti-spam policies Priority Priority 0 -> (Automatic forwarding On - Forwarding is enabled)

Anti-spam inbound policy (Default)

Connection filter policy (Default)

Anti-spam outbound policy (Default)

 

Issue is the following :

Phish email arrive  to O365 (I deliberately avoid EOP) :

Mailbox with no forwarding :

Email is scanned send to quarantine and user is informed

Mailbox with with forwarding :

Email is scanned send to quarantine and user is informed.  <- As expected

Same email is also  directly forwarded to email defied in forwarding.  <- Issue

 

So the second part is Issue ,  Phish email is delivered to external user in original non scanned state.

Is this by design  ? I would expect that email should be scanned by EOP and not forwarded if it is detected as Phish.

The only option, that I did not test was creating the inbox rue to forward email to external user.

  • Imran6767's avatar
    Imran6767
    Copper Contributor
    I had the same issue and when spoke to MS they said its by design and we cannot filter for external users which is fair .

    But they should some up with something for this type of scenario

Resources