Forum Discussion

Cian Allner's avatar
Cian Allner
Silver Contributor
Aug 01, 2017

Secure Score - New Client External Rules Forwarding Block control

Secure Score can now help stop data exfiltration with client created rules, that auto-forwards email from users mailboxes to an external email address.  This is apparently an increasingly common data leakage method that is being successfully used by 'bad actors'.

 

Secure Score has a new security control called 'Client Rules Forwarding Blocks' that implements a Transport Rule to help mitigate client created rules that Auto-Forward to external addresses.  

 

 

If enabled, this will apply the following logic via a transport rule:

 

IF The Sender is located ‘Inside the organization’ 
AND IF The Recipient is located ‘Outside the organization’
AND IF The message type is ‘Auto-Forward’
THEN Reject the message with the explanation ‘External Email Forwarding via Client Rules is not permitted’.

This feature is now live within Secure Score.  See the announcement here for further details - Mitigating Client External Forwarding Rules with Secure Score.  

 

Perhaps these sorts of announcements could be posted to this community blog in the future like there have been for previous Secure Score new features? 

  • Cian Allner's avatar
    Cian Allner
    Sep 08, 2017

    I enabled this on my test tenant to see if I could help.  You should be able to add an exception to permit these specific addresses to receive auto forwarded emails.

     

    Have you got as far as going into the Exchange Admin Center and in Mail Flow, listed in rules there would be an entry like 'Client Rules To External Block - Secure Score 9/8/2017'. Editing this, there is an Except if.. add exception button. 

     

    Click this and add the required exceptions, for example using "The recipient..." 'is this person option'.  I think that should work anyway but you might need to play around with the options.  Good luck.

     

     

  • LSH80's avatar
    LSH80
    Copper Contributor

    Cian AllnerJust looking into using Secure Score for appling this transport rule, I can see this thread is a couple of years old.  There portal looks different from your screenshot and no option I can find to "Apply" this rule?  Has this function gone now?

     

     

  • Bryan Kuester's avatar
    Bryan Kuester
    Copper Contributor

    I think this is a great rule... However, I am trying to setup an exception but cannot seem to get it to work. 

     

    Can someone provide instructions on how best to do this? See below... 

     

    I am need to setup a rule that will redirect a message to four external email addresses.

    • Cian Allner's avatar
      Cian Allner
      Silver Contributor

      I enabled this on my test tenant to see if I could help.  You should be able to add an exception to permit these specific addresses to receive auto forwarded emails.

       

      Have you got as far as going into the Exchange Admin Center and in Mail Flow, listed in rules there would be an entry like 'Client Rules To External Block - Secure Score 9/8/2017'. Editing this, there is an Except if.. add exception button. 

       

      Click this and add the required exceptions, for example using "The recipient..." 'is this person option'.  I think that should work anyway but you might need to play around with the options.  Good luck.

       

       

      • Bryan Kuester's avatar
        Bryan Kuester
        Copper Contributor

        Hey Cian and thanks for responding. 

         

        I tried this originally but it wouldn't work for me. I will play around with it a little more to see if I can get it to work for me. 

         

        Thank you! 

Resources