Jul 16 2019
Hi all,Today we a user has received many bounce back mail is about 'Undeliverable: xxxxxxxxx' messages
after we investigation and check Office365Alerts mail we found a user account has hacked, and set a mail forward, i would like to know can the set the Alerts rule only for forward outside organization or the IP address out of office. because the system default Alerts mail include UpdateInboxRules.
Jul 25 2019
1. If you would like to Block any External Auto-Forwards from your Organization to Outside, configure Remote-Domain Rules.
Set-RemoteDomain -Identity "Default" -AutoForwardenabled $false
2. If you would like to setup Alert whenever any Forwarding Rule has been set up a user/admin, you can configure alert policies in Security & Compliance Admin Center. Refer - https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_exchon-mso_o365b/mail-forw...
3. As a security measure, you can enable MFA for your User's to ensure even if they someone get there Password Hacked, they are safe until they give up on there Cellphone in a Coffee Shop ;)
Hope this answers all your questions :)