Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Secure Score - New Client External Rules Forwarding Block control

Silver Contributor

Secure Score can now help stop data exfiltration with client created rules, that auto-forwards email from users mailboxes to an external email address.  This is apparently an increasingly common data leakage method that is being successfully used by 'bad actors'.

 

Secure Score has a new security control called 'Client Rules Forwarding Blocks' that implements a Transport Rule to help mitigate client created rules that Auto-Forward to external addresses.  

 

Secure Score Client Rules Forwarding Block.png

 

If enabled, this will apply the following logic via a transport rule:

 

IF The Sender is located ‘Inside the organization’ 
AND IF The Recipient is located ‘Outside the organization’
AND IF The message type is ‘Auto-Forward’
THEN Reject the message with the explanation ‘External Email Forwarding via Client Rules is not permitted’.

This feature is now live within Secure Score.  See the announcement here for further details - Mitigating Client External Forwarding Rules with Secure Score.  

 

Perhaps these sorts of announcements could be posted to this community blog in the future like there have been for previous Secure Score new features? 

7 Replies

I think this is a great rule... However, I am trying to setup an exception but cannot seem to get it to work. 

 

Can someone provide instructions on how best to do this? See below... 

 

I am need to setup a rule that will redirect a message to four external email addresses.

best response confirmed by Deleted
Solution

I enabled this on my test tenant to see if I could help.  You should be able to add an exception to permit these specific addresses to receive auto forwarded emails.

 

Have you got as far as going into the Exchange Admin Center and in Mail Flow, listed in rules there would be an entry like 'Client Rules To External Block - Secure Score 9/8/2017'. Editing this, there is an Except if.. add exception button. 

 

Click this and add the required exceptions, for example using "The recipient..." 'is this person option'.  I think that should work anyway but you might need to play around with the options.  Good luck.

 

Rule.gif

 

Hey Cian and thanks for responding. 

 

I tried this originally but it wouldn't work for me. I will play around with it a little more to see if I can get it to work for me. 

 

Thank you! 

Hi. Any updates on this? 

I'm not able to add an exception either. It doesn't seem to work no mater what options I try.

 

Thanks

Any luck getting this to work?

Does this apply to Microsoft Flows that auto-forward email?  @Cian Allner 

@Cian AllnerJust looking into using Secure Score for appling this transport rule, I can see this thread is a couple of years old.  There portal looks different from your screenshot and no option I can find to "Apply" this rule?  Has this function gone now?

 

 

1 best response

Accepted Solutions
best response confirmed by Deleted
Solution

I enabled this on my test tenant to see if I could help.  You should be able to add an exception to permit these specific addresses to receive auto forwarded emails.

 

Have you got as far as going into the Exchange Admin Center and in Mail Flow, listed in rules there would be an entry like 'Client Rules To External Block - Secure Score 9/8/2017'. Editing this, there is an Except if.. add exception button. 

 

Click this and add the required exceptions, for example using "The recipient..." 'is this person option'.  I think that should work anyway but you might need to play around with the options.  Good luck.

 

Rule.gif

 

View solution in original post