This guide will allow an administrator to verify that the alert pointing to the creation of a redirecting transport rule or a email-forwarding configuration of an inbox is sanctioned activity and not a malicious attempt at data exfiltration.
- Navigate to the Rules – Exchange Admin Center portal, locate and select the recently generated Redirect rule that was created within the portal. Verify that the rule creation is behaving in a sanctioned manner, either pointing to a known partner address or a sanctioned personal address.
- Additionally, it might be necessary to go to the mailbox level to verify that email-forwarding has not been established on the inbox itself. This can be done by navigating to the Mailboxes – Exchange Admin Center portal and verify that the mailbox listed does not have any unsanctioned forwarding pointing to an unknown address.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.