General
Mail flow rules, also known as Transport rules, are used within Exchange Online to check emails for malware and phishing when they are sent from sender to recipient.
Rationale
When domains are exempted in transport rules, malware and phishing scanning is bypassed. This gives a malicious actor the opportunity to launch attacks against users from a domain that is assumed to be safe.
Attic Fix
No fix is available for this check. You can implement the advised settings yourself using this instruction.
Manual Instruction
Follow these steps to adjust the setting:
- Navigate to the Exchange admin center https://admin.exchange.microsoft.com
- Expand Mail Flow and select Rules
- Click on the Delete icon for each rule that exempts specific domains
Impact
Be cautious when removing exempted domains to ensure there are no legitimate business needs for exceptions. Removing all exempted domains may affect incoming email, although modern systems that send legitimate email should not have issues with scanning.
CIS Mapping
-
CIS Item: 4.4 (L1) Ensure mail transport rules do not whitelist specific domains (Automated)
-
Profile: E3 Level 1
Comments
0 comments
Please sign in to leave a comment.