General
Email boxes are protected against spam by Exchange Online. In certain cases, it is useful to forward a notification of blocked emails to administrators.
Rationale
A blocked outgoing email is a good indicator that the sender's account has been compromised and an attacker is using it to send spam messages to other people.
Attic Fix
A fix is available for this check! It will be offered via a ticket in Attic, which you can then accept.
Manual Instruction
Follow these steps to adjust the setting:
- Navigate to Microsoft 365 Defender https://security.microsoft.com
- Click to expand Email & collaboration and select Policies & rules
- On the Policies & rules page, under Policies: select Anti-spam
- Click on Anti-spam outbound policy (default)
- Select Edit protection settings under Notifications
- Check ON: Send a copy of outbound messages that exceed these limits to these users and groups and enter the desired email addresses
- Check ON: Notify these users and groups if a sender is blocked due to sending outbound spam and enter the desired email addresses
- Click on Save
CIS Mapping
-
CIS Item: 4.2 (L1) Ensure Exchange Online Spam Policies are set to notify administrators (Automated)
-
Profile: E3 Level 1
Comments
0 comments
Please sign in to leave a comment.