BLOCK AUTO-FORWARDING EMAILS

How do you know if your Microsoft Office 365 credentials have been compromised?

Without turning on Multi-Factor Authentication and advance notification features, a compromised username and password goes undetected. Once the Microsoft Office 365 credentials are compromised, the perpetrators will gain access to emails, email rules, email settings, one drive and all its settings, SharePoint online and any apps that are part of your Microsoft subscription. Additionally, if the compromised credentials provide elevated privileges, then the entire Azure and Office 365 tenant is at risk.

A great example of compromised credentials invading our privacy is when a hacker configures Microsoft email transport rules to duplicate and forward all sent and received emails to an external email account. These settings typically go unchecked for days. It is important for you and your business to be aware of any email protocols which allow automatic forwarding of emails outside of your organization.

To improve security, we recommend that you disable this functionality by default. This may need to be done by your service provider or email host. If an email account is hacked and auto-forwarding email is enabled, there will be no way of knowing that the user is sharing all of their emails with the hacker.  Auto-forwarding mail to external contacts can have some legitimate use. However, it is risky. Allowing staff to automatically forward mail to external email addresses brings the danger of information leakage.

Additionally, your employees can select not to keep copies of the forwarded messages in their business mailboxes. This means emails do not get archived and will not be available for future reference. Back to the topic of compromised credentials which can be prevented by enabling multi-factor authentication that adds an additional step after providing the password such as a hardware token, SMS notification, or biometric input to complete the authentication process.

In the near future, Microsoft is hoping to finally kill passwords within businesses with its latest upgrade to its Microsoft Authenticator App. The password is increasingly viewed as an insecure way to authenticate users, with employees often resorting to weak passwords as they try to keep up with corporate demands for frequent changes. Microsoft already offers a range of alternatives to passwords, such as Windows Hello facial and fingerprint log-in which is used by over 47 million users, and the Microsoft Authenticator app which can be used to login to a range of Microsoft and third-party accounts.

The iOS and Android app eliminates the need for passwords by offering authentication via a combination of phone and fingerprint, face or PIN for a more secure, multi-factor sign-in. Now, Microsoft has extended its support for passwordless login using the app to the hundreds of thousands of Azure Active Directory-connected apps used by business.

A HACKER CAN CONFIGURE MICROSOFT EMAIL TO DUPLICATE AND FORWARD ALL SENT AND RECEIVED EMAILS

Take a moment to consult with our professional services, cloud and managed services for Microsoft Office 365 to ensure the best practices have been carried out. Computex is a mature Office 365 managed service provider helping our clients perform successful cloud transformations.

Takeaways:

Block Auto email forwarding to external recipients

The two common ways to forward emails are:

  • Email rules. This is initiated by users and can be turned on and off as required by the users. Changing this setting may be done through email applications such as Microsoft Outlook, online through the online email mailbox such as Outlook Web Access.
  • Transport rules. The IT industry term “transport rules,” which are also commonly known as mail flow rules, can be used to identify and act on emails coming into your business. This is not only limited to Microsoft Office 365 but other email services including self-hosted or in-house solutions. Transport rules would typically be setup, managed and altered by your mail host or IT Support.

How to do it:
https://blogs.technet.microsoft.com/mitchelatmicrosoft/2015/05/03/exchange-online-blocking-auto-forward-messages-to-external-recipients/

Transport Rules Overview:
https://technet.microsoft.com/en-1us/library/jj919238(v=exchg.150).aspx