How to Monitor Auto-Forwarding Email Redirect Rules in Microsoft 365 E5 | Microsoft Exam MS-500

Detecting and Managing Auto-Forwarding Email Redirect Rules in Microsoft 365 E5

Prev Question Next Question

Question

You are a global admin in a company with a Microsoft 365 E5 subscription.

You notice that some users have set up email forwarding out of your organization.

You wish to be notified whenever someone in your organization creates an auto-forwarding email redirect rule.

What should you do?

Answers

A. In Microsoft 365 Compliance center, select Alerts

B. In Microsoft 365 Compliance center, select Policies

C. In Microsoft 365 Compliance center, select Reports

D. In Microsoft 365 Compliance center, select Data Loss Prevention.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: B

You should navigate to Microsoft 365 Compliance Center -&gt; Policies -&gt; Alert Policies, and enable the built-in Policy “Creation of forwarding/redirect rule”:

$LPedatiOn OF FOrWarGinig/reairect rule ft Home > Alert policy @ Compliance Manager ae . ae ae ‘ fan . a . Pa wae . Use alert policies to track user and admin activities, malware threats, or data loss incidents in your organization. After choosing the activity you want to be alerted on, refine the policy by adding conditions, deciding when to trigger tl 2 kdit pe D Data classification policies More advanced alerting capabilities are available through E5, Threat intelligence or Advanced compliance subscriptions. Learn more Pa Detjeonnectars A Some sections of this alert cannot be edited because it's a default policy. A Ast + New alert policy Search PT ater Status @q = a Description This alert is triggered when someone in your }* Reports B organization sets up auto-forwarding, email = Pol (Name Severity Type Category forwarding, redirect rule or a mail flow rule -V1.0.0.5 = Polici 2} Permissions (1 Successful exact data match upload @ low system Threat management Severity Informational Category Threat management C1 Elevation of Exchange admin privilege @ low stem Permissions Solutions . Policy Hl cone (1 User restricted from sharing forms and collecting responses @ High Threat management contains tags # Catalog ‘avait mail reported by user as malware or phish © ow system Threat management Conditions Activity is MailRedirect C1 Admin triggered manual investigation of email Informatio: stem Threat management P Content search ‘99% 9 3 Aggregation _ Single event 2) Communication compliance C1 eDiscovery search started or exported Informational Threat management Scope Allusers [2 Data loss prevention (Phish delivered because a user's Junk Mail Folder is disabled Informational System Threat management - TenantAdmins E\ Gaaiipssiremecs (1 Admin Submission Result Completed Informatio tem Threat management recipients ff eDiscovery v Edit C1 Email sending limit exceeded @ Medium Threat management No limit =] Information governance C1 Remediation action taken by admin on emails or URL or sender Informational System Threat management [4 Information protection ZZ Creation of forwarding/redirect rule Informational System Threat management % Insider risk management$

Select “Edit” under Email recipients to add your user as recipient of the alert rule output.

Option A is incorrect.

This is where you can view information related to already enabled alert policies.

We need to enable our policy first.

Option C is incorrect.

This is where you can view status and trends for the compliance of your Microsoft 365 devices, data, identities, apps, and infrastructure.

Option D is incorrect.

This is where you can configure Data loss prevention policies.

To know more about setting up alert policies, please refer to the link below:

The correct answer for the scenario described is A. In Microsoft 365 Compliance center, select Alerts.

Explanation:

Email forwarding can be a security risk for organizations since it can lead to sensitive data being sent outside of the organization without proper authorization. Therefore, it is important to monitor and control email forwarding.

To detect auto-forwarding rules, Microsoft 365 offers several tools, including the Alerts feature in the Compliance center. Alerts allow administrators to receive notifications when specific events occur in their organization.

To set up an alert for auto-forwarding rules, follow these steps:

Go to the Microsoft 365 Compliance center.
Select Alerts from the left-hand menu.
Click on the New Alert Policy button.
Select the User category, then select the Auto-forwarding rule created event.
Specify the criteria for the alert, such as the users or groups to monitor.
Choose the notification settings, such as email recipients and frequency.

Once the alert policy is set up, the administrator will receive a notification whenever someone in the organization creates an auto-forwarding email redirect rule.

Note: Policies in the Microsoft 365 Compliance center allow administrators to configure and enforce rules for data retention, deletion, and access. Reports provide insights into the organization's compliance status and activity. Data Loss Prevention (DLP) is a feature that helps prevent sensitive data from leaving the organization through email, SharePoint, and OneDrive. While these features are useful for data protection, they do not specifically address the issue of auto-forwarding rules.

Prev Question Next Question