The creation of an Microsoft 365 inbox rule is often a technique used to exfiltrate email that is often used for recon purposes in a staged attack. By monitoring for new inbox rule creation, you can have immediate awareness of what could be a malicious activity.
Get your free account with Blumira and secure your Microsoft 365 environment in minutes. No credit card required.
Prerequisites:
Testing Steps: