By now you may already know the antispam capabilities of Exchange Online/Exchange Online Protection to protect you against spam and phishing emails.

You may also know you can create an Exchange mail flow rule to manage forwarding email to external recipient.

Well, this capability is now available and manageable from the Antispam policy.

By default this setting is set to Automatic (system controlled); this means for now and up to September 1st, 2020 the policy will not be enforced to block external forwarding to let you analyse and identify if your users are using forwarding emails (especially automatic email forwarding using rules).

NOTE this feature will not impact automatic email forwarding for internal users

First to start identifying if automatic forwarding email is in use you can use the Auto-Forwarded message report available from the Security dashboard.

Logon to your Security portal (https://protection.office.com/) and go to the Mail flowdashboard blade, there you will be able to see if there has been any automatic forwarding email

Once you have identified the usage, you can now adjust the antispam policy (either by editing the default policy or editing the custom one you are using) by accessing the Threat ManagementPolicy blade

The  option to control automatic forwarding email is available under the Outbound spam filter policy