365 Email Rule containing a delete

Title of the alert: “Email Rule containing a delete”

Description: Alerts when an email rule containing a delete is located

Options:

  • It is possible to ignore specific users

The problem: This alert is triggered when a delete command is detected in an email rule. It should be noted that this alert will not detect all email rules

Impact: If it was inserted maliciously, then it may be being used to hide inbound emails, or related bounces.

Suggested steps: Engage a technician to confirm that the alert is accurate, and if so then the technician should suggest and undertake suitable mitigation steps to remedy the situation, including password changes and review of all email rules.