In Episode 193, Ben and Scott talk about how to protect your organization with Exchange Online transport rules and prevent the forwarding of messages from other applications like Power Automate. They also talk about Project Moca and how it can be used to organize your personal information through Outlook on the web. Transcript Email Download New Tab - Welcome to episode 193 of the "Microsoft Cloud IT Pro Podcast," recorded live, August 31st, 2020. This is a show about Microsoft 365 in Azure, from the perspective of IT pros and end users. Where we discuss a recent topic or news and how it relates to you. In this episode, Ben and Scott spend some time talking about email exfiltration and security, new features coming for Windows security, that relate to advanced threat protection, Microsoft 365 business. And then we would be remiss if we didn't talk about Moca, Project Moca that is. A new feature coming to Outlook on the web. So let's dive in. - The bites and the bits they make a difference. - They do make a difference. So should we talk about news today? We have a whole bunch of topics we've talked about that we've had, and haven't talked about, all of that. - Yeah, let's do it. - All right, take your pick. You had a few that you had on our list that we haven't talked about. So I'll let you kick it off this week. - Yeah, let's talk about email exfiltration controls for Office 365 connectors. - Perfect, I like that, anything that prevents email from going out if it shouldn't, it's a good thing right, email security? - Yes. - So what are these exfiltration filters that have been rolled out? - So you can do things now, well, they've added extra headers to messages from certain services. So you have things now, like there's an XMS mail application header. And that header might be set to a string value such as Microsoft Power Automate. So you could take something like that and create a transport rule in exchange online, which says all emails that come from Power Automate, now go through this filter chain. So maybe they can be sent to external people. So that's kind of cool and you can extend that and take it forward a little bit. There's also an XMS Mail operation type header, which will have values like forward, reply, send, things like that. So you can potentially like take either or one of those rules and either say, we're going to have rules that execute against a particular application. Like your business needs to keep sensitive information internal, and you never want a Flow in Power Automate to send an email to the outside world no matter what your users say, well, you can do that. Or you can also do things like look for purely forwarded messages going through your system and not even allow things like that. Or combine those two together. If Power Automate is logging into my mailbox and forwarding messages, stop it. Like just kill it at the edge with the transport rule. Which is kind of fun. - So with this, yeah, so this transport rule and the new headers could I now do something like if somebody clicks reply to all on a message that has 250 participants, tell them to stop doing that? - I don't think you can stop the whole thing. There's no great thing for that-- - It's not gonna stop. - buttons that vendors make and put in your mail client but really you just have to teach people better behaviors. - Yes, no amount of technology can fix certain behaviors of people. - No. - That is really nice because there's a lot, as people are using Flow and PowerApps and all of this more, I mean, even I've built stuff for my clients where it is automatically sending out information, it's logging information. Microsoft is putting those technologies in the hand of end users and they might not always realize what they're doing when they create certain Flows.