Information
You should set your Exchange Online mail transport rules so they do not whitelist any specific domains.
Rationale:
Whitelisting domains in transport rules bypasses regular malware and phishing scanning, which can enable an attacker to launch attacks against your users from a safe haven domain.
Impact:
Care should be taken before implementation to ensure there is no business need for case-by-case whitelisting. Removing all whitelisted domains could affect incoming mail flow to an organization although modern systems sending legitimate mail should have no issue with this.
NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
Solution
To alter the mail transport rules so they do not whitelist any specific domains, use the Microsoft 365 Admin Center:
Select Exchange.
Select Mail Flow and Rules.
For each rule that whitelists specific domains, select the rule and click the 'Delete' icon.
To remove mail transport rules you may also use the Exchange Online PowerShell:
Connect to Exchange online using Connect-ExchangeOnline.
Run the following PowerShell command:
Remove-TransportRule {RuleName}
Verify the rules no longer exists.
Get-TransportRule | Where-Object {($_.setscl -eq -1 -and $_.SenderDomainIs -ne $null)} | ft Name,SenderDomainIs