The Outlook integration detects a variety of data loss prevention, account misconfiguration, and user security risks in an integrated Microsoft 365 account that could leave you and your organization vulnerable.
- A Microsoft 365 account with an active Microsoft Business Basic, Microsoft Business Standard, Microsoft 365 E3, Microsoft 365 E5, or Microsoft 365 F3 subscription
- or equivalent permissions in Microsoft 365
Get alerted when calendars in your Microsoft 365 account have their permissions changed to a less secure setting.
|Calendar shared externally||Low|
Email administrator settings
Discover suspicious or insecure email configurations in your Microsoft domain. Missing SPF and DMARC records make it easier for bad actors to spoof email, while SPF records configured to another domain can be a potential warning sign of malicious activity.
|Microsoft Domain SPF Record Allows Any IP Address||High|
|Microsoft Domain SPF Record Not Present||Medium|
|Microsoft Domain DMARC Record Not Present||Medium|
|Microsoft Domain DMARC Not Enforced||Medium|
|Microsoft Domain DMARC Not Enforced for Subdomains||Medium|
|Microsoft Domain DMARC Only Partially Enforced||Medium|
|Microsoft Domain Not Verified||Medium|
|App Certification Expires in 90 Days or Sooner||Low|
Get alerted when users set their email to be forwarded externally. This can either be a sign of unauthorized activity, or an employee unknowingly sending potentially sensitive information to a personal email.
|Active Message Rule Forwards Externally As Attachment||Low|
|Active Message Rule Forwards Externally||Low|
|Active Message Rule Redirects Externally||Low|