Introducing cross-tenant message recall in Exchange Online
🚨 The Signal: Exchange Online now allows cross-tenant message recall, enabling external M365 tenants to recall messages sent to your users. This feature is disabled by default and requires explicit allow-listing of trusted external tenant IDs by administrators.
The Impact
Exchange Online administrators are affected, facing a new data governance risk if cross-tenant message recall is misconfigured, potentially allowing unauthorized message deletion.
- Exchange Online Admins: Must securely configure allow-lists to prevent unauthorized message recall by external parties.
- Security Teams: Need to assess the risk of external entities deleting internal data and ensure policy alignment.
- Data Owners: Risk of data loss or alteration if external tenants are granted recall permissions without proper vetting.
The Action
- Review existing data retention and information governance policies for external collaboration.
- Assess the necessity and risk of enabling cross-tenant message recall with specific external partners.
- If enabling, use Exchange Online PowerShell to add only explicitly trusted external tenant IDs to the allow-list.
- Regularly audit the configured cross-tenant message recall allow-list for unauthorized entries.
Domain: Exchange · Impact: high · Workload: Exchange Online · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898