Outlook: Reply with a Template in Rules

🚨 The Signal: Outlook rules can now automatically reply using templates. This introduces a risk of information disclosure or phishing if templates contain sensitive data or are misused by compromised accounts.

The Impact

All users are affected, with a moderate risk of unintended information disclosure or phishing if not properly managed.

  • End Users: Risk of accidental sensitive data exposure via automated replies.
  • Security Team: Increased surface area for phishing attacks if templates are weaponised.
  • Admins: Need to monitor and potentially restrict automated reply capabilities.
  • Compliance Officers: Risk of non-compliance with data handling policies.

The Action

  1. Review existing email policies for automated replies and template usage.
  2. Educate users on the risks of including sensitive information in reply templates.
  3. Consider implementing Data Loss Prevention (DLP) policies to scan outgoing automated replies.
  4. Monitor audit logs for unusual rule creation or modification activities.
  5. Evaluate if specific user groups require restrictions on this feature via Exchange Online PowerShell.

Domain: Exchange · Impact: medium · Workload: Exchange Online