| Capability ID | Capability Description | Category | Value | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|---|
| EOP-MFR-E3 | Mail Flow Rules | protect | significant | T1114 | Email Collection |
Comments
In Exchange Online Protection (EOP) organizations without Exchange Online mailboxes can use Exchange Mail Flow Rules (also known as transport rules) to look for specific conditions on messages that pass through your organization and take action on them. Mail Flow Rules take action on messages while they are in transit, not after the message is delivered to the mailbox. Mail flow rules contain a richer set of conditions, exceptions, and actions, which provides you with the flexibility to implement many types of messaging policies.
Mail Flow Rules protects from Email Collection attacks due to the custom rules feature which allows you to define rules to encrypt email messages which provides an added layer of security to sensitive information sent over email.
License Requirements:
Microsoft Exchange Online Protection, Defender for Office 365 plan 1 and plan 2, Microsoft XDR
References
|
| EOP-MFR-E3 | Mail Flow Rules | protect | significant | T1114.002 | Remote Email Collection |
Comments
In Exchange Online Protection (EOP) organizations without Exchange Online mailboxes can use Exchange Mail Flow Rules (also known as transport rules) to look for specific conditions on messages that pass through your organization and take action on them. Mail Flow Rules take action on messages while they are in transit, not after the message is delivered to the mailbox. Mail flow rules contain a richer set of conditions, exceptions, and actions, which provides you with the flexibility to implement many types of messaging policies.
Mail Flow Rules protects from Remote Email Collection attacks due to the custom rules feature which allows you to define rules to encrypt email messages which provides an added layer of security to sensitive information sent over email.
License Requirements:
Microsoft Exchange Online Protection, Defender for Office 365 plan 1 and plan 2, Microsoft XDR
References
|
| EOP-MFR-E3 | Mail Flow Rules | protect | significant | T1114.003 | Email Forwarding Rule |
Comments
In Exchange Online Protection (EOP) organizations without Exchange Online mailboxes can use Exchange Mail Flow Rules (also known as transport rules) to look for specific conditions on messages that pass through your organization and take action on them. Mail Flow Rules take action on messages while they are in transit, not after the message is delivered to the mailbox. Mail flow rules contain a richer set of conditions, exceptions, and actions, which provides you with the flexibility to implement many types of messaging policies.
Mail Flow Rules protects from Email Forwarding Rule attacks due to the custom rules feature which allows you to define rules to encrypt email messages which provides an added layer of security to sensitive information sent over email.
License Requirements:
Microsoft Exchange Online Protection, Defender for Office 365 plan 1 and plan 2, Microsoft XDR
References
|
| EOP-MFR-E3 | Mail Flow Rules | detect | significant | T1564 | Hide Artifacts |
Comments
In Exchange Online Protection (EOP) organizations without Exchange Online mailboxes can use Exchange Mail Flow Rules (also known as transport rules) to look for specific conditions on messages that pass through your organization and take action on them. Mail Flow Rules take action on messages while they are in transit, not after the message is delivered to the mailbox. Mail flow rules contain a richer set of conditions, exceptions, and actions, which provides you with the flexibility to implement many types of messaging policies.
Mail Flow Rules detects Hide Artifacts attacks due to the conditions property which examines message header fields that may attempt to hide artifacts associated with their behaviors to evade detection.
License Requirements:
Microsoft Exchange Online Protection, Defender for Office 365 plan 1 and plan 2, Microsoft XDR
References
|
| EOP-MFR-E3 | Mail Flow Rules | protect | significant | T1564.008 | Email Hiding Rules |
Comments
In Exchange Online Protection (EOP) organizations without Exchange Online mailboxes can use Exchange Mail Flow Rules (also known as transport rules) to look for specific conditions on messages that pass through your organization and take action on them. Mail Flow Rules take action on messages while they are in transit, not after the message is delivered to the mailbox. Mail flow rules contain a richer set of conditions, exceptions, and actions, which provides you with the flexibility to implement many types of messaging policies.
Mail Flow Rules protects from Email Hiding Rules attacks due to it's detection mechanisms that include the ability to audit inbox rules on a regular basis as they are in transit.
License Requirements:
Microsoft Exchange Online Protection, Defender for Office 365 plan 1 and plan 2, Microsoft XDR
References
|