You should set your Exchange Online Spam Policies to copy emails and notify someone when a sender in your tenant has been blocked for sending spam emails. Rationale: A blocked account is a good indication that the account in question has been breached and an attacker is using it to send spam emails to other people. Impact: Notification of users that have been blocked should not cause an impact to the user. NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.
To set the Exchange Online Spam Policies correctly, use the Microsoft 365 Admin Center: Go to https://protection.office.com/antispam Click on the Anti-spam outbound policy (default). Select Edit protection settings then under Notifications Check Send a copy of outbound messages that exceed these limits to these users and groups then enter the desired email addresses. Check Notify these users and groups if a sender is blocked due to sending outbound spam then enter the desired email addresses. Click Save. To set the Exchange Online Spam Policies correctly, use the Exchange Online PowerShell Module: Connect to Exchange Online using Connect-ExchangeOnline. Run the following PowerShell command: $BccEmailAddress = @('<INSERT-EMAIL>') $NotifyEmailAddress = @('<INSERT-EMAIL>') Set-HostedOutboundSpamFilterPolicy -Identity Default -BccSuspiciousOutboundAdditionalRecipients $BccEmailAddress -BccSuspiciousOutboundMail $true -NotifyOutboundSpam $true -NotifyOutboundSpamRecipients $NotifyEmailAddress Default Value: disabled