LoFP LoFP / t1114

t1114

TitleTags
administrators may create custom email routes in google workspace based on organizational policies, administrative preference or for security purposes regarding spam.
exporting a pst can be done for legitimate purposes by legitimate sources, but due to the sensitive nature of pst content, it must be monitored.
forwarding mail flow rules may be created for legitimate reasons, filter as needed.
go utilities that use staaldraad awesome ntlm library
legitimate exchange system administration activity.
legitimate users may access a large number of mailbox items in a short period, especially in environments with high email volume or during data migrations. if this is expected behavior, consider adjusting the rule or adding exceptions for specific users or groups.
pst export can be done for legitimate purposes but due to the sensitive nature of its content it must be monitored.
user using a new mail client or mobile application to access their mailbox.
users accessing their mailboxes using custom or third-party applications that are authorized by the organization, such as crm or erp systems.
users accessing their mailboxes using first-party microsoft applications that are not typically used by the user, such as outlook on the web or outlook mobile app.
users and administrators can create inbox rules for legitimate purposes. verify if it complies with the company policy and done with the user's consent. exceptions can be added to this rule to filter expected behavior.