Changes to Email Forwarding in Microsoft 365
Important Update: Changes to Email Forwarding in Microsoft 365
As part of the CSU System Cyber Security Alignment initiative, our university will be disabling all automatic or bulk forwarding of emails out of the Microsoft 365 environment effective October 1, 2025.
>>> You will still be able to forward individual messages manually as usual. <<<
Why Is This Change Necessary?
Automatic email forwarding to external addresses poses several security and compliance risks. Disabling this feature helps protect university data and aligns with CSU-wide cybersecurity standards. Key concerns include:
- Data Leakage: Forwarded emails may contain sensitive or confidential information that could be exposed outside the university.
- Phishing & Spoofing: Attackers can exploit forwarding rules to redirect messages and impersonate university accounts.
- Loss of Visibility: IT security teams lose visibility into where data is going, making it harder to detect breaches or misuse.
- Compliance Risks: Forwarding may violate CSU data protection policies and regulatory requirements.
What You Need to Do
- If you currently have automatic forwarding rules set up, you can remove them yourself before October 1: Remove Automatic Forwarding from your Email
- If no action is taken, all automatic forwarding rules will be removed on October 1, 2025.
How We’re Supporting You
By August 1, 2025, the Division of IT will provide IT departments and workers, through the IT Community, a list of users who have active forwarding rules to allow them to do personalized outreach.
The Division of IT will also notify affected users directly via email on these (approximate) dates:
- August 1 (two months before the change)
- September 17 (two weeks before)
- September 29 (two days before)
Learn More
Reminder: You can still forward individual messages manually.
If you have any questions or need help, please contact your department’s IT support or the Division of IT Help Desk.