How to Strengthen M365 Exchange Online Configurations with Kevin Klingbile
Summary
When was the last time you reviewed the security of your mail flow rules?
Join instructor Kevin Klingbile to learn how attackers exploit weak mail flow rules and how to stop them.
Kevin will teach you through real-world examples of rule bypasses, show you how to spot risky configurations, and teach practical steps to secure your email environment.
In this free one-hour Antisyphon Anti-cast, you'll strengthen your defenses and make sure your mail flow rules aren’t the next easy target.
🛝 Webcast Slides:
https://www.antisyphontraining.com/wp-content/uploads/2026/02/strengthen-m365-configs-kevin-klingbile.pdf
✏️ Antisyphon Training with Kevin:
https://www.antisyphontraining.com/product/defending-m365-azure-with-kevin-klingbile/
Chapters
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel
Click here to watch a video of this episode.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com
Brought to you by:
When was the last time you reviewed the security of your mail flow rules?
Join instructor Kevin Klingbile to learn how attackers exploit weak mail flow rules and how to stop them.
Kevin will teach you through real-world examples of rule bypasses, show you how to spot risky configurations, and teach practical steps to secure your email environment.
In this free one-hour Antisyphon Anti-cast, you'll strengthen your defenses and make sure your mail flow rules aren’t the next easy target.
🛝 Webcast Slides:
https://www.antisyphontraining.com/wp-content/uploads/2026/02/strengthen-m365-configs-kevin-klingbile.pdf
✏️ Antisyphon Training with Kevin:
https://www.antisyphontraining.com/product/defending-m365-azure-with-kevin-klingbile/
Chapters
- (00:00) - Intro – How to Strengthen M365 Exchange Online Configurations with Kevin Klingbile
- (01:12) - Excahnge Online
- (03:47) - Exchange Mail Flow Rules
- (04:20) - Rule Requirements - Conditions
- (08:36) - Rule Settings
- (12:15) - Rule Flow
- (18:34) - Creating “Good” Rules
- (25:22) - Rule Example - Conditions vs Description
- (28:29) - Rule Function - Message Sent to Organization
- (29:39) - Reply to email chain and...
- (30:56) - Microsoft’s Solution! (Sort of)
- (32:10) - Mail Rule vs Disclaimer
- (32:20) - Modify Original Rule
- (33:03) - New message “Bypassing” Subject Rule
- (35:03) - Common Rule Issues
- (41:44) - Phishing Products
- (42:39) - X-Header Bypass Examples
- (42:53) - X-Header Example - 2
- (43:46) - Direct Send
- (45:50) - Direct Send - Transport Rules
- (46:52) - Disable Direct Send**
- (47:58) - DMARC
- (48:26) - Securing Exchange Online
- (48:59) - Q&A Start
- (57:46) - Other Antisyphon Events
- (01:05:35) - Final Thoughts
Chat with your fellow attendees in the BHIS Discord server:
https://discord.gg/bhis
in the #🔴live-chat channel
Click here to watch a video of this episode.
🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits –
https://poweredbybhis.com
Brought to you by:
Black Hills Information Security
Antisyphon Training
Active Countermeasures
Wild West Hackin Fest
Creators and Guests
Guest
CJ Cox
CJ Cox is the Chief Operating Officer for Black Hills Information Security (BHIS). He joined the team in 2016 and is responsible for managing the day-to-day operations and business capture of BHIS. CJ has over 25 years of experience in the IT industry as a systems administrator as well as an information system security officer, manager, and engineer. CJ feels that this is his dream job and that his favorite parts are the people he gets to work with and making security better. He is a retired Marine reservist and father of 4 who enjoys skiing, camping, golfing, and playing chess in his free time.
Guest
Kevin Klingbile
Kevin Klingbile has been working for Black Hills Information Security (BHIS) as a Security Consultant since 2020. Previously, Kevin spent most of his career performing both red and blue team roles in the energy utilities sector. Kevin is a contributor to the IT security community as an advisor on the CIS top 20 controls panel. He also teaches security courses at Western Dakota Tech as an adjunct professor. He holds an MBA in Information Technology Management and a BS in Information Technology. Outside of work, Kevin enjoys backyard farming, grilling, and chasing his kids around the yard.