The 'Suspicious Inbox Forwarding' detection rule is designed to identify potentially unauthorized email forwarding that may indicate an account compromise or data exfiltration risk. The rule monitors for suspicious inbox forwarding rules created within the Microsoft 365 environment, specifically when a user creates rules that forward all incoming emails to an external address. This behavior is anomalous and could suggest that sensitive information is being inadvertently or maliciously shared outside of the organization. The detection utilizes events from the Security Compliance Center and will trigger when the event source indicates successful creation of such a forwarding rule, thus raising alerts for further investigation. By employing this rule, organizations can better protect their email communications, ensuring that any unusual forwarding behavior is promptly addressed, mitigating the risk of data leaks.