Deadline for required cybersecurity training is Dec. 20 The Division of Information Technology encourages all faculty and staff to log in to Litmos and confirm the training has been completed prior to the deadline. Log in to Litmos

Change to email forwarding policy effective Oct. 1

As part of the university’s ongoing cybersecurity alignment efforts, the Division of IT is implementing a change to how automatic email forwarding is handled in Microsoft 365 (M365). This impacts users at all campuses in the CSU System.

Effective Oct. 1, 2025, the university will no longer allow bulk or rule-based automatic forwarding of all CSU emails from M365 to external email hosts. For example, having an inbox rule to forward all your CSU email from your M365/Outlook mailbox to your personal Gmail or Yahoo one.

This change does not affect your ability to manually forward individual messages using the “Forward” button. It only applies to automatic rules that forward all incoming mail to another address.

Why this change is necessary

To better protect university data and reduce the risk of unauthorized access, this policy change addresses several key security concerns:

  • Data Loss Prevention: Bulk forwarding increases the risk of sensitive university data being unintentionally or maliciously shared outside the institution.
  • Phishing and Spoofing Mitigation: Forwarded emails can be manipulated to appear as if they originate from CSU, increasing the risk of phishing attacks.
  • Compliance with Security Standards: Aligns CSU with industry best practices and federal cybersecurity frameworks.
  • Incident Response Efficiency: Reduces the complexity of tracking and containing potential breaches when data is routed through external systems.

What to expect

  • The Division of IT will generate reports identifying users currently using bulk forwarding rules, and share them with IT workers across campus.
  • Impacted users will receive customized notifications with guidance on how to adjust their email settings and alternative options for managing their communications.
  • Mailboxes/accounts which have not changed their forwarding will be automatically adjusted on October 1 to be in compliance with this new policy.

More Resources

Changes to Email Forwarding in Microsoft 365 | Knowledge Base | Colorado State University

We appreciate your cooperation in helping to strengthen the university’s cybersecurity posture. If you have questions or need assistance, please contact the IT Help Desk.