Microsoft is planning to put a stop to enterprise data theft via email forwarding by disabling Office 365’s email forwarding to external recipients by default. Microsoft also wants to add improved external email forwarding controls which will allow Office 365 admins to enable the feature only to select employees in their organizations. The new feature is planned to be generally available and start to roll out to all environments with an Office 365 Advanced Threat Protection (ATP) plans starting with the fourth quarter of 2020. Microsoft provides step by step instructions on how to stop it manually.
Source: https://www.bleepingcomputer.com/news/security/office-365-to-stop-data-theft-by-disabling-external-forwarding/