Stop Auto-Forwarding E-Mails in Exchange Online

Here's the scenario:  A user's O365 account was successfully Phished.  The attacked logged in to Outlook online, rifled around the user's mailbox and then decided to implement an auto-forward rule to send any newly received messages to some external e-mail address.   You dutifully killed the auto-forwarding rule as part of the account remediation.  But you ask yourself: why permit auto-forwarding to external e-mail addresses in the first place?  (in point of fact, a lot of organizations ban this practice in policy, citing that storing organizational information on systems outside of their reach is a good way to lose control of their intellectual property). If you seek advice on banning the automated forwarding of e-mail to external addresses, you'll likely be told to setup an Exchange Transport Rule.  Here's an example: https://support.office.com/en-us/article/stop-auto-forwarding-emails-in-microsoft-365-f9d693ba-5c78-47c0-b156-8e461e062aa7 That was easy?  Not so fa