This rule will help with email compromises which export email data to an external source or a company policy that enforces DLP.

Create a new rule in the Exchange admin center.
Add a bounce back message so that users will know right away if they have been compromised in this fashion or to notify that they are not allowed to funnel email to another source.