This Security Control will create a transport rule in Exchange that will prevent users from creating forwarding rules to an external email address. It will reject the messages auto-forwarded with the following message: 'External Mail Forwarding via Client Rules is not permitted'.
You can find transport rules in the Exchange Admin Center, in the Mail Flow section, the transport rule controlled by this setting will be named "Block Auto-Forwarding to External Domains (OP)". Renaming, changing, or removing this transport rule will cause a Setting Changed Outside of Office Protect event to trigger.
The operations to look for in the Unified Audit Logs: Set-TransportRule, Remove-TransportRule, New-TransportRule
Microsoft’s documentation on Transport Rules (also known: https://docs.microsoft.com/en-us/exchange/security-and-compliance/mail-flow-rules/mail-flow-rules