Cheryl,
My specific situation is as follows:
I've got a user (at a client, not internal) that sporadically sees NDRs in his mailbox. The NDRs report that obvious spam-messages, allegedly sent by him, could not be delivered. He is not (knowingly or intentionally) sending the original outgoing messages.
His PC has been thoroughly & repeatedly scanned for malware/viruses, and is running up-to-date AV security software.
I suspect his password is being detected somehow, and another system is trying to send spam using the user's Office 365 account.
If the account can be configured to ONLY permit sending via Exchange, then I can review the messages in the Sent Items folder to try and collect more information about whatever is taking place. I don't expect the sender of the messages is going to be so attentive to this one PC that it would bother to delete things from the Sent Items folder.
Frankly, I'd expect that whatever is doing the sending is only using SMTP anyway, and if the account can only send via Exchange then I expect the problem will cease.
Does that help you to understand what I'm trying to do?
Thanks,
Steve