What is the difference between adding a forwarding rule via ECP and setting up mail forwarding via EAC for persistent email access?

Adding a forwarding rule via ECP (Inbox Rules) is user-level and can be done with just the user's password and access to the Exchange Control Panel. Setting up mail forwarding via Exchange Admin Center (EAC) requires Exchange administrator privileges. Both forward emails to another account, and unlike permissions-based access, the forwarding operation ensures the attacker still receives copies even if the original user deletes the email. The forwarding can also be configured to deliver both to the forwarding address and the mailbox. This distinction is vital for understanding attack vectors in Penetration Basics - Obtaining Domain User Password Policies.