Forum Discussion
A low-severity alert has been triggered emails
we have start receiving "A low-severity alert has been triggered" alerts today ?
is this normal ?
A low-severity alert has been triggered
Creation of forwarding/redirect rule
Severity: ? Low
Time: 10/12/2018 7:30:00 AM (UTC)
Activity: MailRedirect
User: username@xxxxx.com.sg
Details: MailRedirect. This alert is triggered whenever someone gets access to read your user's email.
Investigate
Kin Mun Yeow : Wie kann ich diese automatische Umleitung deaktivieren?
- You need to investigate this a well, as that's why the alert is there. There are lots of scenarios where the users password is compromised and a malicious actor puts a forwarding rule on their account. You need to check every time you get this or other alerts
- have checked user mailbox.
did not find any new forwarding rules of emails
Just adding a link to the documentation on Alert policies, where you can find all the needed details: https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies
As noted there, some alerts (such as the forwarding one) are included and turned on by default for every Enterprise plan.
This means someone in the organization set up an forwarding rule ,auto forwarding or forwarding mail flow rule. You can check and further investigate this in:
Security and Compliance Center - "Alerts"
Also the alert polices can be configured under "alert policies"
Adam
