Forum Discussion
Cb111
Mar 17, 2022Copper Contributor
mail forwarding report
Is there any easy way in exchange online/MS365 to get a report of any auto forward rules setup by admins or the end users themselves, e.g. inbox rules?
Is there an easy way to disable the ability of end users to setup such rules for information security purposes.
- There are dozens of ready to use scripts available online for this task, here's one of mine: https://github.com/michevnew/PowerShell/blob/master/Mailbox_Forwarding_inventory.ps1
Help file is here: https://github.com/michevnew/PowerShell/blob/master/Mailbox_Forwarding_inventory.md - Christopher KnoerzerCopper ContributorThere are a couple things you can do...
1. Setup Alerts for forwarding rules, https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies?view=o365-worldwide
Which you can then track and investigate and possibly remediate through a PowerShell Script.
Generates an alert when someone in your organization creates an inbox rule for their mailbox that forwards or redirects messages to another email account. This policy only tracks inbox rules that are created using Outlook on the web (formerly known as Outlook Web App) or Exchange Online PowerShell.
2. You could disable this functionality through SPAM rules, https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/external-email-forwarding?view=o365-worldwide#:~:text=The%20following%20types%20of%20automatic%20forwarding%20are%20available,forwarding%29%20to%20automatically%20forward%20messages%20to%20external%20recipients.?msclkid=1594e528a60f11ecbc7bf1d9ae127198
In the rule, you could make exceptions for specific accounts that are autoforwarding.
Hope this helps. Also, you might want to send out a communication to employees that this is happening and why.