Forum Discussion

Deleted's avatar
Deleted
Jan 16, 2019

Setup Alert when user creates a new inbox rule

Hi,

 

I am looking for an way to setup a new Office 365 Alert that would send me an email when a user creates a new inbox rule.  I have looked at tech articles and have created them via manage alerts, but they don't seem to be working as I never get the email notification.

admin
Change Alerts
office 365
security

20 Replies

Sort By
  • Tosinovsky's avatar
    Tosinovsky
    Copper Contributor
    Aug 23, 2021
    How were the test rules created? If the rules were created on the Outlook desktop client, the alerts won't be triggered. The alert is designed to monitor rules created in OWA.
  • Mikhailmol's avatar
    Mikhailmol
    Copper Contributor
    Apr 12, 2019

    Deleted  There was a menu in Security Center under Alerts section - that menu was "Manage Advanced Alerts" but it's no longer there 

    but you can still access it if you go directly to https://protection.office.com/managealerts. That's where you can create an alert you need. Click on "New Alert Policy". When creating an alert there for activity search for "New-InboxRule", you will find it there - see pictures from my setup.

     

     

    • NRoseiTB's avatar
      NRoseiTB
      Copper Contributor
      Aug 20, 2024
      Acitivty alerts are now accessed via https://security.microsoft.com/managealerts 
      (Security/Microsoft Defender Admin Centre > Email & collaboration > Policies & rules > Activity Alerts)
      Activitiy triggers include:
      New-InboxRule Create inbox rule from Outlook Web App
      Set-InboxRule Modify inbox rule from Outlook Web App
      Update inbox rules from Outlook Client
    • Deleted's avatar
      Deleted
      Jan 17, 2019

      That rule (alerting me when someone forwards their email) I created (I had to do it manually) and it is working.  However a rule for creating or modifying Inbox Rules is not available from that screen when creating a new Alert.  Please see my posts above with the attachments.  Thanks.

      • wrtrer's avatar
        wrtrer
        Copper Contributor
        Apr 11, 2019

        Deleted Did you find a solution to the problem?   

         

        We had a user whose password and account were compromised (we've enabled mandatory 2FA since!)  The attacker created an mailbox rule that deleted messages from the user's sent mail when the message contained certain words.  The attacker then sent email messages containing those words. 

         

        I would like to know how to be alerted when a user creats any new mailbox rule, regardless of whether the message is forwarded to a different account.  

         

        Do you know VasilMichev or adam deltinger ?

    • Deleted's avatar
      Deleted
      Jan 16, 2019

      I only have one other trigger that sends me an email when a user forwards their email to an outside email address. That one is working..(Email Alert 1.jpg)  But it seems they are configured in different area's of the office 365 admin. Please see my screenshots.

      • adam deltinger's avatar
        adam deltinger
        MVP
        Jan 16, 2019
        It should be through alert policy’s in the security and compliance center!

        Adam

Resources