Forum Discussion

DKTimGjerlufsen's avatar
DKTimGjerlufsen
Copper Contributor
Nov 22, 2019

Query UpdateInboxRules or New-InboxRule from within Log Analytics

Hi Community

 

I looking for an easier way to discover creation of forward rules in Exchange. Currently i have to manually go through each alert (Office 365 Security & Compliance) where the alerts is "Creation of forwarding/redirect rule", open it, look in view activity list, in the specific UpdateInboxRule, click more, and finally look at OperationProperties and then RuleAction, where the information might be.

 

Anyone having experience with a query from Log Analytics that can do this for me?

This Query doesnt contain the needed information: 

OfficeActivity
| where Operation in("UpdateInboxRules","New-InboxRule")

 

In advanced thanks alot.

Best regards Tim Gjerlufsen

 

 

 

Resources