cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Office SCC - expired email forwarding alerts

icelava
Brass Contributor

‎Mar 15 2021 07:00 AM - last edited on ‎Feb 07 2023 07:39 PM by

‎Mar 15 2021 07:00 AM - last edited on ‎Feb 07 2023 07:39 PM by

Office SCC - expired email forwarding alerts

Office Security & Compliance Center's alerts generally become useless past a week since the details for the alerts necessary to make informed assessments and judgements get discarded thereafter.

 

For alerts about users creating email forwarding rules (not wholesale mailbox forwarding), are there alternative ways to track back these details? Short of directly signing in as said user, like what Microsoft 365 security recommends.

 

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/responding-to-a-compromi...

 

787 Views
0 Likes
2 Replies
Reply
2 Replies
Vasil Michev

‎Mar 15 2021 10:56 AM

‎Mar 15 2021 10:56 AM

Re: Office SCC - expired email forwarding alerts

Which details do you mean in particular? You can enumerate rules within user's mailboxes via PowerShell or EWS, and toggle them on/off as needed. To ensure timely discovery, you can configure email notifications for said alerts. The unified audit log will surface any events related to configuring forwarding, and the message trace can give you a clue as to whether forwarding is actually taking place.
1 Like
Reply
best response confirmed by icelava (Brass Contributor)
icelava

‎Mar 15 2021 11:51 PM

‎Mar 15 2021 11:51 PM

Solution

Re: Office SCC - expired email forwarding alerts

@Vasil Michev 

When attempting to [View activity list] and looking at the activity items.

 

I installed the Exchange Online PowerShell Module and was able to see the forwarding rules with Get-InboxRule cmdlet.

 

Thanks

0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by icelava (Brass Contributor)
icelava

‎Mar 15 2021 11:51 PM

‎Mar 15 2021 11:51 PM

Solution

Re: Office SCC - expired email forwarding alerts

@Vasil Michev 

When attempting to [View activity list] and looking at the activity items.

 

I installed the Exchange Online PowerShell Module and was able to see the forwarding rules with Get-InboxRule cmdlet.

 

Thanks

View solution in original post

0 Likes
Reply