cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How do I report on mails that have been blocked by my AutoForwarding to external domain block rules?

Christo De Lange
Brass Contributor

‎Aug 14 2019 04:41 AM

‎Aug 14 2019 04:41 AM

How do I report on mails that have been blocked by my AutoForwarding to external domain block rules?

Hello

 

We have a rule setup on Exchange online which successfully blocks emails that satisfy a "Block Automatic forwarding of mail to external domains" policy rule.

 

I can see the report which shows a "rule hit" and get an email notification every time the rule is hit as well. I don't, however, see a report of the evidence of the blocked emails. Is this possible? 

 

So "Show me a list of actual blocked emails" rather than "show me a list of rule hits" if that makes sense. 

The problem is I cannot distinguish between rule hits and blocks, as currently, the notification shows:

"Rule Hit: Block Client Forwarding to an external domain, Action: AuditSeverityLevel, RejectMessage, GenerateIncidentReport"  but it shows the same message for auto-forwarded emails inside the domain as well.

 

Hope that makes sense

 

Thanks in advance

 

Labels:
919 Views
0 Likes
2 Replies
Reply
2 Replies
ankit shukla

‎Aug 14 2019 10:29 AM

‎Aug 14 2019 10:29 AM

Re: How do I report on mails that have been blocked by my AutoForwarding to external domain block ru

@Christo De Lange  Solution/Workaround - 

 

1. Create a Shared Mailbox dedicated for this specific purpose.

2. In your existing Transport rule for blocking auto-forward to external domains  < Add additional action < send a copy / bcc the email to < Newsharedmailbox@domain.com .

3. Apply < ok < Enforced < High Severity audit.

 

This gives you the copy of email (which are actually blocked from being auto-forwarded)

Test to see if it works, else we can probably go for another workaround in that case. You can have many actions to corresponding conditions defined in a Transport Rule.

 

 

Cheers !

Ankit Shukla

 

 

0 Likes
Reply