A low-severity alert has been triggered emails

Occasional Contributor

we have start receiving "A low-severity alert has been triggered"  alerts today ?

is this normal ?

 

A low-severity alert has been triggered
Creation of forwarding/redirect rule
Severity: ? Low
Time: 10/12/2018 7:30:00 AM (UTC)
Activity: MailRedirect
User: username@xxxxx.com.sg
Details: MailRedirect. This alert is triggered whenever someone gets access to read your user's email.
Investigate

 

5 Replies

This means someone in the organization set up an forwarding rule ,auto forwarding or forwarding mail flow rule. You can check and further investigate this in:

Security and Compliance Center  - "Alerts"

Also the alert polices can be configured under "alert policies"

 

Adam

Just adding a link to the documentation on Alert policies, where you can find all the needed details: https://docs.microsoft.com/en-us/office365/securitycompliance/alert-policies

 

As noted there, some alerts (such as the forwarding one) are included and turned on by default for every Enterprise plan.

You need to investigate this a well, as that's why the alert is there. There are lots of scenarios where the users password is compromised and a malicious actor puts a forwarding rule on their account. You need to check every time you get this or other alerts
have checked user mailbox.
did not find any new forwarding rules of emails

@Kin Mun Yeow : Wie kann ich diese automatische Umleitung deaktivieren?