mail forwarding report

Occasional Contributor

Is there any easy way in exchange online/MS365 to get a report of any auto forward rules setup by admins or the end users themselves, e.g. inbox rules? 

 

Is there an easy way to disable the ability of end users to setup such rules for information security purposes. 

2 Replies
There are a couple things you can do...
1. Setup Alerts for forwarding rules, https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies?view=o365-worldwide

Which you can then track and investigate and possibly remediate through a PowerShell Script.

Generates an alert when someone in your organization creates an inbox rule for their mailbox that forwards or redirects messages to another email account. This policy only tracks inbox rules that are created using Outlook on the web (formerly known as Outlook Web App) or Exchange Online PowerShell.

2. You could disable this functionality through SPAM rules, https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/external-email-forwardin...

In the rule, you could make exceptions for specific accounts that are autoforwarding.

Hope this helps. Also, you might want to send out a communication to employees that this is happening and why.
There are dozens of ready to use scripts available online for this task, here's one of mine: https://github.com/michevnew/PowerShell/blob/master/Mailbox_Forwarding_inventory.ps1
Help file is here: https://github.com/michevnew/PowerShell/blob/master/Mailbox_Forwarding_inventory.md