Nov 22 2019 02:24 AM
Hi Community
I looking for an easier way to discover creation of forward rules in Exchange. Currently i have to manually go through each alert (Office 365 Security & Compliance) where the alerts is "Creation of forwarding/redirect rule", open it, look in view activity list, in the specific UpdateInboxRule, click more, and finally look at OperationProperties and then RuleAction, where the information might be.
Anyone having experience with a query from Log Analytics that can do this for me?
This Query doesnt contain the needed information:
OfficeActivity
| where Operation in("UpdateInboxRules","New-InboxRule")
In advanced thanks alot.
Best regards Tim Gjerlufsen
Nov 22 2019 10:26 AM
Havent bothered with Log analytics, but you can easily fetch the audit events from PowerShell and parse the extended information there. Or if you want to work directly with the alerts, use the Management Activity API's: https://docs.microsoft.com/en-us/office/office-365-management-api/office-365-management-activity-api...