I looking for an easier way to discover creation of forward rules in Exchange. Currently i have to manually go through each alert (Office 365 Security & Compliance) where the alerts is "Creation of forwarding/redirect rule", open it, look in view activity list, in the specific UpdateInboxRule, click more, and finally look at OperationProperties and then RuleAction, where the information might be.
Anyone having experience with a query from Log Analytics that can do this for me?
This Query doesnt contain the needed information:
| where Operation in("UpdateInboxRules","New-InboxRule")
In advanced thanks alot.
Best regards Tim Gjerlufsen