We like to allow users to reset their Microsoft 365/Office 365 password. The feature we…
How to get mailbox forwarding rules in Microsoft 365
The first thing attackers do once they get access to a mailbox account is set up a mailbox forwarding rule that allows them to exfiltrate sensitive data to an external email address and use it for malicious purposes. So it’s essential to scan your environment and see if any rules are active and are not set up for such intentions. In this article, you will learn how to get mailbox forwarding rules in Microsoft 365 – Exchange Online with PowerShell.
Table of contents
External forwarding in Microsoft 365
The external forwarding is by default disabled in Microsoft 365, and you should keep it that way. But, if there are some reasons that external forwarding needs to be enabled, you should create an outbound policy and select the users and groups that are granted to forward external mail.
Important: Create an outbound policy that only selected users and groups are able to forward external mail.
The following types of automatic forwarding are available in Microsoft 365:
- Users can configure Inbox rules to automatically forward messages to external senders
- Admins can configure mailbox forwarding (also known as SMTP forwarding) to automatically forward messages to external recipients. The admin can choose whether to simply forward messages, or keep copies of forwarded messages in the mailbox.
Connect to Exchange Online PowerShell
Before you start, you have to Connect to Exchange Online PowerShell. Otherwise, the commands will not work.
Get mailbox forwarding rules for a single user
To get the mailbox forwarding rules for a single user.
Get-Mailbox "Amanda.Morgan@exoip.com" | Where { ($_.ForwardingAddress -ne $null) -or ($_.ForwardingsmtpAddress -ne $null) } | ft DisplayName, UserPrincipalName, ForwardingAddress, ForwardingSmtpAddress, DeliverToMailboxAndForward
The output will appear like this.
DisplayName UserPrincipalName ForwardingAddress ForwardingSmtpAddress DeliverToMailboxAndForward
----------- ----------------- ----------------- --------------------- --------------------------
Amanda Morgan Amanda.Morgan@exoip.com smtp:external_email@gmail.com True
Get mailbox forwarding rule for all users
To get the mailbox forwarding rules for all users
Get-Mailbox -ResultSize Unlimited | Where { ($_.ForwardingAddress -ne $null) -or ($_.ForwardingsmtpAddress -ne $null) } | ft DisplayName, UserPrincipalName, ForwardingAddress, ForwardingSmtpAddress, DeliverToMailboxAndForward
The output will show like this.
DisplayName UserPrincipalName ForwardingAddress ForwardingSmtpAddress DeliverToMailboxAndForward
----------- ----------------- ----------------- --------------------- --------------------------
Amanda Morgan Amanda.Morgan@exoip.com smtp:Plato@gmail.com True
Phil Peters Phil.Peters@exoip.com smtp:Socrates@gmail.com True
SharedMailbox1 sharedmailbox1@exoip.com smtp:Jonathan.Fisher@exoip.com True
SharedMailbox2 sharedmailbox2@exoip.com smtp:Aristotle@gmail.com False
Mailbox forwarding PowerShell report script
It’s best to export a mailbox forwarding rules report to finish it all.
To get a report in an interactive table in a separate window, let’s use the Out-GridView cmdlet. Also, let’s export it to a CSV file in the folder path C:\temp.
# Connect Exchange Online PowerShell
Connect-ExchangeOnline
# Change the export path to your desired location
$exportPath = "C:\temp\ForwardingAddress.csv"
# Retrieve mailboxes with forwarding addresses
$mailboxes = Get-Mailbox -ResultSize Unlimited | Where-Object { $_.ForwardingAddress -ne $null -or $_.ForwardingSmtpAddress -ne $null }
# Select the desired properties for display
$mailboxProperties = $mailboxes | select DisplayName, UserPrincipalName, ForwardingAddress, ForwardingSmtpAddress, DeliverToMailboxAndForward
# Show the results in an Out-GridView
$mailboxProperties | Out-GridView -Title "Mailboxes with Forwarding Addresses"
# Export all the data to a CSV file
$mailboxProperties | Export-Csv -Path $exportPath -NoTypeInformation -Encoding UTF8
Write-Host "Mailbox data has been exported to $exportPath" -ForegroundColor Green
This is how it looks in the separate window.
Let’s open the CSV file.
That’s it!
Read more: Send from Alias in Office 365 »
Conclusion
You learned how to get mailbox forwarding rules with PowerShell in Microsoft 365. Always check if there are mailboxes with external forwarding set up in the organization and block the accounts if you see any suspicious activity.
Did you enjoy this article? You may also like Add tag to external emails in Microsoft 365 for extra security. Don’t forget to follow us and share this article.
This Post Has 0 Comments