Check if Forwarding Rules are Active in Microsoft 365

Native Solution

Microsoft 365 Permission Required

High

Global Admin or Exchange Admin.

Option 1 Using Exchange Admin Center:

Sign-in to the Exchange admin center.
Navigate to Recipients»Mailboxes»< User Mailbox >»Email forwarding.
You can find the forwarded address of this user mailbox below the Manage email forwarding.

By default, the Microsoft 365 admin center and Exchange admin center lack a built-in overview for email forwarding reports, requiring a manual inspection of each user's settings on an individual basis.

Option 2 Using Windows PowerShell:

Get-Mailbox -ResultSize Unlimited -Filter "ForwardingAddress -like '*' -or ForwardingSmtpAddress -like '*'" | Select-Object DisplayName, ForwardingAddress, ForwardingSmtpAddress
#Run the above cmdlets after connecting Exchange Online

Get-Mailbox | ForEach-Object { Get-InboxRule -mailbox $_.PrimarySMTPAddress}
#Run the above cmdlets to get Inbox rules

Get-TransportRule
#Run the above cmdlets to get Transport rules

Option 3 Using PowerShell Script:

We have prepared a PowerShell script to retrieve data on the Exchange Online mailboxes that forwards emails internally and externally and also whether a copy of the email is saved in the target mailbox.
Download and run the following script in the Administrator PowerShell.

EmailForwardingReport.ps1

Add -InboxRules while running the PowerShell script to retrieve the inbox rules with email forwarding.
Add -MailFlowRules while running the PowerShell script to retrieve transport rules that redirect emails to other mailboxes.

AdminDroid Solution

More than 150 reports are under free edition.

AdminDroid Permission Required

Delegated

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid

Login to the AdminDroid Office 365 reporter.
Navigate to the Mailbox Forwarding Detailed Summary report resided under Analytics»Exchange analytics»Mailbox forwarding section.

Simplify the identification of email forwarding rules in user mailboxes. Get the list of mailboxes with internal forwarding recipients, external domains, total inbox rules, etc.

Moreover, AdminDroid includes built-in visualizations and charts, providing a comprehensive overview to analyze and identify mailboxes with active email forwarding.

Explore a full range of reporting options

Export Office 365 email forwarding report at ease

Why leaving gaps in Microsoft 365 email security? Closely monitor external email forwarding in Exchange Online with AdminDroid!

Witness the report in action using the

Live Demo

Important Tips

Monitor email forwarding rules to detect any suspicious activity happening and prevent unauthorized data sharing in Microsoft 365.

Ensure the DLP policies to prevent unwanted forwarding of sensitive data by monitoring email security reports.

Educate users on Microsoft 365 email security best practices to manage Exchange Online email forwarding in their organization.

Exchange OnlineList the Exchange Online mailboxes with email forwarding enabled in Microsoft 365

Showing 1 of 6

Why it is important to find Exchange Online mailboxes with email forwarding rules? How to set up email forwarding for a mailbox in Exchange Online? How to turn off email forwarding in Microsoft 365? How to check email forwarding in Exchange Online? How to monitor forwarded emails in Exchange Online? How to manage email forwarding in Exchange Online?

Why it is important to find Exchange Online mailboxes with email forwarding rules?

By finding and managing Exchange Online mailboxes with email forwarding rules, you can help to protect your organization's data from unauthorized forwarding, including data leaks, spam, and malware attacks.

Forwarding emails to external addresses in Office 365 can pose several security risks, including:

Data leakage in Microsoft 365: If an attacker compromises your users’ Microsoft 365 account and sets up email forwarding to an external address, they can gain access to all the emails that are sent to your account. This could include sensitive data such as customer information, financial data, or trade secrets.
Micrsoft 365 phishing attacks: Attackers can use email forwarding to send phishing emails that appear to come from your legitimate email address. This can trick your recipients into clicking on malicious links or opening infected Microsoft 365 attachments.
Spam and malware attacks: Office 365 attackers can use email forwarding to send spam and malware to your recipients, which could give them a pathway to your organization's data and systems by gaining access to your organization's network.
Compliance violations: If your organization is subject to industry regulations such as HIPAA or PCI-DSS, forwarding emails to external addresses may violate those regulations.

AdminDroid provides detailed insights into email forwarding setups, transport rules, and inbox rules in your organization, improving email security and compliance with regulations.

Microsoft 365 mailbox forwarding summary: Navigate to Analytics»Exchange analytics»Mailbox forwarding. This section of reports contains an email forwarding overall summary report of Exchange mailboxes with a detailed separate section on forwarding to external domains and internal domains, and SMTP forwarding.
Microsoft 365 mail transport rules: Navigate to Audit»Exchange»Mail flow»Transport rules. Every operation on mail flow using transport rules along with the performed users are listed here.
Exchange Online inbox rules: Navigate to Analytics»Exchange Analytics»Inbox rules. Use the detailed and dedicated section for Inbox rules which contains reports on all inbox rule configurations with forwarding and external forwarding. You can check for any inbox rule modifications using the 'Inbox rule section' in AdminDroid.

How to set up email forwarding for a mailbox in Exchange Online?

While email forwarding can improve communication and efficiency, it can also be used to exfiltrate sensitive data. Therefore, it is important to carefully consider the risks and benefits of email forwarding before setting it up in your organization.

Both Exchange Online admins and Exchange Online mailbox owners can configure email forwarding in Microsoft 365.

Configure email forwarding as an Exchange Online admin

Using Microsoft 365 admin center:

Navigate to Users»Active user and select the user whose email you want to forward.
Under the Mail section, select Manage email forwarding. To allow external forwarding for one user, enter the external mail address in the text box.

Using PowerShell:

Set-Mailbox –Identity <UserPrincipalName> -ForwardingAddress <UserPrincipalName> -ForwardingSMTPAddress <EmailAddress>
#If you specify both ForwardingAddress and ForwardingSMTPAddress, then ForwardingSMTPAddress will be ignored.

ForwardingAddress is used for internal forwarding.
ForwardingSMTPAddress is used for both internal and external forwarding. Generally, ‘ForwardingSMTPAddress’ is used for external domain email addresses.

Enable email forwarding by the Mailbox owner

Using Microsoft Outlook:

Navigate to the Settings page, then select Mail, and proceed to Rules.
Create a new rule with a specific ‘condition’, such as if received from a certain mail address, and set the ‘action’ - forward or redirect emails to a designated email address.

Using PowerShell:

Login to the Administrator PowerShell.
Run the below cmdlet to set a forwarding inbox rule.

New-InboxRule “<Forwarding Rule>” -MyNameInToBox $true –ForwardTo <UserPrincipalName>
#When my name is in the ‘To box’, then the mail will be forwarded to <UserPrincipalName>. #Set a forwarding rule name as per your requirement replacing <Forwarding Rule>

Exchange Online shared mailboxes and their contents are accessible to multiple users. Thus, tracking who forwards emails from shared mailboxes, as well as where those emails are sent, is crucial.

AdminDroid Exchange Online reporting tool helps to monitor the Microsoft 365 email forwarding rules applied for shared mailboxes. It allows admins to gain deeper insights into the forwarding configurations associated with shared mailboxes.

To check shared mailbox forwarding rules,

Navigate to ‘Forwarding set in Shared Mailboxes’ report resided under Reports»Exchange»Shared Mailbox Info.

This report consists of forwarding enabled shared mailboxes, forwarding email addresses, rule name, rule configurations and so on.
You can schedule this report by using the quick schedule option at the top of the report.
By setting up the schedule frequency, admins can be updated on every email forwarding rule set to a shared mailbox.

How to turn off email forwarding in Microsoft 365?

The vulnerability in Exchange Online email forwarding feature may pose a risk of unintentional data breaches when forwarding sensitive information to external domains. Admins can block auto-forwarding in Microsoft 365 to external domains to prevent forwarding emails by a user mailbox.

Sign-in to the Microsoft 365 Defender portal.
Select 'Policies & rules' under 'Email & collaboration'.
Navigate to Threat policies»Anti-spam policies.
Click Anti-spam outbound policy and edit 'protection settings'.
In the ‘Automatic forwarding rules’ dropdown, select Off – Forwarding is disabled. Click Save.

Microsoft 365 admins must carefully monitor email forwarding rules to external domains, as they can inadvertently expose sensitive data outside the organization. They must exercise additional caution to prevent unauthorized data exposure and potential compliance violations.

Monitor email forwarding to protect your Microsoft 365 organization's sensitive data.

Use AdminDroid’s scheduled report feature whenever a new forwarding address is set to an email address.

To export the Microsoft 365 email forwarding report,

Navigate to mailbox forwarding summary report residing under Analytics»Exchange Analytics»Mailbox forwarding.
Click on the Schedule this report now and hit Show advanced options.
Now set the frequency and mail recipient.
Hit the 'Customize Email Message' option and check the Don't attach empty reports and Don't send scheduled email when all the reports are empty boxes.
Add a 'name' for the scheduled report and save the scheduled report.

How to check email forwarding in Exchange Online?

Microsoft 365 admin portals don't provide a detailed view of email forwarding info, such as a list of all users with active email forwarding enabled, configured rules, etc. in one place. Thus, checking the forwarding config for multiple users is time-consuming.

Use the below PowerShell cmdlet to list office 365 mailboxes with a forward.

Get-Mailbox | Where-Object {($_.ForwardingSmtpAddress -ne $null) -or ($_.ForwardingAddress -ne $null)} | Select-Object DisplayName, ForwardingSmtpAddress, ForwardingAddress, DeliverToMailboxAndForward

Panoramic view of email forwarding in Microsoft 365

Email forwarding can be monitored at a bird's eye view to uncover which employees are forwarding emails to external and internal domains and helps to identify unauthorized forwarding rules, which could be a security risk.

AdminDroid provides a consolidated view of email forwarding by allowing organizations to see a complete list of all user accounts with active email forwarding, both internally and externally.

To monitor email forwarding with bird’s eye view,

Navigate to Mailbox forwarding – Birds eye view report resided under Analytics»M365 Birds eye»Mailboxes.
This report shows the number of mailboxes that are enabled with internal and external forwarding.

AdminDroid's email forwarding bird's eye view is a valuable tool for Microsoft 365 users looking to enhance their security, compliance, and efficiency.

How to monitor forwarded emails in Exchange Online?

Monitoring forwarded emails in Exchange Online is essential for protecting your organization from data leakage, ensuring compliance with regulations, and troubleshooting email delivery issues.

To monitor the forwarded emails in your Exchange Online environment,

Navigate to Mail flow»Message trace.
In the Message trace window, you can filter the results to show only messages that have been forwarded.

You can also view details about each forwarded message, such as the sender, recipient, and forwarding address.

AdminDroid: Alerting you on external forwarding inbox rule creations

Leverage the built-in alert system of Admindroid to receive instant notifications when an email is delivered to external users, enabling swift response to potential security breaches. Enhance data protection with real-time monitoring and proactive threat detection capabilities.

Create a ‘Quick alert’ that audits every change in inbox rules configurations with external forwarding rule and email the Microsoft 365 admin.

How to manage email forwarding in Exchange Online?

Managing email forwarding in Exchange Online is essential for controlling message routing and ensuring data security. It allows organizations to oversee email flow, prevent unauthorized data access, and maintain compliance with email policies.

To disable email forwarding for a user in Microsoft 365, you can follow these steps as an Exchange Online admin:

Sign-in to the Exchange Online admin center.
Now, navigate to Recipients»Mailboxes.
Select the mailbox for which you want to disable email forwarding.
Click ‘Email forwarding’ in the menu.
To disable forwarding to any address, clear the ‘Forward all emails sent to this mailbox’ toggle button. Click save.

To disable auto email forwarding in Microsoft 365 using PowerShell, you can follow these steps as an Exchange Online admin:

Sign-in to PowerShell as an Exchange Online admin. Run the following cmdlet.

Get-Mailbox -ResultSize Unlimited | Set-Mailbox -ForwardingSmtpAddress $null -DeliverToMailboxAndForward $false

Configuring Exchange Online email forwarding made easier!

AdminDroid simplifies email forwarding monitoring by offering a centralized and user-friendly interface for efficient Exchange Online management. AdminDroid's robust reporting capabilities ensure that administrators can continuously monitor the email forwarding statuses in their organization.

AdminDroid: The effective email forwarding monitoring tool to prevent data leakage, phishing attacks, and other severe security threats occurring in your Microsoft 365 environment.

AdminDroid Exchange Online ReporterMicrosoft 365 email forwarding monitoring tool for ultimate security!

AdminDroid Exchange reporting and auditing tool stands as an all-inclusive solution for Microsoft 365 admins, empowering seamless identification and management of users’ email forwarding without the necessity of intricate PowerShell scripts.

Why should you utilize AdminDroid Microsoft 365 reporter for email forwarding management?

‘Mailbox Forwarding Detailed Summary’ report under Analytics»Exchange Analytics»Mailbox Forwarding will provide you with detailed information on emails being forwarded from a mailbox to other mailboxes that include internal forwarding addresses, external domains, etc.

A Quick Summary

Gain Centralized Insights on Email Forwarding

Easily locate all email forwarding enabled Exchange Online mailboxes, consolidated in a single accessible location.

Efficient Email Forwarding Management

Identify and manage forwarding configurations in your organization to ensure optimal utilization of resources, preventing unnecessary forwarding and potential security risks.

Streamline Report Generation for Email Forwarding

Schedule automated generation of reports on email forwarding settings, delivered directly to your inbox, providing regular updates and monitoring.

Get Insights on Inbox Rules

Obtain comprehensive insights on mailboxes with forwarding inbox rules, with rule configurations and recipient data to mitigate security risks.

Be Alerted on Suspicious Email Forwarding

Deploy default alert policy template on email forwarding to get alerted on creation of external forwarding rules in Microsoft 365.

Customize and Export M365 Email Reports

AdminDroid offers powerful reporting capabilities that allow you to customize and export M365 email reports according to your needs.

Overall, AdminDroid simplifies email forwarding monitoring with the help of insightful reports on Exchange Online mailboxes. Experience seamless management of forwarding configurations and optimize workflows with AdminDroid Exchange Online reporting.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps for Exchange Online Email Forwarding.

The following are possible errors and troubleshooting hints while dealing with Exchange Online email mailbox forwarding report.

Error: 550 5.7.520 Access denied, Your organization does not allow external forwarding. Please contact your administrator for further assistance. AS(7555)

This error occurs when your remote server organization does not allow external email addresses to be forwarded.

Troubleshooting hint :Ensure that external email addresses are permitted by your organization.

Error: The operation couldn't be performed because object 'XYZ' couldn't be found.

This error typically occurs when the specified object, such as a mailbox or recipient, cannot be found.

Troubleshooting hint :Verify the Object ID you mentioned and ensure that it exists in your Microsoft 365 organization.

Error: Your organization does not allow external forwarding.

This error indicates that your organization does not permit the forwarding of emails to external email addresses.

Troubleshooting hint :Add the external email address for the user as an SMTP address.

Set-Mailbox –Identity <UserPrincipalName> -ForwardingSMTPAddress <EmailAddress>

Error: Custom mail flow created by an admin at <organization> has blocked your message.

This error occurs to your user when trying to forward or the user account tried to auto forward a mail. Admins can also set a description for this error, which would describe the situation.

Troubleshooting hint :Create custom mail flow rules in the Exchange admin center to meet the specific needs of your organization.

Error: Your message couldn't be delivered because you don't have permission to forward it.

This error occurs in Outlook and delivers an NDR that you do not have the necessary permission to forward the email.

Troubleshooting hint :Verify your access rights and ensure that you have the required Exchange Online permissions.

Error: ./EmailForwardingReport.ps1 cannot be loaded because running scripts is disabled on this system.

This error occurs when trying to run the script. The execution policy is set to “strict” by default to prevent scripts from running.

Troubleshooting hint :To resolve this error, you can set the execution policy to run the script.

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Export Email Forwarding report in Exchange Online