Check External Auto Forwarding in Microsoft 365

Native Solution

Microsoft 365 Permission Required

High

Global Administrator, Exchange Administrator, or Global Reader

Option 1 Using Exchange Online Admin Center

Sign in to the Exchange Online admin center.
Navigate to Email forwarding under Recipients»Mailboxes»'Select a specific mailbox'.
If forwarding has been turned 'On' for the selected mailbox, you can find the external email address under ‘Forward to an external email address’ as given in the screenshot below.

Option 2 Using Windows PowerShell

Navigating each mailbox in the admin center to check external email forwarding status can be challenging.
Fortunately, PowerShell simplifies it by directly providing the external email forwarding enabled mailboxes when executing the below cmdlet.

Windows PowerShell

 Connect-ExchangeOnline

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox | Where-Object { $_.ForwardingSmtpAddress -ne $null -and $_.ForwardingSmtpAddress -notlike ‘Your-domain' } | Select UserPrincipalName, ForwardingSmtpAddress, DeliverToMailboxAndForward

You can get the forwarding address for a specific domain by replacing <Your-domain> with your internal domain name.

Option 3 Using PowerShell Script

However, the above cmdlet fails to provide the correct outcome when multiple domains are present in your tenant. Also, you need an advanced level of PowerShell knowledge to create a script.
To help you with this, we have prepared a handy script that exports the Office 365 email forwarding report. It contains forwarding email addresses associated with all the domains in your tenant, along with details on inbox rules configured in your organization.

EmaiForwardingReport.ps1

Also, to identify Exchange Online inbox rules with external forwarding, you can execute the following script in Administrator PowerShell.

GetInboxRulesWithExternalForwarding.ps1

AdminDroid Solution

More than 150 reports are under free edition.

AdminDroid Permission Required

None

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid

Login to the AdminDroid Office 365 reporter.
Navigate to the "Mailbox with SMTP Forwarding" report residing under Analytics»Exchange analytics»Mailbox forwarding section.

An in-depth report on external email forwarding offers valuable insights, such as the mailboxes that are forwarding enabled, email forwarding SMTP addresses along with respective mailbox details.

No Report Spotlighting External Domains in Native Solutions!

Yes, despite native solutions offering details on allowed external forwarding addresses, they lack a dedicated report that consolidates all external domains into a single comprehensive list.

AdminDroid offers an exclusive report on External Domains Configured in Mailbox Forwarding, that lets you find included external domains for email forwarding along with the internal email addresses.

Explore a full range of reporting options

Monitor external email forwarding reports with ease!

Protect your data from potential risks by limiting external email forwarding! AdminDroid email monitoring tool helps you permit only trusted external domains for email forwarding.

Witness the report in action using the

Live Demo

Important Tips

To minimize Microsoft 365 security risks, restrict external forwarding to certain roles or individuals and regularly manage these rules as not everyone needs it.

Keep an eye on external email traffic for unusual patterns, like spikes in forwarding or emails to suspicious domains to quickly address potential security threats.

Enable unified audit logging to record and detect risky Exchange Online email activities, including external forwarding rule changes and delegate mailbox accesses.

Exchange OnlineSafeguard Against External Email Forwarding Threats in Microsoft 365

Showing 1 of 4

How to enable automatic external email forwarding for individual mailboxes? How to enable external email forwarding for all mailboxes? How to find users who have automatic email forwarding configured in Microsoft 365? How to block external forwarding in Exchange Online?

How to enable automatic external email forwarding for individual mailboxes?

You can set up an anti-spam outbound policy to allow external email forwarding while managing your organization's email security. Follow the steps below to create an external forwarding policy in Microsoft 365.

Login to the Microsoft 365 Defender portal as an admin and navigate to Email & collaboration»Policies & rules»Threat policies»Anti-spam policies.
If you can't see these options or no policies appear, ensure you're logged in with sufficient admin permissions.
To create a policy, click on + Create policy, then choose Outbound.
Name and describe your new outbound spam filter policy.
Click Next, search for and select the user, group or domain that you wish to allow external forwarding.
Set the outbound anti-spam settings for the policy. Click Next, go to Forwarding rules, and select On - Forwarding is enabled from the dropdown under Automatic forwarding rules.
Finally, review and confirm the settings, then click Create to allow external forwarding in Microsoft 365 for a specific user.

How to enable external email forwarding for all mailboxes?

Similarly, you can allow external email forwarding for all mailboxes in your Microsoft 365 environment by following the steps below.

Sign in to the Microsoft 365 Defender portal as an admin and select Email & collaboration»Policies & rules»Threat policies»Anti-spam policies.
To edit the default policy, navigate to the Anti-spam outbound policy (Default), scroll down, and click on Edit protection settings at the bottom of the sidebar.
In the Forwarding Rules section, open the Automatic forwarding rules dropdown and select On - Forwarding is enabled. Then, click Save.

With AdminDroid, monitoring external email forwarding is as easy as pie!

The ‘Mailbox Forwarding Detailed Summary’ report helps you to identify both internal and external mailboxes that are forwarding enabled.
You can check the email forwarding details by simply mentioning the mailbox name in the ‘Search Users & Recipients’ easy filter at the top of the report.

How to find users who have automatic email forwarding configured in Microsoft 365?

Though we have configured external email forwarding rules for a specific external domain, it is highly essential to track the forwarding configured users to identify risky forwarding rules that could lead to data leaks or breaches.

The Auto Forwarded Messages report in the Exchange Online admin center provides details on users who have automatically forwarded messages to external recipients. Also, this report provides insights into how messages are being automatically forwarded from your organization's mailboxes to external recipients.

Additionally, it contains the following details that will help you to detect potential unauthorized or non-compliant email forwarding practices.

User Information: It displays which users have set up automatic forwarding on their mailboxes.
Recipient Details: Shows the external recipients to whom emails are being forwarded.
Forwarding Methods: Provide details on how the forwarding is set up, whether through inbox rules or other configurations.
Date and Time Stamps: Provides information on when the forwarding rules were created or when emails were forwarded.
Volume of Forwarded Emails: Indicates the number of emails forwarded over a specified period.

However, the report might not provide the deep forensic details necessary for complex investigations.

To efficiently monitor external forwarding in Exchange Online, you can create an AdminDroid alert to notify you whenever the external forwarding rule has been created.

You can use the alert policy template ‘Creation of external forwarded rule’ to generate alerts when a new external forwarded email rule is created in Outlook by Microsoft 365 users.

To create an alert policy from templates,

Navigate to the ‘Alert Policy Templates’ under Alerts.
Click the ‘Preview & Deploy’ button to configure an alert policy and get alerted whenever the external forwarding rule has been created.
Pro Tip: Make use of the different scopes available to set up AdminDroid alerts based on specific properties instead of organization-wide notifications.

How to block external forwarding in Exchange Online?

Disabling mail forwarding rules to external domains is a critical security measure to prevent data breaches, such as hackers stealing sensitive information or departing employees forwarding company emails to external addresses. Admins have the following methods to block auto-forwarding to external domains, ensuring only secure and necessary communications are allowed.

Here's an overview of each method with a brief description:

Mail Flow Rules:

Function: Create rules that specifically target and block emails being auto-forwarded to external domains.
Customization: Tailor these rules based on sender, recipient, or content criteria.
Flexibility: Allows for exceptions, catering to specific business needs while maintaining security.

Outbound Spam Policy:

Purpose: Manage and modify the organization's outbound spam policy to include restrictions on auto-forwarding.
Control: Provides a broader approach to monitor and control all outbound emails, especially useful for large-scale environments.

Remote Domain Settings:

Configuration: Adjust settings for remote domains to completely block automatic forwarding to those domains.
Granular Approach: Useful for managing forwarding permissions on a domain-by-domain basis, offering precise control over email flow.

By implementing these methods, admins effectively safeguard against unauthorized email forwarding, thus protecting sensitive data and maintaining the integrity of their organization's communication channels.

AdminDroid helps to monitor inbound & outbound spam emails in your Microsoft 365 environment. Immediately block those suspicious email addresses from email forwarding and improve Exchange mailbox security!

You can view the ‘Incoming External Spam Mails’ report to identify potentially harmful external domains. It includes all spam emails received from external sources, allowing you to filter suspicious domains and determine if they are frequent sources of spam emails.

AdminDroid Exchange Online ReporterMake a hunt for suspicious external email forwards in Microsoft 365!

AdminDroid’s Microsoft 365 email monitoring tool is an ideal solution to track external email forwarding rules in your Exchange Online. It enables swift detection and helps to take action against any suspicious external email forwarding activities, ensuring your Microsoft 365 environment remains secure and efficient.

Below are the unique capabilities that the AdminDroid Exchange Online reporter possesses:

A Quick Summary

Mailboxes with External Forwarding Inbox Rules

Review the 'Mailboxes with External Forwarding Inbox Rules' report to verify if any inbox rules have been set up, allowing external forwarding for specific mailboxes.

Dedicated External Users Insights

Manage Microsoft 365 external users with AdminDroid and review all the external user activities, memberships, etc., to prevent potential data breaches.

Overall Summary of Email Activity

An overview of email activities in Exchange Online, displaying all top mail readers, senders & receivers for a clear understanding and efficient mailbox management.

Check How many External Inbox Rules Configured

With AdminDroid, find susceptible external forwarding inbox rule configurations and modify them if they seem suspicious in your organization.

Efficient Exchange Mailbox Management

AdminDroid helps you to instantly access mailbox usage statistics and find top mailboxes that consume a high amount of storage in Exchange Online.

Track Incoming and Outgoing Spam Emails

Effortlessly monitor both incoming & outgoing spam emails to identify the primary sources and targets of spam that affect your Exchange Online security.

AdminDroid's Exchange Online management tool is an essential asset for monitoring both inbound and outbound email forwarding in your Microsoft 365 environment. By staying vigilant and informed, you can effectively sidestep security challenges and maintain a secure, attack-free Microsoft 365 environment.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Download

Common Errors and Resolution Steps for Exchange Online External Email Forwarding

The following are possible errors and troubleshooting hints associated with the Microsoft 365 external email forwarding report:

Error: 550 5.7.520 Access denied, Your organization does not allow external forwarding. Please contact your administrator for further assistance. AS(7550)

This error occurs when your Microsoft 365 admin has blocked the external email forwarding in your organization.

Troubleshooting hint :Reach out to your Microsoft 365 admin to enable the external email forwarding in Exchange Online. Admins can run the below cmdlet to enable it via PowerShell.

Connect-ExchangeOnline
Set-HostedOutboundSpamFilterPolicy -Identity Default -AutoForwardingMode On

Error: Your message couldn't be delivered because you don't have permission to forward it

This error occurs in Outlook and delivers an NDR (Non-delivery report) as you do not have the necessary permission to forward the email to an external domain.

Troubleshooting hint :Verify whether any forwarding rule blocks you from auto-forwarding an email to external domain and ensure that you have required Exchange Online permissions.

Error: Couldn't find object "x@gmail.com". Please make sure that it was spelled correctly or specify a different object.

This error occurs when you enter the external domain email address in the parameter –ForwardingAddress.

Troubleshooting hint :Add the parameter –ForwardingSMTPAddress instead of –ForwardingAddress to mention the external domain email address in the below cmdlet.

Set-Mailbox –Identity  -ForwardingSMTPAddress

Error: A custom mail flow created by an admin at domain has blocked your message.

This error occurs when the recipient's admin has implemented a transport rule to block certain emails. If emails are sent to the recipient that matches the criteria set by the admin, they will be blocked, and the sender will receive the above error message.

Troubleshooting hint :If the email forwarding is authentic, you can ask the external admin to remove the mail flow rule for your Microsoft 365 domain.

Error: ./EmailForwardingReport.ps1 cannot be loaded because running scripts is disabled on this system.

If you have set the execution policy settings to ‘RemoteSigned’, the above error will occur while running the PowerShell script.

Troubleshooting hint :Change the execution policy settings by running the below cmdlet.

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass

Delivering Reports on Time

Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid’s Scheduling to your email anytime you need.

Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add intelligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.

Set It, Schedule It, See Results - Your Reports, Your Way, On Your Time!

Time Saving Automation Customization Intelligent Filtering

Give Just the Right Access to the Right People

Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.

Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.

Align, Define, Simplify: AdminDroid's Granular Delegation

Smart Organizational Control Effortless M365 Management Simplified Access

Advanced Alerts at a Glance

Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.

Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.

AdminDroid Keeps You Always Vigilant, Never Vulnerable!

Proactive Protection Real-time Monitoring Security Intelligence Threat Detection

Merge the Required Data to One Place

Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.

This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.

Merge with Ease and Save as Views!

Custom Reporting Unique View Desired Columns Easy Data Interpretation

Insightful Charts and Exclusive Dashboards

Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.

With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.

Explore Your Microsoft 365 Tenant in a Whole New Way!

Executive overviews Interactive insights Decision-making Data Visualization

Efficient Report Exporting for Microsoft 365

Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.

Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.

Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!

Easy Export Seamless Downloading Data Control Manage Microsoft 365

How to Monitor External Email Forwarding Report in Microsoft 365