🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.

How to Monitor External Email Forwarding Report in Microsoft 365

Sharing data with external domains has become a new normal in today's digital era. However, misconfigured external email forwarding can lead users to accidentally expose the sensitive Microsoft 365 information to attackers. Thus, we are here to guide you in verifying and managing your external email forwarding rules in Exchange Online.

Native Solution

Microsoft 365 Permission Required

High

Global Administrator, Exchange Administrator, or Global Reader

Option 1 Using Exchange Online Admin Center

  • Sign in to the Exchange Online admin center.
  • Navigate to Email forwarding under Recipients»Mailboxes»'Select a specific mailbox'.
  • If forwarding has been turned 'On' for the selected mailbox, you can find the external email address under ‘Forward to an external email address’ as given in the screenshot below.
Using Exchange Online Admin Center

Option 2 Using Windows PowerShell

  • Navigating each mailbox in the admin center to check external email forwarding status can be challenging.
  • Fortunately, PowerShell simplifies it by directly providing the external email forwarding enabled mailboxes when executing the below cmdlet.
  • Windows PowerShell Windows PowerShell
     Connect-ExchangeOnline
    
    Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox | Where-Object { $_.ForwardingSmtpAddress -ne $null -and $_.ForwardingSmtpAddress -notlike ‘Your-domain' } | Select UserPrincipalName, ForwardingSmtpAddress, DeliverToMailboxAndForward
  • You can get the forwarding address for a specific domain by replacing <Your-domain> with your internal domain name.
Using Windows PowerShell

Option 3 Using PowerShell Script

  • However, the above cmdlet fails to provide the correct outcome when multiple domains are present in your tenant. Also, you need an advanced level of PowerShell knowledge to create a script.
  • To help you with this, we have prepared a handy script that exports the Office 365 email forwarding report. It contains forwarding email addresses associated with all the domains in your tenant, along with details on inbox rules configured in your organization.
Using PowerShell Script
Also, to identify Exchange Online inbox rules with external forwarding, you can execute the following script in Administrator PowerShell.
AdminDroid Solution
More than 150 reports are under the free edition.

AdminDroid Permission Required

Any user with report access delegated by the Super Admin.

StepsUsing AdminDroid

ad
  • Login to the AdminDroid Office 365 reporter.
  • Navigate to the "Mailbox with SMTP Forwarding" report residing under Analytics»Exchange analytics»Mailbox forwarding section.
Using AdminDroid

An in-depth report on external email forwarding offers valuable insights, such as the mailboxes that are forwarding enabled, email forwarding SMTP addresses along with respective mailbox details.

No Report Spotlighting External Domains in Native Solutions!

Yes, despite native solutions offering details on allowed external forwarding addresses, they lack a dedicated report that consolidates all external domains into a single comprehensive list.

AdminDroid offers an exclusive report on External Domains Configured in Mailbox Forwarding, that lets you find included external domains for email forwarding along with the internal email addresses.

external-domain-report

Monitor external email forwarding reports with ease!

Protect your data from potential risks by limiting external email forwarding! AdminDroid email monitoring tool helps you permit only trusted external domains for email forwarding.

Witness the report in action using the

Important Tips

To minimize Microsoft 365 security risks, restrict external forwarding to certain roles or individuals and regularly manage these rules as not everyone needs it.

Keep an eye on external email traffic for unusual patterns, like spikes in forwarding or emails to suspicious domains to quickly address potential security threats.

Enable unified audit logging to record and detect risky Exchange Online email activities, including external forwarding rule changes and delegate mailbox accesses.

Exchange OnlineSafeguard Against External Email Forwarding Threats in Microsoft 365

Showing 1 of 4

How to enable automatic external email forwarding for individual mailboxes?

You can set up an anti-spam outbound policy to allow external email forwarding while managing your organization's email security. Follow the steps below to create an external forwarding policy in Microsoft 365.

  • Login to the Microsoft 365 Defender portal as an admin and navigate to Email & collaboration»Policies & rules»Threat policies»Anti-spam policies.
  • If you can't see these options or no policies appear, ensure you're logged in with sufficient admin permissions.
  • To create a policy, click on + Create policy, then choose Outbound.
  • Name and describe your new outbound spam filter policy.
  • Click Next, search for and select the user, group or domain that you wish to allow external forwarding.
  • Set the outbound anti-spam settings for the policy. Click Next, go to Forwarding rules, and select On - Forwarding is enabled from the dropdown under Automatic forwarding rules.
  • Finally, review and confirm the settings, then click Create to allow external forwarding in Microsoft 365 for a specific user.
review-outbound-policy

How to enable external email forwarding for all mailboxes?

Similarly, you can allow external email forwarding for all mailboxes in your Microsoft 365 environment by following the steps below.

  • Sign in to the Microsoft 365 Defender portal as an admin and select Email & collaboration»Policies & rules»Threat policies»Anti-spam policies.
  • To edit the default policy, navigate to the Anti-spam outbound policy (Default), scroll down, and click on Edit protection settings at the bottom of the sidebar.
  • In the Forwarding Rules section, open the Automatic forwarding rules dropdown and select On - Forwarding is enabled. Then, click Save.
anti-spam-outbound-policy

With AdminDroid, monitoring external email forwarding is as easy as pie!

  • The ‘Mailbox Forwarding Detailed Summary’ report helps you to identify both internal and external mailboxes that are forwarding enabled.
  • You can check the email forwarding details by simply mentioning the mailbox name in the ‘Search Users & Recipients’ easy filter at the top of the report.
mailbox-forwarding-summary-report

How to find users who have automatic email forwarding configured in Microsoft 365?

Though we have configured external email forwarding rules for a specific external domain, it is highly essential to track the forwarding configured users to identify risky forwarding rules that could lead to data leaks or breaches.

The Auto Forwarded Messages report in the Exchange Online admin center provides details on users who have automatically forwarded messages to external recipients. Also, this report provides insights into how messages are being automatically forwarded from your organization's mailboxes to external recipients.

Additionally, it contains the following details that will help you to detect potential unauthorized or non-compliant email forwarding practices.

  • User Information: It displays which users have set up automatic forwarding on their mailboxes.
  • Recipient Details: Shows the external recipients to whom emails are being forwarded.
  • Forwarding Methods: Provide details on how the forwarding is set up, whether through inbox rules or other configurations.
  • Date and Time Stamps: Provides information on when the forwarding rules were created or when emails were forwarded.
  • Volume of Forwarded Emails: Indicates the number of emails forwarded over a specified period.

However, the report might not provide the deep forensic details necessary for complex investigations.

To efficiently monitor external forwarding in Exchange Online, you can create an AdminDroid alert to notify you whenever the external forwarding rule has been created.

You can use the alert policy template ‘Creation of external forwarded rule’ to generate alerts when a new external forwarded email rule is created in Outlook by Microsoft 365 users.

To create an alert policy from templates,

  • Navigate to the ‘Alert Policy Templates’ under Alerts.
  • Click the ‘Preview & Deploy’ button to configure an alert policy and get alerted whenever the external forwarding rule has been created.
  • Pro Tip: Make use of the different scopes available to set up AdminDroid alerts based on specific properties instead of organization-wide notifications.
alert-policy

How to block external forwarding in Exchange Online?

Disabling mail forwarding rules to external domains is a critical security measure to prevent data breaches, such as hackers stealing sensitive information or departing employees forwarding company emails to external addresses. Admins have the following methods to block auto-forwarding to external domains, ensuring only secure and necessary communications are allowed.

Here's an overview of each method with a brief description:

Mail Flow Rules:

  • Function: Create rules that specifically target and block emails being auto-forwarded to external domains.
  • Customization: Tailor these rules based on sender, recipient, or content criteria.
  • Flexibility: Allows for exceptions, catering to specific business needs while maintaining security.

Outbound Spam Policy:

  • Purpose: Manage and modify the organization's outbound spam policy to include restrictions on auto-forwarding.
  • Control: Provides a broader approach to monitor and control all outbound emails, especially useful for large-scale environments.

Remote Domain Settings:

  • Configuration: Adjust settings for remote domains to completely block automatic forwarding to those domains.
  • Granular Approach: Useful for managing forwarding permissions on a domain-by-domain basis, offering precise control over email flow.

By implementing these methods, admins effectively safeguard against unauthorized email forwarding, thus protecting sensitive data and maintaining the integrity of their organization's communication channels.

AdminDroid helps to monitor inbound & outbound spam emails in your Microsoft 365 environment. Immediately block those suspicious email addresses from email forwarding and improve Exchange mailbox security!

  • You can view the ‘Incoming External Spam Mails’ report to identify potentially harmful external domains. It includes all spam emails received from external sources, allowing you to filter suspicious domains and determine if they are frequent sources of spam emails.
incoming-spam-emails

AdminDroid Exchange Online ReporterMake a hunt for suspicious external email forwards in Microsoft 365!

AdminDroid’s Microsoft 365 email monitoring tool is an ideal solution to track external email forwarding rules in your Exchange Online. It enables swift detection and helps to take action against any suspicious external email forwarding activities, ensuring your Microsoft 365 environment remains secure and efficient.

Below are the unique capabilities that the AdminDroid Exchange Online reporter possesses:

A Quick Summary

Mailboxes with External Forwarding Inbox Rules

Review the 'Mailboxes with External Forwarding Inbox Rules' report to verify if any inbox rules have been set up, allowing external forwarding for specific mailboxes.

Dedicated External Users Insights

Manage Microsoft 365 external users with AdminDroid and review all the external user activities, memberships, etc., to prevent potential data breaches.

Overall Summary of Email Activity

An overview of email activities in Exchange Online, displaying all top mail readers, senders & receivers for a clear understanding and efficient mailbox management.

Check How many External Inbox Rules Configured

With AdminDroid, find susceptible external forwarding inbox rule configurations and modify them if they seem suspicious in your organization.

Efficient Exchange Mailbox Management

AdminDroid helps you to instantly access mailbox usage statistics and find top mailboxes that consume a high amount of storage in Exchange Online.

Track Incoming and Outgoing Spam Emails

Effortlessly monitor both incoming & outgoing spam emails to identify the primary sources and targets of spam that affect your Exchange Online security.

AdminDroid's Exchange Online management tool is an essential asset for monitoring both inbound and outbound email forwarding in your Microsoft 365 environment. By staying vigilant and informed, you can effectively sidestep security challenges and maintain a secure, attack-free Microsoft 365 environment.

Kickstart Your Journey with AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities!

Common Errors and Resolution Steps for Exchange Online External Email Forwarding

The following are possible errors and troubleshooting hints associated with the Microsoft 365 external email forwarding report:

Error: 550 5.7.520 Access denied, Your organization does not allow external forwarding. Please contact your administrator for further assistance. AS(7550)

This error occurs when your Microsoft 365 admin has blocked the external email forwarding in your organization.

Troubleshooting hint :Reach out to your Microsoft 365 admin to enable the external email forwarding in Exchange Online. Admins can run the below cmdlet to enable it via PowerShell.

Connect-ExchangeOnline
Set-HostedOutboundSpamFilterPolicy -Identity Default -AutoForwardingMode On

Error: Your message couldn't be delivered because you don't have permission to forward it

This error occurs in Outlook and delivers an NDR (Non-delivery report) as you do not have the necessary permission to forward the email to an external domain.

Troubleshooting hint :Verify whether any forwarding rule blocks you from auto-forwarding an email to external domain and ensure that you have required Exchange Online permissions.

Error: Couldn't find object "x@gmail.com". Please make sure that it was spelled correctly or specify a different object.

This error occurs when you enter the external domain email address in the parameter –ForwardingAddress.

Troubleshooting hint :Add the parameter –ForwardingSMTPAddress instead of –ForwardingAddress to mention the external domain email address in the below cmdlet.

Set-Mailbox –Identity  -ForwardingSMTPAddress 

Error: A custom mail flow created by an admin at *domain* has blocked your message.

This error occurs when the recipient's admin has implemented a transport rule to block certain emails. If emails are sent to the recipient that matches the criteria set by the admin, they will be blocked, and the sender will receive the above error message.

Troubleshooting hint :If the email forwarding is authentic, you can ask the external admin to remove the mail flow rule for your Microsoft 365 domain.

Error: ./EmailForwardingReport.ps1 cannot be loaded because running scripts is disabled on this system.

If you have set the execution policy settings to ‘RemoteSigned’, the above error will occur while running the PowerShell script.

Troubleshooting hint :Change the execution policy settings by running the below cmdlet.

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass