🎉 Our Office 365 Reporting Tool is now available in Azure Marketplace 🚀
This website uses cookies to improve your experience. We'll assume you're ok with this. Know more.
Exchange Online

How to Monitor External Email Forwarding Report in Microsoft 365

Sharing data with external domains has become a new normal in today's digital era. However, misconfigured external email forwarding can lead users to accidentally expose the sensitive Microsoft 365 information to attackers. Thus, we are here to guide you in verifying and managing your external email forwarding rules in Exchange Online.

Solution 1
Solution 2
Solution 3
Solution 4
Important Tips
Errors and Resolution Steps
FAQs

Using Exchange Online Admin Center

Microsoft 365 Permission Required
Global Administrator, Exchange Administrator, or Global Reader
  • Sign in to the Exchange Online admin center.
  • Navigate to Email forwarding under Recipients»Mailboxes»'Select a specific mailbox'.
  • If forwarding has been turned 'On' for the selected mailbox, you can find the external email address under ‘Forward to an external email address’ as given in the screenshot below.
Using Exchange Online Admin Center

Using Windows PowerShell

Microsoft 365 Permission Required
Global Administrator, Exchange Administrator, or Global Reader
  • Navigating each mailbox in the admin center to check external email forwarding status can be challenging.
  • Fortunately, PowerShell simplifies it by directly providing the external email forwarding enabled mailboxes when executing the below cmdlet.
  • Windows PowerShell Windows PowerShell 
     Connect-ExchangeOnline

Get-Mailbox -ResultSize Unlimited -RecipientTypeDetails UserMailbox | Where-Object { $_.ForwardingSmtpAddress -ne $null -and $_.ForwardingSmtpAddress -notlike ‘Your-domain' } | Select UserPrincipalName, ForwardingSmtpAddress, DeliverToMailboxAndForward
  • You can get the forwarding address for a specific domain by replacing <Your-domain> with your internal domain name.
Using Windows PowerShell

Using PowerShell Script

Microsoft 365 Permission Required
Global Administrator, Exchange Administrator, or Global Reader
  • However, the above cmdlet fails to provide the correct outcome when multiple domains are present in your tenant. Also, you need an advanced level of PowerShell knowledge to create a script.
  • To help you with this, we have prepared a handy script that exports the Office 365 email forwarding report. It contains forwarding email addresses associated with all the domains in your tenant, along with details on inbox rules configured in your organization.
Using PowerShell Script
EmaiForwardingReport.ps1 Also, to identify Exchange Online inbox rules with external forwarding, you can execute the following script in Administrator PowerShell.
GetInboxRulesWithExternalForwarding.ps1
inbox-rules-email-forwarding-ps-script
AdminDroid Exchange Online Reporter

Make a hunt for suspicious external email forwards in Microsoft 365!

AdminDroid’s Microsoft 365 email monitoring tool is an ideal solution to track external email forwarding rules in your Exchange Online. It enables swift detection and helps to take action against any suspicious external email forwarding activities, ensuring your Microsoft 365 environment remains secure and efficient.

Mailboxes with External Forwarding Inbox Rules

Review the 'Mailboxes with External Forwarding Inbox Rules' report to verify if any inbox rules have been set up, allowing external forwarding for specific mailboxes.

Dedicated External Users Insights

Manage Microsoft 365 external users with AdminDroid and review all the external user activities, memberships, etc., to prevent potential data breaches.

Overall Summary of Email Activity

An overview of email activities in Exchange Online, displaying all top mail readers, senders & receivers for a clear understanding and efficient mailbox management.

Check How many External Inbox Rules Configured

With AdminDroid, find susceptible external forwarding inbox rule configurations and modify them if they seem suspicious in your organization.

Efficient Exchange Mailbox Management

AdminDroid helps you to instantly access mailbox usage statistics and find top mailboxes that consume a high amount of storage in Exchange Online.

Track Incoming and Outgoing Spam Emails

Effortlessly monitor both incoming & outgoing spam emails to identify the primary sources and targets of spam that affect your Exchange Online security.

AdminDroid's Exchange Online management tool is an essential asset for monitoring both inbound and outbound email forwarding in your Microsoft 365 environment. By staying vigilant and informed, you can effectively sidestep security challenges and maintain a secure, attack-free Microsoft 365 environment.

Explore a full range of reporting options
Download Live Demo

Important Tips

To minimize Microsoft 365 security risks, restrict external forwarding to certain roles or individuals and regularly manage these rules as not everyone needs it.

Keep an eye on external email traffic for unusual patterns, like spikes in forwarding or emails to suspicious domains to quickly address potential security threats.

Enable unified audit logging to record and detect risky Exchange Online email activities, including external forwarding rule changes and delegate mailbox accesses.

Common Errors and Resolution Steps

The following are possible errors and troubleshooting hints associated with the Microsoft 365 external email forwarding report:

Error 550 5.7.520 Access denied, Your organization does not allow external forwarding. Please contact your administrator for further assistance. AS(7550)

This error occurs when your Microsoft 365 admin has blocked the external email forwarding in your organization.

Fix Reach out to your Microsoft 365 admin to enable the external email forwarding in Exchange Online. Admins can run the below cmdlet to enable it via PowerShell. 
Connect-ExchangeOnline
Set-HostedOutboundSpamFilterPolicy -Identity Default -AutoForwardingMode On

Error Your message couldn't be delivered because you don't have permission to forward it

This error occurs in Outlook and delivers an NDR (Non-delivery report) as you do not have the necessary permission to forward the email to an external domain.

Fix Verify whether any forwarding rule blocks you from auto-forwarding an email to external domain and ensure that you have required Exchange Online permissions.

Error Couldn't find object "x@gmail.com". Please make sure that it was spelled correctly or specify a different object.

This error occurs when you enter the external domain email address in the parameter –ForwardingAddress.

Fix Add the parameter –ForwardingSMTPAddress instead of –ForwardingAddress to mention the external domain email address in the below cmdlet. 
Set-Mailbox –Identity  -ForwardingSMTPAddress

Error A custom mail flow created by an admin at *domain* has blocked your message.

This error occurs when the recipient's admin has implemented a transport rule to block certain emails. If emails are sent to the recipient that matches the criteria set by the admin, they will be blocked, and the sender will receive the above error message.

Fix If the email forwarding is authentic, you can ask the external admin to remove the mail flow rule for your Microsoft 365 domain.

Error ./EmailForwardingReport.ps1 cannot be loaded because running scripts is disabled on this system.

If you have set the execution policy settings to ‘RemoteSigned’, the above error will occur while running the PowerShell script.

Fix Change the execution policy settings by running the below cmdlet. 
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
Exchange Online
Frequently Asked Questions

Safeguard Against External Email Forwarding Threats in Microsoft 365

How to enable automatic external email forwarding for individual mailboxes?
How to enable external email forwarding for all mailboxes?
How to find users who have automatic email forwarding configured in Microsoft 365?
How to block external forwarding in Exchange Online?

1. How to enable automatic external email forwarding for individual mailboxes?

You can set up an anti-spam outbound policy to allow external email forwarding while managing your organization's email security. Follow the steps below to create an external forwarding policy in Microsoft 365.

  • Login to the Microsoft 365 Defender portal as an admin and navigate to Email & collaboration»Policies & rules»Threat policies»Anti-spam policies.
  • If you can't see these options or no policies appear, ensure you're logged in with sufficient admin permissions.
  • To create a policy, click on + Create policy, then choose Outbound.
  • Name and describe your new outbound spam filter policy.
  • Click Next, search for and select the user, group or domain that you wish to allow external forwarding.
  • Set the outbound anti-spam settings for the policy. Click Next, go to Forwarding rules, and select On - Forwarding is enabled from the dropdown under Automatic forwarding rules.
  • Finally, review and confirm the settings, then click Create to allow external forwarding in Microsoft 365 for a specific user.
review-outbound-policy

2. How to enable external email forwarding for all mailboxes?

Similarly, you can allow external email forwarding for all mailboxes in your Microsoft 365 environment by following the steps below.

  • Sign in to the Microsoft 365 Defender portal as an admin and select Email & collaboration»Policies & rules»Threat policies»Anti-spam policies.
  • To edit the default policy, navigate to the Anti-spam outbound policy (Default), scroll down, and click on Edit protection settings at the bottom of the sidebar.
  • In the Forwarding Rules section, open the Automatic forwarding rules dropdown and select On - Forwarding is enabled. Then, click Save.
anti-spam-outbound-policy

With AdminDroid, monitoring external email forwarding is as easy as pie!

  • The ‘Mailbox Forwarding Detailed Summary’ report helps you to identify both internal and external mailboxes that are forwarding enabled.
  • You can check the email forwarding details by simply mentioning the mailbox name in the ‘Search Users & Recipients’ easy filter at the top of the report.
mailbox-forwarding-summary-report

3. How to find users who have automatic email forwarding configured in Microsoft 365?

Though we have configured external email forwarding rules for a specific external domain, it is highly essential to track the forwarding configured users to identify risky forwarding rules that could lead to data leaks or breaches.

The Auto Forwarded Messages report in the Exchange Online admin center provides details on users who have automatically forwarded messages to external recipients. Also, this report provides insights into how messages are being automatically forwarded from your organization's mailboxes to external recipients.

Additionally, it contains the following details that will help you to detect potential unauthorized or non-compliant email forwarding practices.

  • User Information: It displays which users have set up automatic forwarding on their mailboxes.
  • Recipient Details: Shows the external recipients to whom emails are being forwarded.
  • Forwarding Methods: Provide details on how the forwarding is set up, whether through inbox rules or other configurations.
  • Date and Time Stamps: Provides information on when the forwarding rules were created or when emails were forwarded.
  • Volume of Forwarded Emails: Indicates the number of emails forwarded over a specified period.

However, the report might not provide the deep forensic details necessary for complex investigations.

To efficiently monitor external forwarding in Exchange Online, you can create an AdminDroid alert to notify you whenever the external forwarding rule has been created.

You can use the alert policy template ‘Creation of external forwarded rule’ to generate alerts when a new external forwarded email rule is created in Outlook by Microsoft 365 users.

To create an alert policy from templates,

  • Navigate to the ‘Alert Policy Templates’ under Alerts.
  • Click the ‘Preview & Deploy’ button to configure an alert policy and get alerted whenever the external forwarding rule has been created.
  • Pro Tip: Make use of the different scopes available to set up AdminDroid alerts based on specific properties instead of organization-wide notifications.
alert-policy

4. How to block external forwarding in Exchange Online?

Disabling mail forwarding rules to external domains is a critical security measure to prevent data breaches, such as hackers stealing sensitive information or departing employees forwarding company emails to external addresses. Admins have the following methods to block auto-forwarding to external domains, ensuring only secure and necessary communications are allowed.

Here's an overview of each method with a brief description:

Mail Flow Rules:

  • Function: Create rules that specifically target and block emails being auto-forwarded to external domains.
  • Customization: Tailor these rules based on sender, recipient, or content criteria.
  • Flexibility: Allows for exceptions, catering to specific business needs while maintaining security.

Outbound Spam Policy:

  • Purpose: Manage and modify the organization's outbound spam policy to include restrictions on auto-forwarding.
  • Control: Provides a broader approach to monitor and control all outbound emails, especially useful for large-scale environments.

Remote Domain Settings:

  • Configuration: Adjust settings for remote domains to completely block automatic forwarding to those domains.
  • Granular Approach: Useful for managing forwarding permissions on a domain-by-domain basis, offering precise control over email flow.

By implementing these methods, admins effectively safeguard against unauthorized email forwarding, thus protecting sensitive data and maintaining the integrity of their organization's communication channels.

AdminDroid helps to monitor inbound & outbound spam emails in your Microsoft 365 environment. Immediately block those suspicious email addresses from email forwarding and improve Exchange mailbox security!

  • You can view the ‘Incoming External Spam Mails’ report to identify potentially harmful external domains. It includes all spam emails received from external sources, allowing you to filter suspicious domains and determine if they are frequent sources of spam emails.
incoming-spam-emails

Kickstart Your Journey With
AdminDroid

Your Microsoft 365 Companion with Enormous Reporting Capabilities

Download Now
Browse All Guides
User Help Manuals Compliance Docs
All Guides 99+
Exchange Online
How to Monitor External Email Forwarding Report in Microsoft 365
Exchange Online Guides
x
Delivering Reports on Time
Delivering Reports on Time
Want a desired Microsoft 365 reports every Monday morning? Ensure automated report distribution and timely delivery with AdminDroid's Scheduling to your email anytime you need.
Delivering Reports on Time
Schedule tailored reports to execute automatically at the time you set and deliver straight to the emails you choose. In addition, you can customize report columns and add inteligent filtering to the activities just from the previous day to suit your Microsoft 365 report requirements.
Set It, Schedule It, See Results- Your Reports, Your Way, On Your Time!
Time Saving
Automation
Customization
Intelligent Filtering
Give Just the Right Access to the Right People
Give Just the Right Access to the Right People
Grant fine-tuned access to any Microsoft 365 user with AdminDroid’s Granular Delegation and meet your organization’s security and compliance requirements.
Give Just the Right Access to the Right People
Create custom roles loaded with just the right permissions and give access to admins or normal users within AdminDroid. The result? A streamlined Microsoft 365 management experience that aligns your organization's security protocols and saves your invaluable time and effort.
Align, Define, Simplify: AdminDroid's Granular Delegation
Smart Organizational Control
Effortless M365 Management
Simplified Access
Advanced Alerts at a Glance
Advanced Alerts at a Glance
Receive quick notifications for malicious Microsoft 365 activities. Engage with the AdminDroid’s real-time alert policies crafted to streamline your security investigations.
Advanced Alerts at a Glance
Stay informed of critical activities like suspicious emails and high-risk logins, bulk file sharing, etc. Through creating and validating ideal alert policies, AdminDroid provides a comprehensive approach to real-time monitoring and management of potential threats within your organization.
AdminDroid Keeps You Always Vigilant, Never Vulnerable!
Proactive Protection
Real-time Monitoring
Security Intelligence
Threat Detection
Merge the Required Data to One Place
Merge the Required Data to One Place
Combine multiple required columns into one comprehensive report and prioritize the information that matters most to you with AdminDroid’s Advanced Column Customization.
Merge the Required Data to One Place
This column merging capability offers a flexible way to add different columns from various reports and collate all the essential data in one place. Want to revisit the customized report? Save it as a 'View’, and your unique report is ready whenever you need it.
Merge with Ease and Save as Views!
Custom Reporting
Unique View
Desired Columns
Easy Data Interpretation
Insightful Charts and Exclusive Dashboards
Insightful Charts and Exclusive Dashboards
Get a quick and easy overview of your tenant's activity, identify potential problems, and take action to protect your data with AdminDroid’s Charts and Dashboards.
Insightful Charts and Exclusive Dashboards
With AdminDroid charts and dashboards, visualize your Microsoft 365 tenant in ways you've never thought possible. It's not just about viewing; it's about understanding, controlling, and transforming your Microsoft 365 environment.
Explore Your Microsoft 365 Tenant in a Whole New Way!
Executive overviews
Interactive insights
Decision-making
Data Visualization
Efficient Report Exporting for Microsoft 365
Efficient Report Exporting for Microsoft 365
Downloading your reports in the right file format shouldn’t be a hassle with AdminDroid’s Report Export. Experience seamless report exporting in various formats that cater to your needs.
Efficient Report Exporting for Microsoft 365
Navigate through diverse options and export Microsoft 365 reports flawlessly in your desired file format. Tailor your reports precisely as you need them and save them directly to your computer.
Take Control, Customize and Deliver- Your Office 365 Data, Exported in Your Way!
Easy Export
Seamless Downloading
Data Control
Manage Microsoft 365

Get AdminDroid Office 365 Reporter Now!

Free Download Live Demo