Export Office 365 Email Forwarding Report Using PowerShell

Email forwarding allows you to set up a mailbox to forward messages automatically to other mailboxes. Both users and admins create and manage email forwarding in Exchange Online. The conventional ways are SMTP forwarding, Transport Rules, and Inbox Rules. The email forwarding setup without restrictions increases the risk of confidential data being shared with other accounts.

Based on the email forwarding rules report, you can gain the below crucial facts.

1. Identify employees who override the admin’s email forwarding configuration.
2. Identify mailboxes with external forwarding set.
3. Assure email security: The sensitive data may get shared with an unintended audience.
4. Prevent critical emails reported as spam: It is essential to remove clients and third-party vendors from the email forwarding set up after the business need. When missed to discard, the concerned recipient may report it as spam. Due to this, the risk of important emails falling under the spam category is high.

Using UI: Following the below navigation, you can view all the email forwarding rules and configurations in the Exchange Online admin center (EAC). However, you cannot view inbox rules through UI is a huge drawback.

1. Email forwarding setup: You cannot view the email forwarding address directly. You need to click on each user’s profile. Select the ‘Manage mail flow settings’ option to view the configured forwarding addresses.
2. Transport Rules: Go to ‘Mail flow’ and select ‘Rules’. You can see all the redirected email forwarding rules and other transport rules in your organization.

Using PowerShell: You can use Exchange Online PowerShell cmdlets, Get-Mailbox, Get-InboxRule, and Get-TransportRule. But you will not get significant attributes that depict the email forwarding in your organization. You need to use multiple filters, executions to get the desired report.

To overcome the UI and PowerShell complexities, we have created an All-in-one PowerShell script. It helps to identify all the email forwarding configured via external email forwarding, transport rules setup, and inbox rule configurations. Let us start!

Script Highlights:

• Generates 3 different email forwarding rules reports.
• Automatically installs the Exchange Online module upon your confirmation when it is not available in your machine.
• Shows mailboxes in which email forwarding configured through ‘Forwarding SMTP Address’ and ‘Forward To’.
• Lists all inbox rules that forward email to others’ mailbox.
• Identifies transport rule that redirects emails to mailboxes
• Supports both MFA and Non-MFA accounts.
• Exports the report in CSV format.
• The script is scheduler-friendly. You can automate the report generation upon passing credentials as parameters.

Download Script: EmailForwardingReport.ps1

Using our script, you can obtain a detailed email forwarding report on the mailboxes in your organization. We have designed the script to assist admins in tracking the users who forward emails to their personal and external accounts. It also reveals all email forwarding rules and configurations found in your organization. We have outlined the steps for supplying inputs and generating reports below.

The user can override the admin email forwarding configuration by creating their forwarding setup in the Inbox (UI Navigation: Inbox-> Outlook setting-> Mail->Forwarding). Administrators can compare and find mismatched user records using our email forwarding reports. Users who forward emails to unauthorized accounts will be exposed as well.

This is the default report in our script. The mailbox forwarding report has attributes, as shown in the image. The ‘Forwarding SMTP Address’ displays both the internal and external email forwarding addresses, whereas the ‘Forward To’ displays the name of the internal forwarding recipient name.

Sample Output:

By using inbox rules, users can forward the email, forward it as an attachment, or redirect emails to other accounts. The administrator’s key responsibility is to identify these users to promote data security. Also, it is highly important to identify inbox rules that forward emails to external users.

To get the inbox rules with email forwarding, you can run the script with the ‘InboxRules’ switch.

Refer to the image for the attributes delivered by the inbox rules with the email forwarding report. The administrator decides the best prevention way to stop the unpermitted external and internal email forwarding using the ‘Forward As Attachment To’,’ Forward To’, and ‘Redirect To’ attributes in the report.

Sample Output:

The transport rules take action on messages while they are in transit, not after they are delivered. Due to negligence, a user may continue to send emails to recipients that no longer exist. The administrators have to act on that and redirect the emails to maintain proper mail flow throughout the organization.

To get transport rules that redirect emails to other mailboxes, run the script with the ‘MailFlowRules’ switch param.

See the below image to know the attributes in the transport rules with the email forwarding report. Use this report to find the redirected email recipients and other additional details of the redirected rules.

Sample Output:

You can schedule the PowerShell script to prepare the statistics report and establish better email forwarding rules. To schedule the execution, you can use MFA and non-MFA accounts.

To use the non-MFA admin accounts, try the format below.

If the admin account has MFA, then they cannot use it directly for scheduling. Instead, you have to disable MFA based on the Conditional Access Policy to make it work.

However, despite the warnings and restrictions given to the users, you cannot continue to risk business data. You can terminate the improper email forwarding users based on the data in our reports. We suggest the commonly used methods to block your users from using the email forwarding facility completely.

• Use outbound spam filter policy to control external email forward rules.
• Use Remote Domains to block automatic forwarding rules.
• Use transport rule to block auto-forward.
• Use role-based access control (RBAC) to hide auto-forward options.
• Use outlook web app policies to block email forwarding.

To get more detailed email forwarding report on

• Configuration methods
  • SMTP forwarding
  • Inbox rule forwarding
• Configured domain
  • Email forwarding to internal domain
  • Email forwarding to external domain
• Inbox rules
  • Inbox rules with internal forwarding
  • Inbox rules with external forwarding

• Mailbox forwarding summary report

you can take a look at AdminDroid Microsoft 365 reporting and auditing tool.

AdminDroid provides 1500+ pre-built reports and 20 smart visually appealing dashboards to know about your Office 365 environment at a glance. This tool provides reports on Office 365 reporting, auditing, analytics, usage statistics, security & compliance, etc.

Each report provides AI-powered graphical analysis to gain insights and better understand the data in a visually appealing manner.

Additionally, AdminDroid offers 100+ reports and dashboards completely for free. It includes reports on Users, Licenses, Groups, Group Members, Devices, Login Activities, Password Changes, License Changes, and more. The free edition doesn’t have any restrictions in reporting functionalities such as customization, scheduling, and exporting. Download Free Office 365 reporting tool by AdminDroid and see how it helps for you.

We hope this blog is helpful to get the detailed email forwarding reports successfully.