Export Office 365 Email Forwarding Report Using PowerShell

Email forwarding allows you to set up a mailbox to forward messages automatically to other mailboxes. Both users and admins create and manage email forwarding in Exchange Online. The conventional ways are SMTP forwarding, Transport Rules, and Inbox Rules. The email forwarding setup without restrictions increases the risk of confidential data being shared with other accounts.

 

Why it is Important to Find Office 365 Mailboxes with Email Forwarding Rules? 

Based on the email forwarding rules report, you can gain the below crucial facts. 

  1. Identify employees who override the admin’s email forwarding configuration. 
  2. Identify mailboxes with external forwarding set. 
  3. Assure email security: The sensitive data may get shared with an unintended audience.  
  4. Prevent critical emails reported as spam: It is essential to remove clients and third-party vendors from the email forwarding set up after the business need. When missed to discard, the concerned recipient may report it as spam. Due to this, the risk of important emails falling under the spam category is high. 

 

How to Get Email Forwarding Rules for a Mailbox? 

Using UI: Following the below navigation, you can view all the email forwarding rules and configurations in the Exchange Online admin center (EAC). However, you cannot view inbox rules through UI is a huge drawback.

  1. Email forwarding setup: You cannot view the email forwarding address directly. You need to click on each user’s profile. Select the ‘Manage mail flow settings’ option to view the configured forwarding addresses.  
  2. Transport Rules: Go to ‘Mail flow’ and select ‘Rules’. You can see all the redirected email forwarding rules and other transport rules in your organization. 

Using PowerShell: You can use Exchange Online PowerShell cmdlets, Get-Mailbox, Get-InboxRule, and Get-TransportRule. But you will not get significant attributes that depict the email forwarding in your organization. You need to use multiple filters, executions to get the desired report.

To overcome the UI and PowerShell complexities, we have created an All-in-one PowerShell script. It helps to identify all the email forwarding configurations such as external email forwarding, inbox rules, and transport rules set up together. Let us start!

 

Script Highlights: 
  • Generates 3 different email forwarding rules reports.  
  • Automatically installs the Exchange Online module upon your confirmation when it is not available in your machine. 
  • Shows mailboxes in which email forwarding configured through Forwarding SMTP Address’ and ‘Forward To’. 
  • Lists all inbox rules that forward email to others’ mailbox. 
  • Identifies transport rule that redirects emails to mailboxes 
  • Supports both MFA and Non-MFA accounts.    
  • Exports the report in CSV format.  
  • The script is scheduler-friendly. You can automate the report generation upon passing credentials as parameters. 

 

Download Script: EmailForwardingReport.ps1

 

Email Forwarding Report – Script Execution Overview 

Using our script, you can obtain a detailed email forwarding report on the mailboxes in your organization. We have designed the script to assist admins in tracking the users who forward emails to their personal and external accounts. It also reveals all email forwarding rules and configurations found in your organization. We have outlined the steps for supplying inputs and generating reports below.

 

List Office 365 Mailboxes with an Email Forwarding  

The user can override the admin email forwarding configuration by creating their forwarding setup in the Inbox (UI Navigation: Inbox-> Outlook setting-> Mail->Forwarding). Administrators can compare and find mismatched user records using our email forwarding reports. Users who forward emails to unauthorized accounts will be exposed as well. 

This is the default report in our script. The mailbox forwarding report has attributes, as shown in the image. The ‘Forwarding SMTP Address’ displays both the internal and external email forwarding addresses, whereas the ‘Forward To’ displays the name of the internal forwarding recipient name. 

Sample Output:

External Email Forwarding report

 

Find All Inbox Rules with Email Forwarding 

By using inbox rules, users can forward the email, forward it as an attachment, or redirect emails to other accounts. The administrator’s key responsibility is to identify these users to promote data security.

To get the inbox rules with email forwarding, you can run the script with the ‘InboxRules’ switch.

Refer to the image for the attributes delivered by the inbox rules with the email forwarding report. The administrator decides the best prevention way to stop the unpermitted external and internal email forwarding using the ‘Forward As Attachment To’,’ Forward To’, and ‘Redirect To’ attributes in the report. 

Sample Output:

Inbox Rules with Email Forwarding Report Using PowerShell

 

Get All Mail Flow Rules with Email Forwarding  

The transport rules take action on messages while they are in transit, not after they are delivered. Due to negligence, a user may continue to send emails to recipients that no longer exist. The administrators have to act on that and redirect the emails to maintain proper mail flow throughout the organization.

To get transport rules that redirect emails to other mailboxes, run the script with the ‘MailFlowRules’ switch param.

See the below image to know the attributes in the transport rules with the email forwarding report. Use this report to find the redirected email recipients and other additional details of the redirected rules. 

Sample Output: 

Transport Rules with Email Forwarding Report Using PowerShell

 

Schedule Office 365 Email Forwarding Report 

You can schedule the PowerShell script to prepare the statistics report and establish better email forwarding rules. To schedule the execution, you can use MFA and non-MFA accounts.

To use the non-MFA admin accounts, try the format below.   

If the admin account has MFA, then they cannot use it directly for scheduling. Instead, you have to disable MFA based on the Conditional Access Policy to make it work. 

 

Ways to Block the Automatic Email Forwarding – Quick Bites   

However, despite the warnings and restrictions given to the users, you cannot continue to risk business data. You can terminate the improper email forwarding users based on the data in our reports. We suggest the commonly used methods to block your users from using the email forwarding facility completely.

  • Use outbound spam filter policy to control external email forward rules. 
  • Use Remote Domains to block automatic forwarding rules. 
  • Use transport rule to block auto-forward. 
  • Use role-based access control (RBAC) to hide auto-forward options. 
  • Use outlook web app policies to block email forwarding. 

 

Get More Detailed Email Forwarding Report:

To get more detailed email forwarding report on

  • Configuration methods
    • SMTP forwarding
    • Inbox rule forwarding
  • Configured domain
    • Email forwarding to internal domain
    • Email forwarding to external domain
  • Inbox rules
    • Inbox rules with internal forwarding
    • Inbox rules with external forwarding
  • Mailbox forwarding summary report

you can take a look at AdminDroid Microsoft 365 reporting and auditing tool.

AdminDroid provides 950+ pre-built reports and 18 smart visually appealing dashboards to know about your Office 365 environment at a glance. This tool provides reports on Office 365 reporting, auditing, analytics, usage statistics, security & compliance, etc.

 

Office 365 Mailbox forwarding report

External email forwarding report

 

Additionally, AdminDroid offers 100+ reports and dashboards completely for free. It includes reports on Users, Licenses, Groups, Group Members, Devices, Login Activities, Password Changes, License Changes, and more. The free edition doesn’t have any restrictions in reporting functionalities such as customization, scheduling, and exporting. Download Free Office 365 reporting tool by AdminDroid and see how it helps for you.

We hope this blog is helpful to get the detailed email forwarding reports successfully.