Find Out Who is O365 External Forwarding With This One Trick

O365 External Forwarding

Now that you have disabled O365 External Forwarding for your organization, it’s time to find out who is using it….

List Users Who Are O365 External Forwarding

You may want to give your users a heads up that you will be disabling this feature. You can easily do this by connecting to the Exchange-Online PowerShell Module and using the Get-InboxRule commandlet. This example shows you how to get this list from a bunch of users:

#Connect to Exchange

Connect-ExchangeOnline

#Delcare Variables

$CSVPathUPN = “Path_To_UserList_CSV”

$StatusPath = “Path_To_User_Rules_Output_CSV”

#Run Script

#Try import UPN CSV file

try {
$UPNUsers = import-csv $CSVPathUPN -ErrorAction stop
}
catch {
throw “Error importing CSV: $($_.Exception.Message)”
break
}

#Go Through Each User

foreach ($UPNUser in $UPNUsers) {

#Go through each Rule and see if forwarding is set up

$x = 0

$user = $UPNUser.UPNUser

$items = @(Get-InboxRule -Mailbox $user)

$count = $items.count

while($x -lt $count) {    

    $rule = $items[$x].RuleIdentity
    $ruleWithQuotes = "{0}" -f $rule
    $rulename = $items[$x].Name
    $rulenamelength = $rulename.length

    #"`r",$rulename
    #$("-" * $rulenamelength) 

    $ForwardToObj = Get-InboxRule -Mailbox $user -Identity $ruleWithQuotes | Select ForwardTo
    $Contain = $ForwardToObj.ForwardTo

    if  ($Contain -like '*SMTP*') {
        $Contain

       } else {

        $Contain = "Not an External Forward or a Forward"
       }


    $ForwardAttachObj = Get-InboxRule -Mailbox $user -Identity $ruleWithQuotes | Select ForwardAsAttachment
    $Contain1 = $ForwardAttachObj.ForwardAsAttachment

    if  ($Contain1 -like '*SMTP*') {
        $Contain1

       } else {

        $Contain1 = "Not an External Forward or a Forward"

       }

$Rules = $user + "," + $rulename + "," + $Contain + "," + $Contain1

Write-Host $Rules
Write-Output $Rules | Out-File $StatusPath  -Append

    $x++
}

}

Write-Host All Rules Exported….

Disable External Forwarding for the Organization

When you are done writing and deploying the script, you need to make sure the default Anti-Spam Outbound Rule is enabled. As a Global Admin, go to admin.microsoft.com. Then go to Security / Policies and Rules / Threat Policies / Anti-Spam Policies:

O365 External Forwarding
Default Anti-Spam Policy

When you click on Anti-Spam Outbound Policy (Default), you will see a fly-out menu to your right. Click on “Edit Protection Settings” and make sure the Forwarding rules are set to off:

O365 External Forwarding
Turn Off External Forwarding for the Entire Organization.

Save your settings and it is now turned off. Notify your list if users from step one and you are done. going forward, If you prefer sending an NDR to the user when they either setup a rule or try to use it you can set up a Transport Rule in Exchange admin instead.

Go to admin.exchange.com and navigate to Mail Flow / Rules. Set up a rule to block Auto-Forward to recipients outside the organization with an explanation:

O365 External Forwarding

This article explains it very well.

Your Users may not like it but it protects the organization from comprised email through phishing attacks and rogue employees.

Happy IT’ing

Dan

Avatar photo

I am an IT professional with over twenty years experience in the field. I have supported thousands of users over the years. The organizations I have worked for range in size from one person to hundreds of people. I have performed support from Help Desk, Network / Cloud Administration, Network Support, Application Support, Implementation and Security.

Pin It on Pinterest