A typical tactic after a business email compromise event is the creation of email forwarding rules using any one, or more, of these methods by an attacker:
– Use rules in Outlook Web App to automatically forward messages to another account
It is therefore good practice to regularly check and verify the email forwarding rules inside your Microsoft 365 environment.
I have created a free PowerShell script exactly for this purpose, which you can find here:
Office365/o365-exo-fwd-chk.ps1 at master · directorcia/Office365 · GitHub
and the video:
will provide a walk through of its execution.
3 thoughts on “Checking Microsoft 365 Email Forwarding using PowerShell”
Nice script. How do i modify this script to export this info to a csv
Use the -CSV command line parameter i.e .\o365-mx-check.ps1 -csv