asked on
MailRedirect // Office365 alert
I have this alert from microsoft
Activity: MailRedirect
User: abc@nnn.com
Details: MailRedirect. This alert is triggered whenever someone gets access to read your user's email.
I checked the user mail account in office 365, but I did not find any forwording. I checked Mailbox permissions and I have "There are no additional mailbox permissions set on this mailbox."
So what excatly is this alert about ?
Please help
ASKER
But I need to know what exactly is that alert about ?
In the email it said "Creation of forwarding/redirect rule "
Who is doing this? the user himself?
It's either user or another admin adding an inbox rule configured to forward emails. Alternatively, it could be a mail flow rule, it's worth checking if it turns out not to be inbox rules. You can easily check inbox rules using PowerShell.
This alert is triggered when someone in your organization sets up auto-forwarding, email forwarding, redirect rule or a mail flow rule
So you need to check if there is some sort of forwarding on the mailbox. If your users are allowed to create this and you do not want these messages, you should stop this rule in https://protection.office.com/alertpolicies
ASKER
Do you main that user "abc" have the abilty to "auto-forwarding, email forwarding, redirect rule or a mail flow rule" for himself or for others? does this message mean he do such an issue for his account or for other accounts?
ASKER
That was very good to know...
Now, ... how can I have a log for all actions that were done for an email and the user how do that action. for example, lock account or changing the password.
Is there any shell command or script for that?
ASKER
Any help?
Yes, you can have a log for all actions done on a mailbox, but it requires turning on mailbox auditing first. Here is a detailed description of this feature: Search the audit log in the Security & Compliance Center.
If you need any further help, don't hesitate to ask.
You can run a message trace to see if there are any forwarded emails and which mechanism is used for forwarding.
Details on message tracing in Office 365