Link to home
Start Free TrialLog in
Avatar of Pal Experts
Pal ExpertsFlag for Belgium

asked on

MailRedirect // Office365 alert

Hello

I have this alert from microsoft

Activity: MailRedirect
User: abc@nnn.com
Details: MailRedirect. This alert is triggered whenever someone gets access to read your user's email.


I checked the user mail account in office 365, but I did not find any forwording. I checked Mailbox permissions and I have "There are no additional mailbox permissions set on this mailbox."

So what excatly is this alert about ?

Please help
Avatar of Adam the 32-bit Aardvark
Adam the 32-bit Aardvark
Flag of Poland image

You can run a message trace to see if there are any forwarded emails and which mechanism is used for forwarding.

Details on message tracing in Office 365

Avatar of Pal Experts
Pal Experts
Flag of Belgium image

ASKER

Thank you Adam

But I need to know what exactly is that alert about ?

In the email it said "Creation of forwarding/redirect rule "

Who is doing this? the user himself?
Avatar of Adam the 32-bit Aardvark
Adam the 32-bit Aardvark
Flag of Poland image

It's either user or another admin adding an inbox rule configured to forward emails. Alternatively, it could be a mail flow rule, it's worth checking if it turns out not to be inbox rules. You can easily check inbox rules using PowerShell.

Avatar of Bastiaan
Bastiaan
Flag of Netherlands image

This alert is triggered when someone in your organization sets up auto-forwarding, email forwarding, redirect rule or a mail flow rule


So you need to check if there is some sort of forwarding on the mailbox. If your users are allowed to create this and you do not want these messages, you should stop this rule in  https://protection.office.com/alertpolicies

Avatar of Pal Experts
Pal Experts
Flag of Belgium image

ASKER

Hello bleeuwen

 Do you main that user "abc" have the abilty to "auto-forwarding, email forwarding, redirect rule or a mail flow rule" for himself or for others? does this message mean he do such an issue for his account or for other accounts?
ASKER CERTIFIED SOLUTION
Avatar of Bastiaan
Bastiaan
Flag of Netherlands image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Pal Experts
Pal Experts
Flag of Belgium image

ASKER

Thank you very much bleeuwen

That was very good to know...

Now, ... how can I have a log for all actions that were done for an email and the user how do that action. for example, lock account or changing the password.

Is there any shell command or script for that?
Avatar of Pal Experts
Pal Experts
Flag of Belgium image

ASKER

Hello

Any help?
Avatar of Adam the 32-bit Aardvark
Adam the 32-bit Aardvark
Flag of Poland image

Yes, you can have a log for all actions done on a mailbox, but it requires turning on mailbox auditing first. Here is a detailed description of this feature: Search the audit log in the Security & Compliance Center.

If you need any further help, don't hesitate to ask.