VitalSigns offers a feature called Office 365 Mailboxes & Users which offers several different ways of viewing information about how mail is used in your O365 tenant. One common concern shared by many organizations is the multitude of ways that end users can automatically forward their mail to external email addresses. Sometimes forwarding makes perfect sense, such as when a support@ email is forwarded to a ticketing system but other times such forwarding could represents an unauthorized distribution of proprietary information.
O365 offers three ways to forward email:
1) forwardingSMTPAddress property
Set in OWA by selecting Options – Mail – Accounts – Forwarding or via PowerShell.
2) Inbox and sweep rules
Set in OWA by selecting Options – Mail – Inbox and sweep rules or in Outlook by selecting File – Manage Rules & Alerts
3) forwardingAddress property
Set via the O365 EAC Recipients – Mailboxes – Mailbox features – Delivery Options
Office 365 Mailboxes & Users Page
In the Office 365 Mailboxes & Users page, Mailboxes tab VitalSigns displays a grid populated with all the key attributes of all the mailboxes in your tenant. Among these attributes is all the ways that end users can forward their mail and what the current values are. In this way you can very easily identify which mailboxes are forwarding mail, where the forwarded mail is going, and what method of forwarding was used to to set it up.
Don’t get caught surprised when your Corporate Compliance/Security Officer asks you about mail forwarding– use VitalSigns in advance to make sure nothing critical is leaking out of your organization!
If you do find something that seems out of place, you can easily disable it right within VitalSigns by selecting the appropriate PowerScript – no additional credentials or PowerShell scripting knowledge required. This mailbox action will be written to the VitalSigns PowerScripts log and is fully auditable after the fact.