Every organization needs to ensure that corporate documents and data are not forwarded to an external mailbox. But beware, the mailboxes in Office 365 can be configured to allow external forwarding — which is a security risk and compliance issue. The data can contain customer information or valuable information about the company and its business plan. You can check to know if any Exchange Online mailbox is configured to allow forwarding by using the Exchange Online PowerShell modules. You can see how many mailboxes and which mailboxes are configured with external forwarding by using a PowerShell script that we provide in the later section of this article.
Before executing the PowerShell script in the later section of this article please install Exchange Online modules by using the Install-Module MSOnline and make sure you have global administrator access before the script can connect and retrieve the required data. You will also be required to create C:\Temp on the computer from where you run the PowerShell script. Also, before executing the PowerShell script please install Exchange Online modules by using the Install-Module MSOnline and make sure you have global administrator access before the script can connect and retrieve the required data.
What does the PowerShell script do?
The PowerShell script provided in later section of this article performs the following operations:
- Imports the PowerShell modules required to connect to Office 365 MSOnline.
- Provides login prompt to connect to Office 365. You need to provide global administrator credentials to connect to Exchange Online.
- Collects Office 365 mailboxes from Office 365.
- Checks to see if any Office 365 Mailbox is configured with the forwarding.
- Provides a data file that contains the list of mailboxes that have been configured for forwarding.
PowerShell script
Executing the PowerShell below script will generate a report in CSV format. The report file can be found at C:\Temp\TestResult.CSV and the data file can be found under C:\Temp\Data folder. You need to be providing your Office 365 connect credentials.
$CurrentLoc="C:\Temp\"
$UniqueTest="EXCH"
$TestCSVFile="C:\Temp\TestResult.CSV"
Remove-Item $TestCSVFile -ErrorAction SilentlyContinue
Import-Module ExchangeOnlineShell
Connect-ExchangeOnlineShell
$DataFileLocation=$CurrentLoc+"\Data\"+$UniqueTest+"_DATA.CSV"
Remove-Item $DataFileLocation -ErrorAction SilentlyContinue
$ThisString="Total Mailboxes, Total Forwarding Enabled Mailboxes, Data File Location"
Add-Content "$TestCSVFile" $ThisString
$DataFileLocation=$CurrentLoc+"\Data\"+$UniqueTest+"_DATA.CSV"
Remove-Item $DataFileLocation -ErrorAction SilentlyContinue
$Mailboxes=Get-Mailbox -ResultSize Unlimited
$MailboxesCount=$Mailboxes| Measure-Object | select Count;
$Mailboxes | select UserPrincipalName,PrimarySMTPAddress,RecipientTypeDetails,WhenCreatedUTC,LitigationHoldEnabled,HiddenFromAddressListsEnabled,HasPicture,ForwardingAddress,ForwardingSMTPAddress,ComplainceTAGHoldApplied,AccountDisabled,AuditEnabled
$ExternalForwardingMailboxes=$Mailboxes | select UserPrincipalName,PrimarySMTPAddress,RecipientTypeDetails,WhenCreatedUTC,LitigationHoldEnabled,HiddenFromAddressListsEnabled,HasPicture,ForwardingAddress,ForwardingSMTPAddress,ComplainceTAGHoldApplied,AccountDisabled,AuditEnabled |where{$_.ForwardingSMTPAddress -ne $null}
$ExternalForwardingMailboxesCount=($ExternalForwardingMailboxes | Measure-Object| select Count) ;
$ExternalForwardingScoreVar=(($ExternalForwardingMailboxesCount.Count)/$Mailboxes.Count)*100;
$ExternalForwardingScore=New-Object PSObject;
$ExternalForwardingScore | Add-Member Noteproperty TotalMailboxes $MailboxesCount.Count;
$ExternalForwardingScore | Add-Member Noteproperty MailboxesWithExternalForwarding $ExternalForwardingMailboxesCount.Count;
$ExternalForwardingScore | Add-Member Noteproperty Severity ($ExternalForwardingScoreLevel=if($ExternalForwardingScoreVar -le 2){'Low'}elseif($ExternalForwardingScoreVar-le 8){'Medium'}else{'High'});
$ExternalForwardingScore | Add-Member Noteproperty Recommendation 'Please Review the Forwarding addresses, remove the forwarding address if needed to prevent data loss'
$ValSTR = $ExternalForwardingScore.TotalMailBoxes.ToString()+","+$ExternalForwardingScore.MailboxesWithExternalForwarding.ToString()+","+$DataFileLocation
Add-Content "$TestCSVFile" $ValSTR
$TestData=$ExternalForwardingMailboxes
$TestData | Export-Csv -Path $DataFileLocation -NoTypeInformation
$SummaryFile=$ExternalForwardingScore
IF ($ExternalForwardingScoreVar -eq 0)
{
$TestStatus="Passed"
$TestText = "No Mailbox has been configured with the Forwarding Address."
$SumVal = ""
}
else
{
$TestStatus=$SummaryFile.Severity
$TestText = $SummaryFile.Recommendation
$SumVal = ""
}
Once the PowerShell script has finished executing you will see a CSV file; C:\Temp\TestResult.CSV that contains the total number of mailboxes in use in Office 365 and total mailboxes that have been configured with external forwarding as you can see in the screenshot below, which is taken from O365 IT Health & Risk Scanner.
As you can see in the screenshot above, PowerShell script retrieved total 68 mailboxes from Office 365 and two mailboxes are configured with external forwarding. You may need to review the mailboxes which have been configured with the external forwarding by opening C:\Temp\Data\EXCH_Data.CSV file that contains the name of the mailbox.
The above script was retrieved from O365 IT Health & Risk Scanner, which can perform about 97 checks in Office 365 to ensure your Office 365 services are healthy and your organization is meeting compliance standards.
Featured image: Flickr / Tim Klapdor
Hi,
The script has the -Name missing in this command:
Import-Module ExchangeOnlineShell
should be
Import-Module -Name ExchangeOnlineShell