Test Detection for Microsoft 365 – Inbox Forwarding Rule
Microsoft 365 Inbox Forwarding Rule
The creation of an Microsoft 365 inbox rule is often a technique used to exfiltrate email that is often used for recon purposes in a staged attack. By monitoring for new inbox rule creation, you can have immediate awareness of what could be a malicious activity.How to Test Office365 Inbox Forwarding Rule
Prerequisites:- Office 365 module is configured and properly logging to Blumira
- Sign in to office365 email account in Outlook
- Navigate to Settings > View all Outlook settings
- Mail > Forwarding > Enable forwarding > add forwarding email address > Click Save
- Within minutes, a finding (alert) appears within the Blumira responder dashboard
Additional Security Resources
View All Posts
Customer Success Stories
6 min read
| July 15, 2025
Customer Story: LEAP Managed IT Streamlines Ticketing and Boosts Visibility with Blumira’s API
Read More
SIEM XDR
7 min read
| June 9, 2025
Customer Story: NetCenter Technologies
Read More
Compliance Security Frameworks and Insurance
7 min read
| May 26, 2025
Customer Story: United Way of Pierce County
Read More