Test Detection for Microsoft 365 – Inbox Forwarding Rule

Microsoft 365 Inbox Forwarding Rule

The creation of an Microsoft 365 inbox rule is often a technique used to exfiltrate email that is often used for recon purposes in a staged attack. By monitoring for new inbox rule creation, you can have immediate awareness of what could be a malicious activity.

How to Test Office365 Inbox Forwarding Rule

Prerequisites:

Office 365 module is configured and properly logging to Blumira

Testing Steps:

Sign in to office365 email account in Outlook
Navigate to Settings > View all Outlook settings
Mail > Forwarding > Enable forwarding > add forwarding email address > Click Save
Within minutes, a finding (alert) appears within the Blumira responder dashboard

Additional Security Resources

View All Posts

Blumira New M365 Threat Response Feature

Blumira News

4 min read | March 26, 2025

Blumira Launches New Microsoft 365 Threat Response Feature for Faster and More Efficient Security Operations

Product Updates

7 min read | March 26, 2025

Now Available: Microsoft 365 Threat Response From Blumira

Customer Success Stories

7 min read | January 6, 2025

Customer Story: District of Sparwood

Get Started for Free

Experience the Blumira Free SIEM, with automated detection and response plus compliance reports for 3 cloud connectors, forever.