Checking Inbox Rules

by Jul 23, 2025IT Tips0 comments

One thing a hacker might do to redirect email so that the Microsoft 365 email user doesn't see it is to create an inbox rule to hide, forward or delete messages. Especially from the IT Support provider

Here is a power shell script to download and save the inbox rules to disk for review

# Call this first
# Connect-ExchangeOnline

# then run this
$summmaryList = "TGNSummary.txt"

Get-EXOMailbox -RecipientTypeDetails UserMailbox | ForEach-Object {
    $rules = Get-InboxRule -Mailbox $_.Identity
    $rules | Format-List | Out-File "$($_.Identity).txt"
    $activeRules = $rules | Where-Object { $_.Enabled -eq $true }

    $summary = [PSCustomObject]@{
        User          = $_.Identity;
        PrimarySMTP   = $_.PrimarySMTPAddress;
        NumberOfRules = ([array]$rules).count;
        ActiveRules   = ([array]$activeRules).count;
    }

    $summary | Export-Csv -NoTypeInformation -Append -Path $summmaryList

    $summary = $null
}

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

The reCAPTCHA verification period has expired. Please reload the page.