Hybrid Office 365 – On-Premises

Manage hybrid configurations seamlessly from a central dashboard without any coding.

Automate your work

Automate both simple and complex tasks. Create your own automated tasks.

Delegate tasks

Delegate IT tasks to non-IT users with total security.

License management

Manage your licenses more efficiently and reduce operating costs.

Large user communities

Manage even the largest communities of users.

Maximize your Microsoft 365 ROI

Save time and money managing your Microsoft 365 communities.

Manage groups

From full-scope audits, to intricate group

Manage Team channels

Full visibility of public and private
Team channels

Manage licenses

Cost-saving features to tighten up license and service plan allocation

Manage OneDrive and document libraries

A central platform to manage sharing and access permissions, audit and more

Manage mail and calendar settings

No-code administration of mailbox permissions and settings, as well as events

Manage user accounts

From onboarding to user account closure and backup at scale

How to find and remove mail forwarding rules in Exchange Online

Part of the Microsoft Office 365 offboarding process involves securing your work environment from data leaks. One such component involves eliminating forwarding messages to external addresses to remove the risk of sharing confidential information. These mail forwarding rules in Exchange Online may have been set by the user or by the previous administration team for legitimate reasons at the time. And it’s important to be aware of all of these as sources of breaches especially when the source can be a user who has left the company.

In this article, I’ll describe how to find email forwarding settings in order to turn them off or simply remove them. I’ll demonstrate how to manage them for a single user in the Office 365 portal, as well as with some PowerShell scripting options.

Often, managing multiple users is problematic because the O365 admin portal is limited by its UI. Admins resort to PowerShell to get it done but don’t always have the skills for elaborate scripting.
Disclaimer: I’m not a PowerShell power user myself so I resort to internet searches to find ready-to-use scripts that can help. I’ve tested them out and shared them here.

Then finally, at the end, I’ll show you how some parts can be done easier with our third-party tool, sapio365.

See how we check for forwarding inbox rules
of deactivated users (at 14:08) in our webinar recording
“Speed up multi-user offboarding in Office 365 with sapio365

Watch Video

User-defined SMTP email forwarding

In this scenario, Grady has set up mail forwarding in several ways. One way is via his Outlook settings.

The good news is that I can see it in the Admin center by selecting the user and clicking on ‘Manage email forwarding’ in the Mail tab. From here, I can simply remove it.

Besides rules set by the user, previous Exchange admins may have also set forwarding rules on a user’s mailbox in the same manner as above or via the Exchange Online admin center.

These are accessible in the Exchange Online admin center by selecting a mailbox then clicking on ‘Manage mail flow settings’.

Note here that while you can have multiple forwarding addresses set, because they’re all internal to the organization, the security risk is relatively low.

In fact, when this rule is set, the user-defined STMP rule is overridden.

Warning message setting up forwarding rule in Exchange Online admin center.

Our content will help you optimize the management of your Microsoft environment while securing it:

Large Microsoft 365 communities
Need global views and bulk actions? See how sapio365 helps manage large Microsoft communities.

Find anonymously shared documents and folders and remove permissions
Worried about data leaks? See how sapio365 let’s you can get a handle on what your users are sharing and with whom.

How to clean up teams with guest members
Want to remove guests from some of your Teams? Here’s how you can do it quickly with sapio365.

Who’s signing into office 365 from what location and how often?
Need to identify potential attacks on your user accounts and other unusual sign-in activity? Here a way to do it.


Since it doesn’t make sense to do this for each mailbox if we were offboarding multiple users, I’ve searched for PowerShell scripts that can help.

First, let’s connect to Exchange Online PowerShell. Simply supply your credentials when prompted.

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

Now that you’re all set, here’s a PowerShell script that searches every mailbox to return only those that have a value set for the two forwarding settings described earlier.

Get-Mailbox -ResultSize Unlimited | Where {($_.ForwardingAddress -ne $Null) -or ($_.ForwardingsmtpAddress -ne $Null)} | Select Name, ForwardingAddress,ForwardingsmtpAddress, DeliverToMailboxAndForward

Note: If you only want to retrieve potential externally forwarding rules, remove “{($_.ForwardingAddress -ne $Null) -or “.

To clean things up and delete these two forwarding rules for all mailboxes, use this script to nullify those parameters.

Get-Mailbox -ResultSize Unlimited | Where {($_.ForwardingAddress -ne $Null) -or ($_.ForwardingsmtpAddress -ne $Null)} | Set-Mailbox -ForwardingAddress $null -ForwardingSmtpAddress $null

Transport Rules

It’s worth mentioning that there may also be forwarding rules in place in the form of Office 365 Transport Rules created by previous administrators. You can find and change these in the Exchange Online Admin center.


This simple script gives you the same list but with a description to let you know what each does.

Get-TransportRule | Select Name, Description | FL

Users’ inbox rules

Lastly, let’s look at the most common way users set up mail forwarding rules by navigating to the Rules section of their Outlook settings. Here you can see that Grady has set up two rules, including the “Send me a copy” rule which forwards messages to an external email address.

Unfortunately, short of logging in as that user to access his mail rules, I’m not able to see these user-set rules in any of the available admin centers. The only native solution I found to access them is through PowerShell.


I start by finding one that works on a single user with the properties I’m interested in. In the case of mail rules, the cmdlet to use for a single mailbox is:

Get-InboxRule -Mailbox <-id or username-> | Select Name, ForwardingAddress, ForwardingsmtpAddress, DeliverToMailboxAndForward, ForwardTo | FL

To get all mail rules for all mailboxes, I used this script, which worked for me.

Be warned: this may take a lot of time depending on the volume of mailboxes to process, and if it does, you’ll be asked to re-authenticate.

$mailboxes=(get-mailbox).UserPrincipalName;foreach ($mailbox in $mailboxes) {get-inboxrule -Mailbox $mailbox | Select Identity, Name, Description, ForwardTo | FL}

Once you have identified externally forwarding mail rules, you can remove each one with the following script.

Remove-InboxRule -Mailbox 84580631-c4d9-415d-8dd5-c78be65e433f -Identity “Send me a copy”

Of course, identifying and removing forwarding inbox rules becomes tedious to do if you’re dealing with several mailboxes, each with its own rules.

This is usually when you call upon the scripting services of a PowerShell expert!

sapio365 – simpler than PowerShell

At this point, I’d like to introduce sapio365 as an easy alternative to scripting your way to your users’ mail rules.

Briefly, sapio365 is a thick client that installs on your pc and connects you directly to your Office 365 tenant data, so you can see everything in a global view no matter the volume.

In this case, I’m selecting several users and requesting their mail rules with just one click. You can see every mail rule each user has set up underneath the user’s name. Each rule is broken down to its components – conditions, actions, exceptions – so that you know exactly what that rule does.

Since I’m only interested in the “Forward to” action component, I filter out all others. I can then select and remove them just as easily.

The beauty of sapio365 is that it doesn’t require any PowerShell scripting to handle multiple queries and takes care of the information layout for you. Also, sapio365 may complete high volume tasks in as much time or less than the fanciest PowerShell script but is far more reliable in that it does not time out.

In fact, I can schedule a weekly job in the off-hours. This is to be able to sweep through all the mailboxes looking for rules that forward to external email addresses. When it’s done, I’ll get emailed a report outlining who’s got these inbox forwarding rules set up. Of course like all automated jobs in sapio365, it can be tweaked to actually remove the culprits as it finds them!

For more information on how to manage
your Microsoft 365 mailboxes

Contact us

Privacy Preference Center