Remove Email Forwarding in Office 365 Using PowerShell

Exchange Online offers an excellent feature called Email forwarding. It allows users and admins to configure mailbox forwarding and forward messages automatically to other mailboxes. Although email forwarding is convenient and has some potential advantages in terms of facilitating work, unfortunately, it gives hackers easy access to your data and creates the risk of information leaks.

Then, how can you combat this? Here, it would be better to remove email forwarding in Office 365. With this blog, let’s look at how to disable email forwarding in Office 365.

Several ways exist in the admin center to remove the email forwarding settings from an Office 365 mailbox. Like,

• Set up a transport rule to block or delete auto-forward messages.
• Remove the automatic forwarding in the Remote domain setup.
• Remove forwarding via Role-Based Access control.
• Disable email forwarding by manually removing the forwarding email addresses.

But now, it’s no longer necessary to spend hours manually removing forwarding rules from Office 365 accounts. Fortunately, we got PowerShell to automate these tasks. With PowerShell, we can easily remove the email forwarding rules.

Before removing the forwarding rules, it is necessary to identify mailboxes with forward, or else, you may accidentally remove important configurations and collapse the work.

With PowerShell, you typically have to remove the forwarding configuration individually, and the inbox rules configuration separately. The problem here is that it takes a lot of time, and you have to loop through cmdlets like Remove-InboxRule, and Set-Mailbox several times to get the desired result. But, why waste your time when you have a readily available script that can do the job for you. Download the script below and see how you can remove email forwarding rules in Office 365 with ease.

Script Download: RemoveEmailForwarding.ps1

Script Highlights:

• The script uses modern authentication to connect to Exchange Online. 
• The script can be executed with MFA enabled account too. 
• Exports the report result to a CSV file. 
• Removes email forwarding configurations as well as disables the inbox rule with email forwarding.
• Removes forwarding from a specific user.
• Disables email forwarding for a list of users through input CSV.
• Automatically installs the EXO V2 module (if not installed already) upon your confirmation.
• Credentials are passed as parameters (scheduler-friendly).

This script removes the email forwarding configuration set up by two different methods.

• Email forwarding configurations that are done through SMTP forwarding and Forward To and
• Inbox rules.

The script will generate output CSV file(s) based on the forwarding configuration and one log file to provide detailed info on email forwarding removal.

The Email configuration report has the following attributes:

• Mailbox Name
• Forwarding SMTP Address
• Forward To
• Deliver To Mailbox and Forward

The Inbox rule with forwarding report also finds the inbox rules with external forwarding and has the following attributes:

• Mailbox Name
• Inbox Rule
• Forward To
• Redirect To
• Forward As Attachment To

Log File for Verification:

Log files show success rates for actions taken. If you check the log file, you can see the status of the removal of the forwarding rule.

To run this script, you can choose any one of the below methods.     

Method 1: You can use the below method to run the script with both MFA and non-MFA accounts. 

.\RemoveEmailForwarding.ps1  

Method 2: To run a script non-interactively (i.e., Scheduler-friendly), you can use the below format. 

.\RemoveEmailForwarding.ps1 -UserName  [email protected] -Password XXX  

You can use this format to schedule a PowerShell script in the Windows Task Scheduler. If the admin account is MFA enabled, you have to disable MFA based on the Conditional Access Policy.

More Use cases of the script:

• Remove email forwarding for a single mailbox

• Remove email forwarding for multiple users.

To stop email forwarding for a specific user, you can use the parameter -Name mentioning the username. Doing so will automatically remove the email forwarding configuration and also disable the inbox rules for forwarding from the mailbox.

.\RemoveEmailForwarding.ps1 -Name [email protected]

With the above format, email forwarding in the Emma mailbox is removed and inbox rules with forwarding are disabled.

Manually deleting or disabling rules from every mailbox is tiresome work. In that case, you can import a CSV file with the attribute “Name” containing the users from which you want to strip the forwards.

Sample Input File:

Using the CSV file, you can clean up the email forwarding rules associated with the users.

.\RemoveEmailForwarding.ps1 -CSV <CSVFilePath> 

The above format removes the email forwarding and the inbox rules with forwarding for the list of mailboxes are removed.

It is very hard to trace every forwarded email of your organization through the Exchange admin center and PowerShell. Because the Exchange admin center doesn’t furnish you with adequate details like forwarded mails to internal recipients, external recipients, forwarding address, total external forwarding inbox rules, externally forwarded attachments, external message redirection, top users, top recipients, etc. Although we can get these results from PowerShell, we need to throw multiple cmdlets, which is time intensive.

Trace every forwarded mail with the AdminDroid Exchange Online mail protection reports. It will walk you through every detail of forwarded emails of your organization to identify potential data leakage. The following are the detailed reports provided by the AdminDroid email monitoring tool to monitor forwarded mail and its directions.

Email Forwarding Reports

• Mailboxes with External Domain Forwarding
• Mailboxes with SMTP Forwarding
• Mailboxes with ‘Forwarding Address’
• Shared Mailbox Forwarding

Inbox Rules with Forwarding Reports

• All Inbox Rule Configurations
• Mailbox With Forwarding
• Mailbox With External Forwarding
• External and Internal Forwarding Rule

Moreover, AdminDroid also provides reports on various services of Microsoft 365 that you are looking for everywhere. Above 1800+ reports and 30+ dashboards are available to have an eagle’s eye view of your Microsoft 365. Try using the free AdminDroid Microsoft 365 reporter tool to have hands-on experience in customizing and generating reports as per your desires.

In summary, this script will eliminate the email forwarding configurations from your tenant in one shot! Make use of the above script and provide the first line of defense for your Office 365 emails.