Search for ExchangeOnline mail rules – PowerShell

Search for ExchangeOnline mail rules – PowerShell

Today’s post was inspired by a recent incident where a user clicked on a malicious link, logged in, and as a result, their login credentials were compromised. The attacker, upon gaining access to the mailbox (most likely through automation), creates rules that either delete specific emails, typically those from the IT department or the sender of the malicious email. These rules are named „.” – a period.

I’ve prepared a short PowerShell script that allows you to search through all mailboxes and identify those with rules having a specific name.

First, you need to install the Exchange Online module:

The next step is to connect to Exchange using an administrative account:

The result of this query will display messages like:

Komentarze

Nie ma jeszcze komentarzy. Może zaczniesz dyskusję?

Dodaj komentarz

Twój adres e-mail nie zostanie opublikowany. Wymagane pola są oznaczone *