This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 5%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERW%3C/text%3E%3C/svg%3E)
Hiya, we have an information alert regarding forwarding/redirect rule. We are not firing emails off for informational else we would be swamped with emails. Is there a way to change this forwarding/redirect rule. to high rather than informational , or is there a way to create a new rule to catch this activity, ie ( if a user creates a forwarding rule ( especially to external email ) We already have an active rule in defender (Suspicious inbox forwarding rules ) that is high , but this hasn't fired when a user creates a forwarding rule. And do we have to maintain alerts in 2 sections for 365 ? 1 exchange admin centre - alert policies 2 Microsoft 365 defender - policies and rules. Any help please.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 80%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAL%3C/text%3E%3C/svg%3E)
Hi @ Ray Waldron,
Just checking in to see how things are going on with this thread.
If the reply was helpful, you can click the "Accept Answer" button under this post so that other's with similar question can benefit from this thread as well.
If you still have further questions or concerns, feel free to post back.
To review the Suspicious Email Forwarding Activity alert, open the Alerts page to see the Activity list section then follow steps shown by Microsoft 365 defender
Hi @ Ray Waldron,
Not sure if I understood you correctly, if there is a mistake please correct me.
Do you mean you want to be able to get alert messages when users create automatic forwarding rules?
Did the alert policy you created resemble the screenshot below?
If you tested as soon as you created it, not capturing this activity may be expected. Rules or policies created on the cloud take a while to deploy, and we recommend that you wait a few hours before testing to see if anything changes.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.