Inbox Rules

Inbox rules process messages in the inbox based on conditions and take actions such as moving a message to a specified folder or deleting a message.

Show mailbox rules

Show-MailboxRules shows the mailbox rules in your organization.

Usage

Show all mailbox rules in your organization:

Show-MailboxRules

Show the mailbox rules for the users test[@]invictus-ir.com and HR[@]invictus-ir.com:

Show-MailboxRules -UserIds "HR@invictus-ir.com,test@Invictus-ir.com"

Parameters

-UserIds (optional)

  • UserIds is the UserIds parameter filtering the log entries by the account of the user who performed the actions.

Get mailbox rules

Get-MailboxRules collects all the mailbox rules in your organization.

Usage

Get all mailbox rules in your organization:

Get-MailboxRules

Get the mailbox rules for the user test[@]invictus-ir.com:

Get-MailboxRules -UserIds Test@Invictus-ir.com

Get the mailbox rules for the users test[@]invictus-ir.com and HR[@]invictus-ir.com:

Get-MailboxRules -UserIds "HR@invictus-ir.com,test@Invictus-ir.com"

Parameters

-UserIds (optional)

  • UserIds is the UserIds parameter filtering the log entries by the account of the user who performed the actions.

-OutputDir (optional)

  • OutputDir is the parameter specifying the output directory.

  • Default: OutputRules

-Encoding (optional)

  • Encoding is the parameter specifying the encoding of the CSV output file.

  • Default: UTF8

-LogLevel (optional)

  • Specifies the level of logging. None: No logging. Minimal: Logs critical errors only. Standard: Normal operational logging. Debug: Detailed logging for debugging.

  • Default: Standard

Output

The output will be saved to the ‘Rules’ directory within the ‘Output’ directory, with the file name format: [date]-MailboxRules.csv

Get Inbox Rules (Graph API)

Get-MailboxRulesGraph retrieves mailbox inbox rules for all users or a specific user using the Microsoft Graph API. This function only requires Graph API access and does not rely on Exchange Online PowerShell.

Usage

Retrieve inbox rules for all users in the tenant:

Get-MailboxRulesGraph

Retrieve inbox rules for a specific user:

Get-MailboxRulesGraph -UserIds "HR@invictus-ir.com"

Parameters

-UserIds (optional)

  • UserIds is the parameter specifying a single user UPN or ID to filter results.

  • Default: All enabled users with Exchange licenses will be included if not specified.

-OutputDir (optional)

  • OutputDir is the parameter specifying the output directory.

  • Default: OutputRules

-Encoding (optional)

  • Encoding is the parameter specifying the encoding of the CSV output file.

  • Default: UTF8

-LogLevel (optional)

  • Specifies the level of logging. None: No logging. Minimal: Logs critical errors only. Standard: Normal operational logging. Debug: Detailed logging for debugging.

  • Default: Standard

Output

The output will be saved to the ‘Rules’ directory within the ‘Output’ directory, with the file name format: [date]-MailboxRulesGraph.csv

The CSV file contains the following fields for each rule:

  • UserPrincipalName

  • RuleName

  • Sequence

  • Enabled

  • ForwardTo

  • RedirectTo

  • ForwardAsAttachment

  • Delete

  • PermanentDelete

  • MoveToFolder

  • StopProcessingRules

  • MarkAsRead

  • From

  • SubjectContains

  • BodyContains

  • HasAttachments

  • IsImportant

  • RuleId

Permissions

This function relies on the Microsoft Graph API. To enumerate inbox rules for all users in the tenant, the following permissions are required at the Application level. Delegated permissions only let the signed-in user read their own mailbox settings and will not work for tenant-wide collection.

  • User.Read.All

  • MailboxSettings.Read

Your command would look like this: Connect-MgGraph -Scopes ‘User.Read.All’,’MailboxSettings.Read’