Mailbox Forwarding Rule report

The Mailbox Forwarding Rule Report provides visibility into mailbox‑level forwarding rules configured for user accounts in supported Microsoft 365 organizations. This report is used to review whether mailboxes are forwarding messages to other recipients and to document forwarding behavior observed by the platform.

The report reflects configuration state, not activity or intent. It does not determine whether forwarding is malicious or acceptable, and it does not enforce policy or take response actions. Its purpose is to surface forwarding rules so they can be reviewed in context alongside other investigation findings.

This report is generated from Microsoft 365 data and is read‑only.

What the report shows

For each applicable account, the Mailbox Forwarding Rule Report indicates whether mailbox forwarding rules are present and includes available descriptive information about those rules, along with the most recent synchronization timestamp. The report provides a consolidated view of forwarding behavior across the selected organization and time context.

This information supports review and documentation. It allows teams to confirm whether forwarding rules exist, identify which accounts are affected, and retain a record of the observed configuration state.

Availability and prerequisites

The Mailbox Forwarding Rule Report is only available for Microsoft 365 organizations. In order for the report to surface data, the platform must have appropriate Microsoft permissions to read mailbox forwarding configuration.

These permissions are not enabled by default in all environments, because Microsoft integrations follow a least‑privilege model. If the required permissions are not present, the report may be unavailable or may return no data until the Microsoft connection is updated to include the additional access required for this report.

This article does not describe how to establish or modify Microsoft connections. Connection setup and permission management are documented separately within Microsoft integration guidance for your environment.

For information about where this report appears and how to generate it, see Using the Reports module.

Understanding “no data” results

A Mailbox Forwarding Rule Report that returns no results does not necessarily indicate an error. Common and expected reasons for an empty report include:

The organization does not have Exchange mailboxes.
Exchange mailboxes exist, but no forwarding rules are configured.
The Microsoft connection does not currently include the permissions required to read forwarding rules.
The Microsoft connection was recently updated and data collection has not yet completed.

In these cases, an empty report accurately reflects the configuration state observed by the platform at the time the report is generated.

How this report is used

The Mailbox Forwarding Rule Report is typically used after or alongside investigation, when teams are validating account configuration or documenting findings. It is often reviewed together with alert context, investigation results, or other configuration reports to understand whether forwarding behavior is expected, risky, or requires follow‑up.

The report itself does not indicate whether a forwarding rule is benign or suspicious. Interpretation should always consider organizational policy, account role, and surrounding investigation context.

Reporting boundaries

Consistent with reporting across Kaseya MDR, the Mailbox Forwarding Rule Report is descriptive rather than prescriptive. It does not generate alerts, influence detection logic, or initiate response actions. It records what the platform can observe about mailbox forwarding configuration at the time the report is generated.

When to use this report

Use the Mailbox Forwarding Rule Report when you need to:

Review whether mailbox forwarding rules are configured for user accounts
Validate forwarding configuration as part of an investigation
Document forwarding behavior for internal review or customer communication
Retain a record of mailbox forwarding state for audit or follow‑up purposes

Reports overview: Explains the purpose and scope of reporting in Kaseya MDR, including what reports are used for and what they do not replace
Using the Reports module: Describes how to access and work with reports in the UI, including generating reports, applying filters, exporting data, and scheduling report delivery
Understanding the MFA Report: Provides interpretation guidance for another configuration‑focused report, including account inclusion and exclusion rules and reasons report results may differ from Microsoft admin views
Investigating activity using the Analysis page: Explains how investigations establish context and timelines before configuration reports—such as the Mailbox Forwarding Rule Report—are reviewed for documentation or follow‑up

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.