ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    How to Purge All OWA Rules from Office 365

    IT Discussion
    o365 office 365 exchange powershell owa outlook email
    2
    2
    629
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • scottalanmillerS
      scottalanmiller
      last edited by

      Had an email user identified as being hacked this morning. The attack was pretty simple, create OWA rules (invisible to Outlook) that delete all incoming email and mark it as read so that the end user has no visual confirmation that email is being received at all. This hides attempted "reset my password" attacks so that password reset emails can be see by the malicious party, and then perma deleted before anyone can see what other accounts are being attacked.

      Resetting account passwords will obviously stop existing logins. Does anyone know how to purge all OWA rules across the board (as an admin, not as the end user) via PowerShell so that we can be sure that all rules have been removed for everyone?

      1 Reply Last reply Reply Quote 1
      • momurdaM
        momurda
        last edited by

        This would work on prem exchange. Probably works with a tweak for o365.
        Get-mailbox | get-inboxrule | remove-inboxrule

        1 Reply Last reply Reply Quote 2
        • 1 / 1
        • First post
          Last post