![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 8%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMW%3C/text%3E%3C/svg%3E)
Azure Logic Apps
An Azure service that automates the access and use of data across clouds without writing code.
2,856 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 59%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Hello @Muhammad Waqar , I am sorry for the delay in my response. For detecting a forwarding rule in Sentinel you can use the fusion technology to detect suspicious inbox forwarding rule or you can use query office 365 logs something familiar as shown here. Regarding deleting forwarding rules, I could not find anything specific in Sentinel/ Logic App and I am not sure if it is possible using Office 365 Management API but you can definitely explore it and use Logic Apps custom connector integrate if needed. This new upcoming feature of Office 365 ATP might also interest you. Regarding sending alerts to the Admin, you can generate a playbook to send alerts or use the Office 365 connector for logic app. Please let me know if there are any additional concerns.