Automatic forwards are one of the ways that hackers can circumvent your email flow and steal your information. In most security systems that help protect your emails (like the ones built into our Productive Bundles) restrict automatic forwards to ensure you (or an employee) is not sending information to the wrong place.
So what if you have an email that you always forward to a few colleagues and a distribution list is not an option? You can use Power Automate which is included in Office 365 to handle this for you.
How is Power Automate different than using Inbox rules to forward or organize your email? The primary function, which you will see below, is that Power Automate executes actions as you instead of completing the action blindly and without record of it being done (unless you have the appropriate logging enabled as an Office 365 Admin. This key difference 1) keeps visiblity on your end (the mailbox user) that things are being done and 2) It satisfies basic security routines that block forwarding of messages to external recipients.
Why wouldn’t hackers use this method to bypass the security? using this will show the activity in a variety of logs, and it also shows it in your email that a message was forwarded, so you would notice pretty quick if someone was trying to use Power Automate to re-route your email.
Below I have set up a very basic, proof of concept email re-direct to send a particular email to an external user. The Power Automate platform is highly customizable, and you can use it to handle just about anything. In this example, Im looking for a specific subject, and then forwarding that subject to another user.
Step 1: Head to flow.microsoft.com and sign-in with your Office 365 acccount.
Once in there, head to ‘Create’. You can choose from plenty of templates, in this example, were going to create from scratch.
You can edit templates, so they are a great way to start with something, and then tweak it to your liking!
Step 2: Name your flow and choose a trigger.
The trigger you want is “When an email arrives”
This may ask you to sign-in/ authenticate your Office 365 outlook, this is normal and required!
Make sure you choose Office 365 Outlook!
Power Automate maintains its own API-Level access to the services you connect so it is not using your password to perform actions.
Step 3: Program in your email “rule”
For this example, we want to use the subject filter, so we choose ‘Show advanced options’ and then type what we want in the Subject Filter.
You will see there are many options and you can even use Regex and other advanced conditions to filter email.
If you are trying to forward industry information to a colleague, then maybe also set the “From” to be from the email address you receive it, that way if your colleague replies to the email you forward, that email won’t also be forwarded to them!
Step 4: Now tell Power Automate “What to do next”
We now have Power Automate, looking for emails with ‘FilterForward’ in the subject line, but you need to tell it what to do next. In this case, we want to choose “New Step” and then choose “Forward an Email” for Office 365 Outlook
Step 5: Program your Forward Rule
This is an important step, you must ensure that you choose the ‘Message ID” of your email from step 1. This seems overwhelming at first because of the sheer number of options in the selector, but it gets easier!
You will notice, once your cursor is in the “Message ID” box you will get a list of options, simply search for Message ID and choose the right one. With only one prior step, you only have one list of choices, but with multi-step flows you will build in the future, this can get a bit confusing!
Step 6: Program your rule continued
Finally, enter the email you want to send the email to and then hit Save! If you followed all the steps above, you should get a “Saved Successfully” message. If you got an error, the flow checker can help show you what part isn’t working
Step 7: Test the rule!
You may need to modify the rule (maybe remove the FROM filter if you added it in Step 3) so you can test this to make sure it works.
In our example, any email that comes into our email that has “FilterForward” in the subject will be forwarded externally.
You must make sure you test the flow, do not assume it will work!
This screenshot is from the main Flow screen before you click “edit”. Once Saved (in step 6″ you can click the left facing arrow next to the flow name to get to this screen
Send your test email, and on the plan included in Office 365, the flow should activate in about 5-minutes once the email arrives.
Results:
You will see below that the email that was received by our email, was forwarded as it shows in the 28-day history in Step 7.
This is the key difference to inbox rules. Power Automate does “stuff” as you, so it shows as real actions in your administrative logs and in your email history.
You will notice that we have a “you forwarded this message on:” in our email that we received and in the Gmail inbox we received a “FW:” email