Hidden Outlook Forwarding Rules

TL;DR

You can create Outlook forwarding rules that don’t appear in the Office 365/Exchange admin centre by creating them directly within the Outlook client and ensuring they are not synchronised to the server. This is useful for personal or temporary forwarding without leaving a trace in central administration.

Setting Up Hidden Forwarding Rules

1. Open Outlook: Launch your desktop Outlook application (this method doesn’t work reliably through Outlook Web App).
2. Access Rule Settings: Go to File > Manage Rules & Alerts.
3. Create a New Rule: Click New Rule….
4. Start from a Blank Rule: Select Start from a blank rule and click Next.
5. Define Conditions (Optional): Choose any conditions you want for the forwarding rule (e.g., specific sender, subject keywords). Click Next. If you want to forward *all* emails, select ‘Apply rule on messages I receive’.
6. Set Action: Check the box next to forward it to people or public groups and click the people or public group link. Select the email address(es) you want to forward to. Click Next.
7. Add Exceptions (Optional): Add any exceptions if needed. Click Next.
8. Name the Rule: Give your rule a descriptive name. Crucially, check the box ‘Turn on this rule’. Then, also check the box ‘Do not deliver a copy of items to my Inbox’ (this is important for hiding it). Click Finish.
9. Prevent Server Synchronisation: In the Rules and Alerts window, select your newly created rule. Click Change Rule…. Then click Advanced button.
10. Disable Exchange Synchronization: Check the box that says ‘Do not move items to another folder’. This prevents the rule from being synchronised with the Exchange server and therefore hidden from the admin centre. Click OK twice, then close the Rules and Alerts window.

Verifying the Rule is Hidden

1. Check Office 365/Exchange Admin Centre: Log in to your Office 365 admin centre (https://admin.exchange.microsoft.com) and navigate to the mailbox settings for the user who created the rule (Mailboxes > [User Name] > Rules). The hidden forwarding rule should *not* be listed here.
2. Test the Rule: Send an email that matches the conditions you set (if any) to the user’s inbox. Verify it is forwarded correctly to the specified address(es).

Important Considerations

• Client-Side Only: These rules exist only on the Outlook client where they were created. If the user opens their mailbox on a different computer with Outlook, the rule will not be active unless it is recreated there.
• Outlook Restart: Sometimes, restarting Outlook is necessary for the changes to take effect fully.
• Potential Conflicts: Be aware that these rules can sometimes conflict with server-side rules if both are in place.
• Security Implications: While this method hides the rule from administrators, it doesn’t enhance cyber security. It simply prevents visibility of a forwarding configuration. Ensure users understand the implications of forwarding sensitive information.