Skip to content

Get-CompromisedMailbox

SYNOPSIS

Check for potential compromise of one or more mailboxes in Exchange Online.

SYNTAX

Get-CompromisedMailbox [-Identity] <Array> [<CommonParameters>]

DESCRIPTION

The `Get-CompromisedMailbox` function checks for potential compromise of one or more mailboxes in Exchange Online. It verifies if there are forwards to external addresses or if anonymous permissions have been modified on system folders. These are common indicators of a compromised account.

EXAMPLES

EXAMPLE 1

Get-CompromisedMailbox -Identity "[email protected]"

Checks if the mailbox `user@example.com` is potentially compromised.

EXAMPLE 2

"[email protected]", "[email protected]" | Get-CompromisedMailbox

Checks if the mailboxes `user1@example.com` and `user2@example.com` are potentially compromised.

PARAMETERS

-Identity

The name or address of the mailbox(es) to check.

Type: Array
Parameter Sets: (All)
Aliases:

Required: True
Position: 1
Default value: None
Accept pipeline input: True (ByValue)
Accept wildcard characters: False

CommonParameters

This cmdlet supports the common parameters: -Debug, -ErrorAction, -ErrorVariable, -InformationAction, -InformationVariable, -OutVariable, -OutBuffer, -PipelineVariable, -Verbose, -WarningAction, and -WarningVariable. For more information, see about_CommonParameters.

INPUTS

OUTPUTS

NOTES