{"id":3885,"date":"2019-02-03T06:45:30","date_gmt":"2019-02-03T06:45:30","guid":{"rendered":"https:\/\/pariswells.com\/blog\/?p=3885"},"modified":"2019-02-03T06:50:39","modified_gmt":"2019-02-03T06:50:39","slug":"find-out-when-outlook-rule-was-created","status":"publish","type":"post","link":"https:\/\/pariswells.com\/blog\/research\/find-out-when-outlook-rule-was-created","title":{"rendered":"Find out when outlook rule was created"},"content":{"rendered":"\n

With the increase attack on 365 subscriptions without two factor enabled its good to check when a rule actually got added. This cannot be done with powershell you will need to perform with MFCMAPI<\/p>\n\n\n\n

Download the latest MFCMAPI of 32bit or 64bit ( depending on your Office\/Outlook version ) release here<\/a><\/p>\n\n\n\n

You can do this on the User’s computer who should already have Outlook installed or you can create an Outlook profile as the user you would like to check the rule for on another PC. You can also create an Outlook Profile as an Administrator and give yourself full access to the User’s Maibox<\/g><\/p>\n\n\n\n

Open MFCMAPI , Open the Profile , then go to Session and Logon<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Double click on the account<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

Open the Root Folder and Navigate to here and right click on Inbox and Choose Open Associated Contents Table<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n

The rule will look something like this , Message Class : IPM.Rule.Verson2.Message<\/p>\n\n\n\n

\"\"
Double click on this<\/figcaption><\/figure>\n\n\n\n

Then find the following Name and check the value to confirm its the right Rule<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n
\"\"
Then Use this Rule to find the Date Created<\/figcaption><\/figure>\n","protected":false},"excerpt":{"rendered":"

With the increase attack on 365 subscriptions without two factor enabled its good to check when a rule actually got added. This cannot be done with powershell […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[2811,2810,2809,560,1687],"class_list":["post-3885","post","type-post","status-publish","format-standard","hentry","category-research","tag-created","tag-inbox-rule","tag-mfcmapi","tag-outlook","tag-time"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/3885","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/comments?post=3885"}],"version-history":[{"count":1,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/3885\/revisions"}],"predecessor-version":[{"id":3893,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/posts\/3885\/revisions\/3893"}],"wp:attachment":[{"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/media?parent=3885"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/categories?post=3885"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pariswells.com\/blog\/wp-json\/wp\/v2\/tags?post=3885"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}