I am looking for a log search query based on O365 log source, that will help identify the number of emails sent outside of the organization email domain. For examples, emails sent from corporate email to personal email account or outside email domains.
I don’t believe the email data is included in the O365 log source (except for emails that have been detected as part of a malicious email by Defender). If you have ICON, you can use the Defender Hunting plugin and build your query to retrieve that information.
Hey, I just checked that, and it´s no possible, just creating for example forwarding rules to external addresses… Maybe this helps.