Home grown email monitor

Medium to large sized companies typically have a complex email environment. Especially with outgoing email that likely has to go thru some form of DLP, anti-virus/anti-spam, and mutliple hosts before being sent out externally.

We recently had an issue with the aforementioned DLP and some external-bound emails were rejected, and we had no process to monitor that issue and was only alerted to the problem when our users reported them.

On a good note, most medium to large companies have at least 2 M365 tenants, one for production and the other for testing or dev purposes. In my Github,I have crafted a simple 3-part script that:

Sends an email from production tenant to test/dev tenant, simulating an externally-bound email.

Checks the test/dev tenant for said email.

Sends alert to IT team if a failure occurs.

It's all crafted with Graph API, requires a service principal on the production tenant that can send-as from a shared mailbox. Requires another service principal on the test/dev tenant that can read from a shared mailbox.

Will post the code here in the next few days, https://github.com/panoy86/sysadmin/tree/main/mailmonitor