Events
Powerful Devs Conference and Hack Together
Feb 12, 11 PM - Feb 28, 11 PM
Join the online conference and 2-week hackathon to explore building powerful solutions with Power Platform.
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Microsoft Exchange enables admins to disable email autoforwards and autoreplies to remote domains for external recipients. Exchange does this by using message-type headers, such as Auto Forward received from Outlook and Outlook on web clients.
Microsoft Power Platform has the capability to insert specific SMTP headers in email messages sent through Power Automate and Power Apps. It does this using Microsoft 365 Exchange/Outlook connectors. You can use these SMTP headers to set up appropriate exfiltration rules. These rules are for the unauthorized transfer of data from one device to another in Exchange for outbound emails.
For more details on the Microsoft 365 Outlook connector, go to: SMTP headers.
Note
This method of exfiltration control is not available in GCC High and DoD environments. In these clouds the x-ms-mail-* headers are not used.
Admins can set up Exchange mail flow rules to monitor or block emails sent by Power Automate and/or Power Apps using the Microsoft 365 Outlook connector. The format of the SMTP header uses a reserved phrase ‘Microsoft Power Automate’ or 'Microsoft Power Apps.' It's inserted with the header type: ‘x-ms-mail-application.’ For example:
**x-ms-mail-application: Microsoft Power Automate**; User-Agent:
azure-logic-apps/1.0 (workflow afa0fb167803450aa650267e95d43287; version
08586093372199532216) microsoft-flow/1.0
x-ms-mail-operation-type: Forward
To identify the operation ID, a reserved word, such as Forward, Reply or Send, gets inserted with the header type ‘x-ms-mail-operation-type.’ For example:
x-ms-mail-application: Microsoft Power Automate; User-Agent:
azure-logic-apps/1.0 (workflow afa0fb167803450aa650267e95d43287; version
08586093372199532216) microsoft-flow/1.0
**x-ms-mail-operation-type: Forward**
Exchange admins can use these headers to set up exfiltration blocking rules in the Exchange admin center as shown in the example here. Here the ‘mail flow’ rule rejects outbound email messages with:
This is equivalent to the Exchange ‘mail flow’ rule set up for the message type equal to ‘autoforward.’ This rule uses Outlook and Outlook for web clients.
In addition to the ‘x-ms-mail-application’ messages, Power Platform also inserts the workflow identifier as the new ‘User-Agent’ header. This is equal to the app or flow ID. For example:
x-ms-mail-application: Microsoft Power Automate; User-Agent:
azure-logic-apps/1.0 (workflow afa0fb167803450aa650267e95d43287; version
08586093372199532216) microsoft-flow/1.0
**x-ms-mail-operation-type: Forward**
As an admin, if you want to exempt flows (or apps) from the exfiltration due to a legitimate business scenario, use the workflow ID as part of the user-agent header. All other exception conditions offered by Exchange rules, such as sender address, remain available to exempt the legitimate business use cases from the blocking enforcement. For example:
Admins can also use other exception capabilities in Exchange mail rules to exempt flows from the exfiltration blocking rules, For example, a unique sender address allows legitimate business use cases to bypass the control.
Events
Powerful Devs Conference and Hack Together
Feb 12, 11 PM - Feb 28, 11 PM
Join the online conference and 2-week hackathon to explore building powerful solutions with Power Platform.
Register nowTraining
Module
Best practices for email in SharePoint and Power Automate - Training
Email continues to be the primary and preferred method of communication for many businesses. In some situations, emails are also received as official electronic forms of approval. This module will provide you with a list of best practices that you can follow by using Microsoft Power Automate for outgoing and incoming emails.
Certification
Microsoft Certified: Information Protection and Compliance Administrator Associate - Certifications
Demonstrate the fundamentals of data security, lifecycle management, information security, and compliance to protect a Microsoft 365 deployment.