Explore mail flow rules
In Exchange Online organizations or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, you can use mail flow rules (also known as transport rules) to identify and take action on messages that flow through your organization.
All messages (except NDRs) that flow through your organization are evaluated against the enabled mail flow rules in your organization. Rules are processed in the order listed on the Mail flow > Rules page in EAC, or based on the corresponding Priority parameter value in PowerShell.
Mail flow rules can complete the following tasks:
- Prevent specified users from sending or receiving email from other specified users.
- Prevent inappropriate content from entering or leaving the organization.
- Apply restrictions based on message classifications to restrict the flow of confidential organization information.
- Redirect incoming and outgoing messages for inspection before delivery.
- Apply disclaimers to messages as they pass through the organization.
- Apply Active Directory Rights Management Services (AD RMS) templates to the messages based on message criteria.
Mail flow rule properties
The following table describes the rule properties that are available in mail flow rules.
| Property name in the EAC | Parameter name in PowerShell | Description |
|---|---|---|
| Priority | Priority | Indicates the order that the rules are applied to messages. The default priority is based on when the rule is created (older rules have a higher priority than newer rules, and higher priority rules are processed before lower priority rules). You change the rule priority in the EAC by moving the rule up or down in the list of rules. In the PowerShell, you set the priority number (0 is the highest priority). For example, if you have one rule to reject messages that include a credit card number, and another one requiring approval, you'll want the reject rule to happen first, and stop applying other rules. |
| Audit this rule with severity level | SetAuditSeverity | Sets the severity level of the incident report and the corresponding entry that's written to the message tracking log when messages violate DLP policies. Valid values are DoNotAudit, Low, Medium, and High. |
| Mode | Mode | You can specify whether you want the rule to start processing messages immediately, or whether you want to test rules without affecting the delivery of the message (with or without Data Loss Prevention or DLP Policy Tips). Policy Tips present a brief note in Outlook or Outlook on the web that provides information about possible policy violations to the person that's creating the message. |
| Activate this rule on the following date Deactivate this rule on the following date |
ActivationDate ExpiryDate |
Specifies the date range when the rule is active. |
| On check box selected or not selected | New rules: Enabled parameter on the New-TransportRule cmdlet. Existing rules: Use the Enable-TransportRule or Disable-TransportRule cmdlets. The value is displayed in the State property of the rule. |
You can create a disabled rule, and enable it when you're ready to test it. Or, you can disable a rule without deleting it to preserve the settings. |
| Defer the message if rule processing doesn't complete | RuleErrorAction | You can specify how the message should be handled if the rule processing can't be completed. By default, the rule will be ignored, but you can choose to resubmit the message for processing. |
| Match sender address in message | SenderAddressLocation | If the rule uses conditions or exceptions that examine the sender's email address, you can look for the value in the message header, the message envelope, or both. |
| Stop processing more rules | StopRuleProcessing | This is an action for the rule, but it looks like a property in the EAC. You can choose to stop applying additional rules to a message after a rule processes a message. |
| Comments | Comments | You can enter descriptive comments about the rule. |
Differences between Mail flow rules and Inbox rules in Outlook
Mail flow rules are similar to the Inbox rules that are available in Outlook and Outlook on the web (formerly known as Outlook Web App). The main difference is mail flow rules take action on messages while they're in transit, not after the message is delivered to the mailbox. In summary:
- Outlook rules are set up on the client, which then acts on the messages after they're delivered to each mailbox.
- Mail flow rules are set up at the server end, and they're applied to messages while they're in transit.
- Mail flow rules contain a richer set of conditions, exceptions, and actions. These features enable organizations to implement more types of messaging policies as compared to Outlook rules.