Overview

Transport rules (also called mail flow rules) in Exchange Online allow administrators to inspect emails and apply conditions, actions, or exceptions before mail is delivered. They are essential for enforcing compliance, data protection, security, branding, and routing logic across the organization.

⭐ Use Cases for Transport Rules

✔ 1. Block auto-forwarding to external domains

Protects data leakage and prevents compromised accounts from forwarding mail outside the organization.

✔ 2. Apply disclaimers / email signatures

Used for legal notices, confidentiality statements, or company-wide signatures.

✔ 3. Restrict who can email distribution lists

Important for preventing abuse of All-Staff / All-Employees lists.

✔ 4. Route messages through specific connectors

Used in hybrid, third-party security gateways, and journaling scenarios.

✔ 5. Quarantine or block high-risk emails

Adds an additional layer of security on top of MDO.

✔ 6. Detect and stop sensitive data leakage

Checks for keywords, patterns (e.g., credit card numbers), or attachments.

? High-Priority Transport Rules Every Organization Must Configure

These are industry best practices:

1. Block External Auto-Forwarding

Prevents compromised accounts from leaking data.

Condition:
– Sender is internal
– Email is going outside organization via auto-forward

Action:
– Block the message
– Notify sender and admin

2. Prevent Spoofing of Internal Domains

Useful if MDO Anti-Phishing protections are not fully configured.

Condition:
– Sender domain is internal
– But email originates externally

Action:
– Quarantine or block the message

3. Add Company-Wide Disclaimer

Legal compliance requirement for many companies.

Action:
– Apply disclaimer to all outbound emails

4. Block Executable Attachments (.exe, .bat, .cmd, .js)

Even if MDO catches most malware, additional blocking is recommended.

Condition:
– File type matches EXE / BAT / CMD / JS

Action:
– Block the message or quarantine

5. Restrict Who Can Email Sensitive Distribution Groups

Protects company-wide lists like All Staff.

Condition:
– Recipient is DL “All Employees”
– Sender is outside “Allowed List”

Action:
– Reject with explanation

6. Flag External Emails

Adds “[External]” warning to reduce phishing risk.

Condition:
– Email originates from outside
– Sender not in allowed domain list

Action:
– Prepend subject with [EXTERNAL]

✔ Step-by-Step Guide: How to Create a Transport Rule

Step 1 — Open Exchange Admin Center

1. Go to https://admin.exchange.microsoft.com

2. Navigate to Mail Flow → Rules

Step 2 — Create a New Rule

1. Click Add a rule

2. Choose Create a new rule (or select a template such as “Apply disclaimers”)

3. Enter a Rule Name (example: “Block External Auto Forwarding”)

Step 3 — Configure Conditions

Examples:

• If sender is external/internal

• If subject contains specific words

• If attachment type matches

• If mail is being auto-forwarded

• If recipient is a distribution group

• If sender domain is outside the organization

Step 4 — Configure Actions

Examples:

• Block the message

• Quarantine the message

• Reject with explanation

• Add disclaimer

• Redirect message

• Modify subject

• Add header / remove header

Step 5 — Add Exceptions (Optional)

Examples:

• Exclude executives

• Exclude internal systems/services

• Exclude security mailboxes

• Exclude specific partners or domains

Exceptions help avoid unwanted message blocking.

Step 6 — Set Rule Mode

You can choose:

✔ Enforce (rule is active)

✔ Test with Policy Tips (logs but does not block)

✔ Test without Policy Tips

✔ Stop processing more rules

Best practice: Always test rules first before enforcing.

Step 7 — Save and Apply

Rules are applied across your tenant and may take up to 10 minutes to replicate.

?️ Troubleshooting

❗ Rule not applying

• Ensure rule is in Enforce mode

• Check rule priority — higher rules take precedence

❗ Rule applied too broadly

• Add exceptions

• Restrict conditions more narrowly

❗ External auto-forward still happening

• Check if forwarding is configured from Outlook rule (client-side)

• Check MDO outbound spam filters

• Disable forwarding at organization level