Exchange Online · Mail Flow

Transport Rules

Create and manage mail flow rules (transport rules) that apply conditions and actions to messages passing through the organization.

Scope: Organization-wide mail flow rules

Permissions

  • Create, modify, and delete transport rules
  • Configure rule conditions, exceptions, and actions
  • Set rule priority and enable/disable rules
  • Export and import rule configurations
  • Test rules before enforcement

Common use cases

  • Adding email disclaimers and signatures
  • Routing emails based on sender, recipient, or content
  • Enforcing email policies (encryption, moderation)
  • Blocking or redirecting specific messages
  • Implementing DLP via transport rules (legacy)

Best practices

  • Test rules in audit mode before enforcement
  • Document rule purposes, owners, and business justification
  • Review rules periodically for relevance
  • Be careful with rule order - they process sequentially
  • Use Exchange admin center or PowerShell for management

Security considerations

  • Rules can redirect, copy, or block all organization email
  • Incorrect rules can disrupt legitimate mail flow
  • Rules with journaling actions copy emails to external recipients
  • Rules process before delivery - can affect all users

Common questions

When should I assign the Transport Rules role?

Assign Transport Rules when you need to: Adding email disclaimers and signatures; Routing emails based on sender, recipient, or content; Enforcing email policies (encryption, moderation); Blocking or redirecting specific messages; and Implementing DLP via transport rules (legacy). It is part of Exchange Online and should be granted as a least-privilege alternative to broader roles like Global Administrator.

What can someone with the Transport Rules role do?

The Transport Rules role grants permissions including: Create, modify, and delete transport rules; Configure rule conditions, exceptions, and actions; Set rule priority and enable/disable rules; Export and import rule configurations; and Test rules before enforcement. See the Permissions section above for the full list.

What are the security risks of the Transport Rules role?

Key considerations when assigning Transport Rules: Rules can redirect, copy, or block all organization email; Incorrect rules can disrupt legitimate mail flow; Rules with journaling actions copy emails to external recipients; and Rules process before delivery - can affect all users. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.

Official Microsoft Learn documentation →

Open the interactive RBACMap →