Exchange Online · Mail Flow
Transport Rules
Create and manage mail flow rules (transport rules) that apply conditions and actions to messages passing through the organization.
Scope: Organization-wide mail flow rules
Permissions
- Create, modify, and delete transport rules
- Configure rule conditions, exceptions, and actions
- Set rule priority and enable/disable rules
- Export and import rule configurations
- Test rules before enforcement
Common use cases
- Adding email disclaimers and signatures
- Routing emails based on sender, recipient, or content
- Enforcing email policies (encryption, moderation)
- Blocking or redirecting specific messages
- Implementing DLP via transport rules (legacy)
Best practices
- Test rules in audit mode before enforcement
- Document rule purposes, owners, and business justification
- Review rules periodically for relevance
- Be careful with rule order - they process sequentially
- Use Exchange admin center or PowerShell for management
Security considerations
- Rules can redirect, copy, or block all organization email
- Incorrect rules can disrupt legitimate mail flow
- Rules with journaling actions copy emails to external recipients
- Rules process before delivery - can affect all users
Common questions
When should I assign the Transport Rules role?
Assign Transport Rules when you need to: Adding email disclaimers and signatures; Routing emails based on sender, recipient, or content; Enforcing email policies (encryption, moderation); Blocking or redirecting specific messages; and Implementing DLP via transport rules (legacy). It is part of Exchange Online and should be granted as a least-privilege alternative to broader roles like Global Administrator.
What can someone with the Transport Rules role do?
The Transport Rules role grants permissions including: Create, modify, and delete transport rules; Configure rule conditions, exceptions, and actions; Set rule priority and enable/disable rules; Export and import rule configurations; and Test rules before enforcement. See the Permissions section above for the full list.
What are the security risks of the Transport Rules role?
Key considerations when assigning Transport Rules: Rules can redirect, copy, or block all organization email; Incorrect rules can disrupt legitimate mail flow; Rules with journaling actions copy emails to external recipients; and Rules process before delivery - can affect all users. Review the Security considerations section before assignment, and pair with Privileged Identity Management (PIM) for just-in-time access where possible.