Microsoft Purview · Global & Security Roles

MailFlow Administrator

Members can monitor and view mail flow insights and reports in the Microsoft Defender portal. Read-focused role for understanding mail flow patterns, queues, and delivery issues without permission to modify transport configuration.

Scope: Read-only mail flow monitoring in the Microsoft Defender portal — does not include Exchange transport configuration

Permissions

  • View mail flow reports in Defender portal
  • Access mail flow insights and trends
  • View message tracking logs
  • Monitor queue health and delivery metrics
  • Access top sender/recipient analytics

Common use cases

  • Investigating mail delivery delays and queue buildup
  • Monitoring tenant-wide mail flow health
  • Identifying top senders/recipients for capacity planning
  • Diagnosing mail flow issues during incidents
  • Reporting on mail flow trends to leadership

Best practices

  • Pair with Exchange Administrator for staff who also need transport configuration
  • Use for help desk Tier 2/3 staff investigating mail delivery tickets
  • Coordinate with Security Operator role for security-related mail flow events
  • Combine reports with Quarantine Administrator data for full mail flow picture

Security considerations

  • Mail flow reports may reveal sender/recipient relationships — protect access
  • Message tracking logs include subject lines — privacy implications
  • Read-only — cannot modify mail flow rules or quarantine messages

Official Microsoft Learn documentation →

Open the interactive RBACMap →