Mail flow rule actions in Exchange Online Protection
Applies to: Exchange Online Protection
Topic Last Modified: 2017-05-03
Actions in mail flow rules (also known as transport rules) specify what you want to do to messages that match conditions of the rule. For example, you can create a rule that forwards message from specific senders to a moderator, or adds a disclaimer or personalized signature to all outbound messages.
Actions typically require additional properties. For example, when the rule redirects a message, you need to specify where to redirect the message. Some actions have multiple properties that are available or required. For example, when the rule adds a header field to the message header, you need to specify both the name and value of the header. When the rule adds a disclaimer to messages, you need to specify the disclaimer text, but you can also specify where to insert the text, or what to do if the disclaimer can't be added to the message. Typically, you can configure multiple actions in a rule, but some actions are exclusive. For example, one rule can't reject and redirect the same message.
For more information about mail flow rules in Exchange Online Protection, see Mail flow rules (transport rules) in Exchange Online Protection.
For more information about conditions and exceptions in mail flow rules, see Mail flow rule conditions and exceptions (predicates) in Exchange Online Protection.
For more information about actions in mail flow rules in Exchange Online or Exchange 2013, see Mail flow rules (transport rules) in Exchange Online or Mail flow rules (transport rules) in Exchange 2013.
The actions that are available in mail flow rules in Exchange Online Protection are described in the following table. Valid values for each property are described in the Property values section.
Notes:
-
After you select an action in the Exchange admin center (EAC), the value that's ultimately shown in the Do the following field is often different from the click path you selected. Also, when you create new rules, you can sometimes (depending on the selections you make) select a short action name from a template (a filtered list of actions) instead of following the complete click path. The short names and full click path values are shown in the EAC column in the table.
-
The names of some of the actions that are returned by the Get-TransportRuleAction cmdlet are different than the corresponding parameter names, and multiple parameters might be required for an action.
Action in the EAC | Action parameter in PowerShell | Property | Description |
---|---|---|---|
Redirect the message to these recipients Redirect the message to > these recipients | RedirectMessageTo | | Redirects the message to the specified recipients. The message isn't delivered to the original recipients, and no notification is sent to the sender or the original recipients. |
Deliver the message to the hosted quarantine Redirect the message to > hosted quarantine | Quarantine | n/a | Delivers the message to the hosted quarantine. For more information about the hosted quarantine in Office 365, see Quarantine. |
Use the following connector Redirect the message to > the following connector | RouteMessageOutboundConnector | | Uses the specified outbound connector to deliver the message. For more information about connectors, see Configure mail flow using connectors in Office 365. |
Reject the message with the explanation Block the message > reject the message and include an explanation | RejectMessageReasonText | | Returns the message to the sender in a non-delivery report (also known as an NDR or bounce message) with the specified text as the rejection reason. The recipient doesn't receive the original message or notification. The default enhanced status code that's used is When you create or modify the rule in PowerShell, you can specify the DSN code by using the RejectMessageEnhancedStatusCode parameter. |
Reject the message with the enhanced status code Block the message > reject the message with the enhanced status code of | RejectMessageEnhancedStatusCode | | Returns the message to the sender in an NDR with the specified enhanced delivery status notification (DSN) code. The recipient doesn't receive the original message or notification. Valid DSN codes are The default reason text that's used is When you create or modify the rule in PowerShell, you can specify the rejection reason text by using the RejectMessageReasonText parameter. |
Delete the message without notifying anyone Block the message > delete the message without notifying anyone | DeleteMessage | n/a | Silently drops the message without sending a notification to the recipient or the sender. |
Add recipients to the Bcc box Add recipients > to the Bcc box | BlindCopyTo | | Adds one or more recipients to the Bcc field of the message. The original recipients aren't notified, and they can't see the additional addresses. |
Add recipients to the To box Add recipients > to the To box | AddToRecipients | | Adds one or more recipients to the To field of the message. The original recipients can see the additional addresses. |
Add recipients to the Cc box Add recipients > to the Cc box | CopyTo | | Adds one or more recipients to the Cc field of the message. The original recipients can see the additional address. |
Add the sender's manager as a recipient Add recipients > add the sender's manager as a recipient | AddManagerAsRecipientType | | Adds the sender's manager to the message as the specified recipient type (To, Cc, Bcc), or redirects the message to the sender's manager without notifying the sender or the recipient. This action only works if the sender's Manager attribute is defined in Active Directory. |
Append the disclaimer Apply a disclaimer to the message > append a disclaimer | ApplyHtmlDisclaimerText ApplyHtmlDisclaimerFallbackAction ApplyHtmlDisclaimerTextLocation | First property: Second property: Third property (PowerShell only): | Applies the specified HTML disclaimer to the end of the message. When you create or modify the rule in PowerShell, use the ApplyHtmlDisclaimerTextLocation parameter with the value |
Prepend the disclaimer Apply a disclaimer to the message > prepend a disclaimer | ApplyHtmlDisclaimerText ApplyHtmlDisclaimerFallbackAction ApplyHtmlDisclaimerTextLocation | First property: Second property: Third property (PowerShell only): | Applies the specified HTML disclaimer to the beginning of the message. When you create or modify the rule in PowerShell, use the ApplyHtmlDisclaimerTextLocation parameter with the value |
Remove this header Modify the message properties > remove a message header | RemoveHeader | | Removes the specified header field from the message header. |
Set the message header to this value Modify the message properties > set a message header | SetHeaderName SetHeaderValue | First property: Second property: | Adds or modifies the specified header field in the message header, and sets the header field to the specified value. |
Set the spam confidence level (SCL) to Modify the message properties > set the spam confidence level (SCL) | SetSCL | | Sets the spam confidence level (SCL) of the message to the specified value. |
Apply rights protection to the message with Modify the message security > apply rights protection | ApplyRightsProtectionTemplate | | Applies the specified Rights Management Services (RMS) template to the message. RMS requires Exchange Enterprise client access licenses (CALs) for each mailbox. For more information about CALs, see Exchange Server Licensing. |
Require TLS encryption Modify the message security > require TLS encryption | RouteMessageOutboundRequireTls | | Forces the outbound messages to be routed over a TLS encrypted connection. |
Encrypt the message with Office 365 Message Encryption Modify the message security > Apply Office 365 Message Encryption | ApplyOME | | Encrypt the message and attachments with Office 365 Message Encryption. For more information about message encryption in Office 365, see Email encryption in Office 365. |
Remove Office 365 Message Encryption from the message Modify the message security > Remove Office 365 Message Encryption | RemoveOME | | Decrypt the message and attachments so users don’t need to sign in to the encryption portal in order to view them. This action is only available for messages that are sent within your organization. For more information about message encryption in Office 365, see Email encryption in Office 365. |
Prepend the subject of the message with | PrependSubject | | Adds the specified text to the beginning of the Subject field of the message. Consider using a space or a colon (:) as the last character of the specified text to differentiate it from the original subject text. To prevent the same string from being added to messages that already contain the text in the subject (for example, replies), add the The subject includes (ExceptIfSubjectContainsWords) exception to the rule. |
Generate incident report and send it to | GenerateIncidentReport IncidentReportContent | First property: Second property: | Sends an incident report that contains the specified content to the specified recipients. An incident report is generated for messages that match data loss prevention (DLP) policies in your organization. |
Notify the recipient with a message | GenerateNotification | | Specifies the text, HTML tags, and message keywords to include in the notification message that's sent to the message's recipients. For example, you can notify recipients that the message was rejected by the rule, or marked as spam and delivered to their Junk Email folder. |
Properties of this rule section > Audit this rule with severity level | SetAuditSeverity | | Specifies whether to:
|
Properties of this rule section > Stop processing more rules More options > Properties of this rule section > Stop processing more rules | StopRuleProcessing | n/a | Specifies that after the message is affected by the rule, the message is exempt from processing by other rules. |
The property values that are used for actions in mail flow rules are described in the following table.
Property | Valid values | Description |
---|---|---|
| One of the following values:
| Specifies how to include the sender's manager in messages.
This action only works if the sender's Manager is defined. |
| Exchange recipients | Depending on the action, you might be able to specify any mail-enabled object in the organization, or you might be limited to a specific object type. Typically, you can select multiple recipients, but you can only send an incident report to one recipient. |
| One of the following values:
| The values Low, Medium, or High specify the severity level that's assigned to the incident report and to the corresponding entry in the message tracking log. The other value prevents an incident report from being generated, and prevents the corresponding entry from being written to the message tracking log. |
| One of the following values:
| Specifies what to do if the disclaimer can't be applied to a message. There are situations where the contents of a message can't be altered (for example, the message is encrypted). The available fallback actions are:
|
| HTML string | Specifies the disclaimer text, which can include HTML tags, inline cascading style sheet (CSS) tags, and images by using the IMG tag. The maximum length is 5000 characters, including tags. |
| Single value: | In PowerShell, you use the ApplyHtmlDisclaimerTextLocation to specify the location of the disclaimer text in the message:
|
| Single DSN code value:
| Specifies the DSN code that's used. You can create custom DSNs by using the New-SystemMessage cmdlet. If you don't specify the rejection reason text along with the DSN code, the default reason text that's used is When you create or modify the rule in PowerShell, you can specify the rejection reason text by using the RejectMessageReasonText parameter. |
| One or more of the following values:
| Specifies the original message properties to include in the incident report. You can choose to include any combination of these properties. In addition to the properties you specify, the message ID is always included. The available properties are:
In PowerShell, you specify multiple values separated by commas. |
| Single string | Specifies the SMTP message header field to add, remove, or modify. The message header is a collection of required and optional header fields in the message. Examples of header fields are To, From, Received, and Content-Type. Official header fields are defined in RFC 5322. Unofficial header fields start with X- and are known as X-headers. |
| Any combination of plain text, HTML tags, and keywords | Specified the text to use in a recipient notification message. In addition to plain text and HTML tags, you can specify the following keywords that use values from the original message:
|
| Single outbound connector | Specifies the identity of outbound connector that's used to deliver messages. For more information about connectors, see Configure mail flow using connectors in Office 365. In the EAC, you select the connector from a list. In PowerShell, use the Get-OutboundConnector cmdlet to see the connectors that are available. |
| Single RMS template object | Specifies the Rights Management Services (RMS) template that's applied to the message. In the EAC, you select the RMS template from a list. In PowerShell, use the Get-RMSTemplate cmdlet to see the RMS templates that are available. For more information about RMS in Office 365, see What is Azure Information Protection?. |
| One of the following values:
| Specifies the spam confidence level (SCL) that's assigned to the message. A higher SCL value indicates that a message is more likely to be spam. |
| Single string | Specifies the text that's applied to the specified message header field, NDR, or event log entry. In PowerShell, if the value contains spaces, enclose the value in quotation marks ("). |