Office 365

Module 7: Exchange Online (EXO) Administration
Mail Flow

Jacek Swiatowiak
MVP Directory Services
MCT

Mail Flow Page

•

Mail Flow page
(called Mail
Control in Office
365)

•

Used to
administer mail
flow and EXO
Protection
configurations

Mail Flow Page

•

Mail Flow consists of five administrative tabs:

*Denotes new tabs for Office 365 Preview

Tabs

Description

Rules

Use  rules to control the flow of email messages in your

organization. If you do not want a rule to run, you can turn it off or

delete it.

Delivery Reports Search for delivery information about messages sent to or from a

specific person. Narrow the search to messages with certain

keywords in the subject.

Message Trace*

Search for email messages from or to a user or users. You can

specify user names or fully qualified email addresses. Wildcards

are supported.

Accepted

Domains

Displays mail domains that are accepted for sending and receiving

email. To add domains, use the O365 portal.

Connectors*

Set both Inbound and Outbound EXO Protection connectors from

within Office 365 Preview

Mail Flow Page

Transport Rules-Policy Changes

•

Exchange Transport Rules will replace FOPE Wave 14 Policy rules.
Some parameters which were in available in FOPE Wave 14, are now
available in the EAC on a different page or tab

•

Exchange Transport Rules provide an additional level of mail flow
control for Exchange Online Administrators.

•

These rules can help Exchange Online Administrators mitigate
security and compliance issues in their organization.

Mail Flow Page

Transport Rules

•

Transport Rules consist of three major components:

Component

Description

Conditions

This component of a rule determines why the rule is triggered. For

example, an Administrator may want to apply a rule against all mail sent

form a specific user.

The conditions determine the scope of a rule.

Actions

This component includes any actions that can be applied against an email

by a transport rule. For example, an Administrator may choose to redirect

any message that is triggered

by a rule.

Exceptions

This component can be used to create exclusions for the conditions

associated with a rule. For example, if you wanted to exclude an

executive in your organization for a specific rule, then can create an

exception to by emails sent or received by this user.

Mail Flow Page

Transport Rules – Rule Wizard

•

Create Transport Rules using the new wizard

•

Mail Flow Page > Rules > New

•

New Rules has wizard to assist in creating rules

Rule Components

New Rule Wizard

Conditions

If

Actions

Do the following

Exceptions

Except If

Table shows relationship of rule components &
wizard fields

:

Mail Flow Page

Transport Rules – Rule Wizard

•

New Conditions & Exceptions in Office 365 Preview

Rule

Condition or Exception

Description

Senders

The sender…IP matches any of these
addresses

Specify whether the sender’s IP matches one or more
specific IP address, or a range of IP addresses

Recipients

(no new updates)

Message subject or
body

(no new updates)

Attachments

Any attachment…file extension
matches these words

Any attachment…has executable
content

Specify words or phrases that match the an attachment’s
file extension

Specify whether the attachment is an executable file

Message Properties

(no new updates)

To and Cc fields

The message…contains sensitive
information

The message…size exceeds

Specify whether the message contains a sensitive
information type

Specify whether the message size is greater that a specific
size (in KB)

Sender and recipient
relationships

(no new updates)

Message Headers

(no new updates)

Mail Flow Page

Transport Rules – Rule Wizard

•

New Actions in Office 365 Preview

Action

Description

Generate incident report

Specify who to send the report to, and whether
or not an original copy of the content should be
sent to that mailbox

Require TLS Encryption

Similar to “Force TLS” in FOPE

Put message in quarantine
mailbox

Similar to FOPE quarantine features, with O15
quarantine is now natively managed in O365 UI

Use the following outbound
connector…

Specify an outbound connector created in
“Protection” tab of Exchange Administration
Center

Mail Flow Page

Transport Rules – Options

Additionally, Office 365 Preview adds the following
options for Transport Rules:

•

Rules can be configured to run for a specific time
period time

•

Rules can be run in Test Mode

•

Information Rights Management can be applied to
messages using a transport rule.

Mail Flow Page

Creating Transport Rule

Mail Flow Page

More information on Transport Rules can be found
here:

http://

technet.microsoft.com/en-us/library/dd638183.aspx

This following provides details about new predicates
and actions:

http://social.technet.microsoft.com/wiki/contents/a
rticles/12673.what-s-new-in-exchange-2013-preview-e
n-us.aspx#What_s_New_in_Transport_Rules

Exercise: What's new for
Transport Rules

1.

Review the following article, What's new for
Transport Rules: .

http://technet.microsoft.com/en-us/library/jj150483(v
=exchg.150).

aspx

Exercise: Create an Exchange
Transport Rule

1.

Create an Exchange Transport Rule with an end result which would be
similar to a FOPE Wave 14 configuration.

a.

This rule should take action on messages over 25 KB size limit.

b.

This rule should forward a copy of any message over 25 KB size limit
to an Office 365 administrator

2.

Create a separate transport rule that will modify messages if the
sender is a <given user>.

a.

Configure the rule action to Reject messages from the <given
user>.

b.

Configure the rule to activate and deactivate during certain days

Mail Flow Page

Delivery Reports

•

Tracks delivery information about messages sent by or received from

any specific mailbox in an organization

•

The content of the message body is not returned, only the subject line displays

•

A delivery report search will show the following information:

•

Who the message was sent from and to

•

The subject line

•

When the message was sent

•

Delivery status and reasons why delivery
may be delayed or failed

•

To search mailboxes for specific

email messages,

see Multi-Mailbox searches.

Mail Flow Page

Message Trace

•

Functionality was previously provided in the FOPE Admin center in the Message
Tracing Tool (MTRT).

•

Functionality has been expanded to include the ability to trace messages sent from
one internal Office 365 tenant mailbox to another

•

Search for mail from or to a user or users

•

Previously, FOPE was only able to trace messages that entered or left the FOPE
environment to or from an external email address

•

Sender and recipient address: For either the sender or the recipient, you may

specify an internal user or contact or a fully-qualified email address. Wildcards are

supported. However, at least one of the fields must contain a complete email

address.

•

Message was sent or received: Email messages for the last 30 days can be

traced.

•

Delivery Status and Message ID: If you already know the delivery status and/or

the message ID for a specific message, you can choose to make it part of the search

criteria in order to return better search results.

Mail Flow Page

Message Trace

•

The following information will be returned on a
message trace

:

•

Date the Message was sent

•

Sender and recipient addresses of the message

•

Subject line of the message

•

SMTP delivery status (delivered, failed, pending, expanded, unknown)

Mail Flow Page

Accepted Domains

•

An accepted domain is any SMTP namespace for which a Microsoft
Exchange organization sends or receives email.

:

•

Include those domains for which the Exchange organization is authoritative

•

include domains for which the Exchange organization receives mail.

•

The Accepted Domains tab functionality is the same as in the previous version of Office
365

Mail Flow Page

Connectors: Inbound and Outbound

•

Allows customers to create and configure connectors

•

Connectors are used to implement advanced email flow scenarios in Office 365 Preview

•

The connector configuration option varies depending upon the scenario

•

This functionality was previously provided in the FOPE Administration Center

Settings for inbound/outbound
connectors:

•

Enable/Disable Forced TLS

•

Specify the IP Address or Domain

•

Specify Partner or On-Premise

•

Specify a TLS certificate   

Mail Flow Page

Connectors: Inbound and Outbound

Mail Flow Page

Connectors – Inbound and Outbound
Scenarios

Scenario

Description

Outbound smart host

O365 Preview acts as a smart host, using a connector to redirect

outbound mail to an on-premises server that applies additional

processing before delivering mail to its final destination

Regulated partner with

forced TLS

Forced inbound and outbound transport layer security (TLS) is used to

secure all routing channels with the business-regulated partner

specified in the connection settings

Hybrid

Hybrid mail flow scenarios are used to partially host your email in the

cloud (Office 365) and partially on-premises:

1. Shared address space with on-premises relay scenario (MX

points to on-premises)

2. Shared address space with on-premises relay scenario (MX

points to EXO Protection)

3. Shared address space with cloud relay scenario (MX points

to cloud)

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a
commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN
THIS PRESENTATION.