Saturday, September 28, 2013

Exchange Server 2013 Transport Rules an Overview

Transport Rules plays a vital role in administrating the Mail Flow in any Organization. This topic is not new for Exchange Admins, I have written this post to show few good options that I come across with Exchange 2013 Transport rules and also few facts that can assist Administrators to know the limitation and show how to utilize the enhanced features and work up on the requirement when arise.

First let’s review the Overview of Transport rules with Exchange 2013 from TechNet 

Also read the subsequent Topics shown below one after another to gain adequate knowledge over  Transport Rules.

I am going to cover 3 topics with Transport rules today in this post and there are many things that you can do with transport rules, these are just few examples that I want to show as a reference.

1.Creating Disclaimers/Non-Disclosure Statement with Transport Rules

I came across a very good article posted by Alan Byrne on where he shows how to create Disclaimers in O365.

Since this beautiful post available I am referring it here for this requirement as I don't want to make this post even lengthier and all the options shown here are applicable for On premise Exchange Server 2013 Environment as the EAC options for Creating Transport rules remains the same.

Alan updates at the end of this post that we can use the active directory attributes to create customized transport rules. Below is one example where we are creating Transport rules to apply the disclaimer for emails sent to specific domain by using user’s department code.

I have highlighted the Exception section on the above screen shot because it plays a significant role in this rule where in it controls the disclaimer to be appended only once to the E-mail that is sent out and does not append each time for further replies and forwards.

This raises a question why can't we make the disclaimer to get attached below the signature for all replies and forwards, here comes the limitation that I was taking about, we have only option to either prepend or append the disclaimer text and we cannot make it appear under our signature for each forwards and replies and if we really need it then we need rely on any 3rd party application.

I found this information while I was working on a requirement and it was not documented anywhere in TechNet clearly and below is the article that I found from HP which explains this to us in a nutshell.

2.Creating Transport rules to block E-mails with particular subject

There will be scenarios when some user accidentally sends E-mail to a large group of users through a Org wide distribution list which includes even the VIP users who are not intended to receive the E-mail and one after the other users would start to reply over this E-mail requesting them to get removed from the thread and eventually causes the Mail Flood scenario.

In this scenario to further avoid mail flood first we will create the Transport rule to block E-mails with the specific Subject and delete it with out notifying anyone.

Once this is Done we can set delivery restriction to the Distribution list to avoid future crisis and also we can run the below Exchange PowerShell cmdlet that can search for this subjected E-mail and remove it from all the user's mailbox who has received it inside the Organization.

PowerShell cmdlet :

Get-mailbox -resultsize unlimited | search-mailbox –SearchQuery  'subject:"Leave Notifcation"' –   DeleteContent

Note:  The above shell can be executed easily in a On premises Exchange Environment as most of the Organizations by default enable Exchange Administrators group full access on all mailboxes inside the Exchange Organization, but this is not easy when it comes to Exchange Online in order to Search the mailboxes inside Exchange Online the user should be added to the Discovery Management Role group which enables Multi-Mailbox Search possible and also to use the DeleteContent switch user need to be a part of MailboxImportExport role group which needs to manually created as there is no such default group available. Also this same applies to Organizations that does not allow Exchange Admins to have full access on the mailboxes by default in a On premises Environment

Check the TechNet here: Messaging Policy and Compliance Permissions

Limitation : Unfortunately we cannot handle the situation if user tend to change the subject and start a new mail thread once again before our troubleshooting task is completed. Once the above shell completes the task the subjected E-mail will be deleted from the user mailbox and  we need ensure that we set the delivery restriction on the distribution list at the earliest as this will block E-mail delivery to the users and quite reduce the impact of the issue and we can work separately with the users who has modified the subject and continues to cause the trouble and update them to stop relaying E-mails further.

3.Block E-mail delivery with Attachments to particular domain and sent a customized NDR to the Sender and also create a Incident Report for the Admin over this Activity.

Here comes the enhanced features part on the Transport rules with Exchange Server 2013 , As you are aware that we have DLP features available with Exchange Server 2013, and these polices are applied through the Transport Rules and with this benefit now we can accomplish the above said task.

With Earlier version of Transport rules we still have the option to block emails with attachments to particular domain and notify the sender with the NDR. But we cannot generate an Incident for the Admin to track the user activity. We can now get this accomplished with the Exchange Server 2013 Transport Rules and enhance the Information Security of the Organization.

Let's explore how we do it.

In the above screen shot while selecting the Generate Incident Report condition we need to select the User who can receive the Incident report along with the required Information that needs to be included in the Report. Custom content highlighted in the above screenshot includes the below shown message properties that are available and can be included in the report and I have selected few for the example requirement.

Limitation : We will be able to select only user who has mailbox inside the organization to receive the Incident report and cannot include multiple users or distribution lists. and the suggested option is either create a common mailbox and grant access to the Administrators to manage the Incidents triggered or create a Outlook rule in the Mailbox that will automatically forward the generated Incident report to the Administrators mailbox.

Hope this post is a good one for the readers to get a refreshment on the Transport rules topic and explore things further.

Add-on Read:

Review the below Blog post to know few more examples and also steps to Export Transport rules from Exchange On premises to Exchange Online.


No comments:

Post a Comment