MS-203 Microsoft 365 Messaging – Managing Mail Flow Topology Part 2

3. Mail Flow Transport Rules in Exchange Online

Let’s take some time now and look at Exchange Online, okay, and how we can set up our mail flow transport rules using Exchange Online. So I’m on the Admin Microsoft. com site, also known as Portal Microsoft. com, and I’m going to go over here and click the Show All Ellipse symbol. And then I’m going to click on Exchange.

This is going to bring me into the EAC for Exchange Online, okay. I’m going to click Mail Flow just like you would do on Exchange server on premise. And then this is where I’m going to create my mail transport rule. So I’m going to click that. Notice I’ve got some predefined ones here. I can go with. I’m going to go with create a new rule. And this time what we’re going to do is we’re going to have our transport rule look for the keyword payroll in an email attachment, okay. And we’re only going to do this if it’s going outside our organization, okay.

So I’m going to say payroll check is what I’m going to call this, and apply the rule. All right. And I’m going to say if the recipient is located outside our organization, it’s going to be my little condition here, all right? And I’m going to actually add another condition. Now in order for me to add a second condition, I’ve got to come down here and click more options.

Now I can add a second condition if I want. And my second condition is going to be any attachment. And we’ll say content includes any of these words, okay? So I could say budget. All right. If I wanted to add some additional keywords to that, I could I’m just going to do I’m sorry, not budget, payroll. Payroll. All right. And we’re going to click okay to that. And now we’ve got our two conditions.

Recipient is located outside our organization and the attachment. And attachment has the keywords payroll associated with it. Now I would also like to point out that you could if you were doing attachments, you can do things like contents matches, a certain pattern. It really gets pretty advanced into this.

But this course doesn’t get into all this yet. But it talks about with patterns. You can have it look for things like Social Security numbers and driver’s license numbers and all that. That’s going to actually play upon a cloud service that Microsoft offers called Azure Information Protection, as well as something called DLP Data Loss Prevention.

And so that’s a very powerful tool, but that’s not something we’re getting into just yet. But you can have it. Look at content can’t be inspected. What if somebody is encrypted? What if somebody was trying to send out this payroll information and they encrypted it so that Exchange couldn’t read it? That’s where that’s going. So find out. You can have file name matches matching a certain pattern. File extensions include these words.

You can specify like a size if it’s greater than a certain size didn’t complete scanning if it wasn’t able to scan it has executable content in it, is password protected. And then you can also say has these properties including any keywords. Okay. So you have quite a bit there that you can specify in regards to things like file attachments. I’m only going to set those two conditions. All right. So the recipient is located and any attachment contents include, and we’re going to say do the following. And so this time what I’m going to do is I’m going to say notify the sender with a policy tip. Or I could say forward the message for approval. I could block the message. I could add a disclaimer message all right, to it if I wanted to. I’m going to say actually add a disclaimer message pin to disclaimer. I’m going to say enter the text.

And how about we do this? Info is property of exam lab practice. If you are not a member of the company will come after you and your family. Okay, maybe not. Maybe that’s probably not a good thing to say. We’ll, I don’t know, prosecute you. All right. I’m going to hit simple message there. I’m going to hit okay, all right. It’s going to say that and it says fall back to action. Select if the disclaimer can’t be inserted. Okay. It’ll wrap it.

So that way if it can’t go out in a straight line, it’ll just wrap the text there. Next thing would be if I want to add an additional action to that. I could so I could say generate an incident report. And I could say we’ll send this incident report to Alex Rogers. Maybe Alex Rogers is our person who is over payroll. All right. And I could say include the message sender and recipient information. Okay. And then at that point, I could set exceptions if I wanted to. All right. So if I wanted to add an exception, I could say the sender is Bill Williams and I could say the recipient is, let’s say, external outside the organization.

So basically we could allow Billy Williams to send this if we wanted. But I’m not actually going to set an exception. I just wanted to show you that audit this rule for severity levels. Again, that’s just going to set for auditing purposes. We could say this was considered a high severity level. So if we go and view our audit logs and all that, we can sort by severity level if we want. We can set our activation dates, stop processing. This is stuff we’ve gone over. I’m going to hit save. And as you can see, it’s officially been created. Payroll check has been created. It has a priority of zero.

Again, you could add more of these rules if you wanted to. And exchange online is going to work. Just like exchange on prem. You can set a priority if there’s any kind of a conflict or anything. The lower the number, the higher the priority. So if you had another rule and it was a priority of one, then payroll check. If it’s set to zero, it’s going to have a higher priority than the next one. Okay? So that’s how the priority system works. Okay. Okay. So as you can see here, I hope you’ll notice that working with Exchange online, transport rules are pretty much the same as working with Exchange onprem if you’ve worked with Exchange onprem on this, and hopefully that gives you now a decent understanding of doing transport rules with Exchange online.

4. Accepted Domains with Exchange On-Premise

And I’m going to go down here to Mail flow. And if you look, you’ll see you have accepted domains up here. Alright? So on accepted domains, I have a separate domain here called Acme Corp. com that I created previously. When looking at email address policies, in order for Exchange to manage an email account for somebody have a domain name associated with an email address, if it’s actually going to handle mail flow, for that domain name, you have to have an accepted domain created. Okay? Now I’ve got these two added acmecorp. com and examlabpractice. com. Let’s say that I wanted to host the email addresses for Examlabpractice net as well. So I have examlabpractice. com but I also wanted to handle examlabpractice net okay? So in order to do that, I’m going to click on the little plus sign over here. It’s going to pop up a box that’s going to allow me now to add that accepted domain.

So I’m going to call this Examlabpractice Net and that is also going to be my accepted domain. Now to kind of review these again, this is authoritative. Accepted domain is authoritative. It tells you that email is delivered only to valid recipients in your Exchange organization. So all email for unknown recipients is rejected. Okay? So in other words, if I’ve got a user named Bob Jones and I want it to be Bob Jones@examlabpractice.com or Net, you’ve got to have a recipient within your Exchange organization that that address can tie to or it’s going to reject that email. Okay?

Now. I’ve also got internal relay. Internal Relay says email is delivered to recipients in this Exchange organization or relayed to an email server at another physical or logical location. So what it’s going to do there is it’s always going to check to see if the recipient is within our Exchange organization, but if not, then that’s when it would go and try to relay. It will try to locate through SMTP the email server that it needs to go to. And then the last option is External Relay. Email is relayed to an email server at another physical location.

So in other words, I’m basically saying, hey, if an email comes in for Exam Labpractice Net, then you’re just going to look for the SMTP server and send it on. Once you’ve defined the accepted domain, you can actually go and associate that with recipients and you can also set up mail flow rules for it.

So that’s the reason why you would want to do this. Maybe the only reason you’re adding this is because maybe the only reason in your case you’re adding the external relay is because maybe you’re wanting to specify some special mail flow rules, transport rules on it, and set restrictions or things like that. Maybe you want to audit all emails that are going to that domain so you can set up different transport rules to manage that if you’ve got the accepted domains configured. Okay, so I’m going to go ahead and save that. And I’ve now officially configured myself with an accepted domain here with my Exchange on Prem server.

5. Domains in Exchange Online

Okay, I now want to talk about Exchange Online and how it deals with domains. Now, first off, I’m on the admin Microsoft. com site, also known as Portal Microsoft. com. And if I drop this down, I can click Settings and I can add domain names that I own that I pay for right here. And if you want Exchange Online to be able to deal with those, you would add the domain names there. But I want to talk about where in Exchange Online all this is going to be taken care of. So I’m going to jump into Exchange Admin Center here and just like with Exchange on premise, I would click on Mail Flow and we have accepted domains, accepted domains in Exchange Admin Center, same concept here. These are going to be domains that we’re, we want to be able to assign email addresses to or create mail flow rules. But I want to talk about remote domains now.

Now remote domains allow me to confirm in Exchange Online that we do have some special rules and filters we want to put in place whenever somebody in our Exchange Online organization is emailing somebody in these remote domains. Now you do have a default rule here. If I click the little edit icon, I can pull that up. And you’ll notice that you have these different options that are already configured here, which for the remote domain, this is basically saying everything, any domain that’s not within our Exchange organization, it’s going to follow these rules. So the first thing is out of office automatic replies is set to allow external outofice replies.

So if you email somebody in a different domain name that’s associated with Exchange, it is going to allow out of office replies. Okay, you’ve got automatic replies, allow automatic replies, allow automatic forwarding. So this is going to allow those types of things to occur. You can allow delivery reports or nondelivery reports, NDRs allow meeting forward notifications that’s turned off. So our default rule does not allow these meeting forward requests to go through allow rich format.

So that’s called RTF. Some other email products out there do require rich text format. Right here it’s saying just follow the user settings. So if the user settings default, allowing it to be turned on, then yes, it’s going to allow it. If the user has disabled RTF, then it would be turned off. And then allow Mime character sets. That gets into whether you’re going to allow Mime non Mime. This is going to involve different languages and things like that if you want to allow different character sets.

So this is the default remote domain. Okay, so what I want to show you now is I’m going to click plus sign. Now let’s say that our company is partnered up with another company called Abccorp. com. All right? And again, I’m just making that name up, ABC Corp. com. We’re partnered up with them. We do a lot of business with them and they have a lot of employees. So maybe we want to have some specific rules based upon any people in our organization emailing that domain name. So if somebody was to email somebody like John Smith@abcc. com, this would take effect. So you’ll notice out of office reply, automatic replies. Maybe I want to turn that off because when we email them, we send a mass email out to all of them and we don’t want all of the automatic replies to come in. I’ve also got our out of office automatic replies.

Sorry. And then the other automatic replies, I’ve got Allow automatic replies, I can turn that off. Allow automated Forwarding allow delivery reports. I’m going to turn off the Allow non delivery reports and DRS because they’re a huge company, let’s say, and they have a lot of people that quit the company. And again, the way that our partnership is set up is we email a mass of people at that company at one time and so we don’t want NDRs flooding our mailboxes. Okay? So from there I’ve got use rich text. I’m going to say never. Maybe we do not want to use rich text with them. And then I don’t have any Mime character sets here. So this lets me set up these customization options for just this one domain and then I can hit save.

Okay, so once you hit save, you’re also going to notice that it allows me to essentially still use the default for other domain names, but for Abccorp. com that domain is going to follow those rules. Okay? So any domain names I add here in remote domains, this is going to allow me to control those rules, those little filter rules you saw for that remote domain. But if the domain somebody’s emailing does not fall within that ABC Corp. com, then it gets the default rule. Okay? So as you can see, hopefully you’ll find that the remote domains is a pretty straightforward concept with Exchange Online and of course accepted domains pretty much works the same way it does in regards to Exchange on prem.

• Category: Uncategorized