m365Corner
Home / M365 Blogs / Using New-TransportRule to Create Microsoft Exchange Mail Flow Rules
M365 Blogs

Using New-TransportRule to Create Microsoft Exchange Mail Flow Rules

In Microsoft Exchange Online, mail flow rules—also known as transport rules—are essential for controlling and automating how email is processed. These rules allow administrators to apply conditions and actions to messages that pass through the transport pipeline.

While Graph PowerShell continues to evolve, it does not yet support the creation of mail flow rules. For now, you must use Exchange Online PowerShell to manage mail flow at this level.

This article dives into the New-TransportRule cmdlet, illustrating how to create custom rules with real-world examples, practical tips, and troubleshooting guidance.

Cmdlet Syntax

New-TransportRule -Name <String> [-Comments <String>] [-Priority <Int32>] [-Enabled <$true | $false>] [-SentTo <Recipients>] [-From <Recipients>] [-SenderDomainIs <MultiValuedProperty>][-RedirectMessageTo <Recipients>] [-RejectMessageReasonText <String>][-SetAuditSeverity <None | Low | Medium | High>][-Other Parameters...]

You must be connected to Exchange Online using:

Connect-ExchangeOnline

Common Transport Rule Conditions and Actions

Task Parameter
Block specific sender -From
Apply rule to recipient -SentTo
Block attachment extensions -AttachmentExtensionMatchesWords
Add disclaimer -ApplyHtmlDisclaimerText
Redirect messages -RedirectMessageTo
Reject messages -RejectMessageReasonTexto
Add subject warning -PrependSubject
Detect external senders -FromScope NotInOrganization
Block auto-forwarding -MessageTypeMatches AutoForward
Apply message moderation -ModerateMessageByUser

Why This Matters
Understanding transport rule conditions and actions helps administrators build more effective Exchange Online mail flow and compliance policies.

Usage Examples

Example 1: Redirect CEO Emails to Another Address

New-TransportRule -Name "Redirect CEO Emails" ` -SentTo "samadmin@7xh7fj.onmicrosoft.com" ` -RedirectMessageTo "dexter@7xh7fj.onmicrosoft.com"

This rule redirects all emails sent to the CEO's mailbox to another address, which can be helpful for delegation or monitoring.


Example 2: Block All Emails from Example.com Domain

New-TransportRule -Name "Block Example.com Emails" ` -SenderDomainIs "example.com" ` -RejectMessageReasonText "Emails from gmail.com are not accepted."

This rule blocks any incoming emails from senders using example.com and returns a rejection notice to the sender.

Common Real-World Transport Rule Scenarios

Exchange Online transport rules are commonly used to enforce organizational email security, compliance, and mail flow policies. Below are some practical examples administrators can use in real-world Microsoft 365 environments.

  1. Block Executable Attachments

    The following example creates a transport rule that blocks executable file types such as .exe and .bat attachments from being delivered.

    New-TransportRule -Name "Block EXE Files" `
-AttachmentExtensionMatchesWords "exe","bat" `
-RejectMessageReasonText "Executable attachments are blocked by the organization."

  2. Block Auto-Forwarding to External Recipients

    The following example blocks automatic email forwarding outside the organization.

    New-TransportRule -Name "Block Auto Forwarding" `
-MessageTypeMatches AutoForward `
-RejectMessageReasonText "External auto-forwarding is not allowed."

  3. Apply an Email Disclaimer

    The following example appends a disclaimer to all outgoing emails.

    New-TransportRule -Name "Add Disclaimer" `
-SentToScope NotInOrganization `
-ApplyHtmlDisclaimerText "<p>This email contains confidential information intended only for the recipient.</p>" `
-ApplyHtmlDisclaimerLocation Append

Cmdlet Tips

  • You can stack conditions and actions to make more complex rules (e.g., sender domain + subject match).
  • Use -Priority to set rule order explicitly.
  • Always test your rule in a controlled scenario before deploying it broadly.
  • Use Get-TransportRule to verify rule creation and settings.
  • Disable a rule temporarily using Disable-TransportRule -Identity "".

When to Use PowerShell Instead of Exchange Admin Center

Although transport rules can be created through the Exchange Admin Center (EAC), PowerShell offers greater flexibility and scalability for Microsoft 365 administrators.

Benefits of Using PowerShell for Transport Rules

  • Faster bulk rule creation and management
  • Easier automation using scripts
  • Better standardization across environments
  • Ability to export and version-control configurations
  • Useful for large enterprise environments
  • Simplifies repetitive administrative tasks

Example Scenarios

PowerShell is especially useful when:

  • Creating multiple transport rules in bulk
  • Automating compliance configurations
  • Deploying standardized mail flow policies
  • Managing Exchange Online environments at scale

For organizations managing large Microsoft 365 deployments, PowerShell provides significantly greater control than the graphical Exchange Admin Center interface.

Possible Errors & Solutions

Error Cause Solution
New-TransportRule is not recognized Not connected to Exchange Online Run Connect-ExchangeOnline
The transport rule name already exists Duplicate rule name Use a unique name or modify existing rule
Invalid parameter Typo or unsupported combination Use Get-Help New-TransportRule -Full for guidance
SenderDomainIs requires a valid domain Domain not formatted correctly Use values like "domain.com" without wildcards

Use Cases

  • Security: Block specific domains or IPs known for phishing.
  • Compliance: Redirect sensitive emails for auditing.
  • Productivity: Apply disclaimers, tags, or auto-responses.
  • Routing: Automatically forward emails based on recipient or subject.
  • Delegation: Redirect or copy important roles' emails to backups.

Frequently Asked Questions (FAQs)

  1. What is the New-TransportRule cmdlet used for?
    The New-TransportRule cmdlet is used to create mail flow rules in Exchange Online. These rules help administrators enforce email security, compliance, routing, and organizational policies.
  2. What permissions are required to create transport rules?
    Administrators typically require Exchange Administrator or Organization Management permissions to create and manage transport rules in Microsoft 365.
  3. Can transport rules inspect email attachments?
    Yes. Transport rules can inspect attachment names, extensions, sizes, and content properties to enforce security and compliance requirements.
  4. What is the difference between transport rules and inbox rules?
    Transport rules are organization-wide mail flow rules processed by Exchange Online, while inbox rules are user-specific rules configured within individual mailboxes.
  5. Can transport rules apply to external emails?
    Yes. Administrators can configure transport rules to process emails originating from outside the organization using conditions such as: -FromScope NotInOrganization
  6. Are transport rules processed in order?
    Yes. Exchange Online processes transport rules based on priority. Rules with lower priority numbers are processed first.
  7. Can transport rules help prevent phishing attacks?
    Yes. Transport rules can help reduce phishing risks by:
    • Adding external sender warnings
    • Blocking suspicious attachments
    • Restricting spoofed domains
    • Preventing auto-forwarding

Conclusion

The New-TransportRule cmdlet is a powerful way to manage mail flow policies in Microsoft Exchange Online. Whether you're automating redirection, filtering senders, or enforcing company email policies, this cmdlet has you covered.

As Graph PowerShell matures, we may see support for these configurations in the future—but for now, Exchange PowerShell remains the definitive tool for managing transport rules.

Related Reading: