Exchange Online

8 min read

Exchange Online is the messaging backbone of M365. This guide covers mail flow configuration, transport rules, shared mailbox setup, hybrid coexistence patterns, and quarantine management. Every change should be tested in a pilot group before tenant-wide enforcement.

Mail Flow Basics

Mail flow in Exchange Online is controlled by transport rules (also called mail flow rules). These operate on messages in transit and can inspect headers, sender/recipient addresses, attachment types, and message content. Rules are processed in priority order - lower numbers run first.

Common use cases include disclaimers on external mail, blocking specific attachment types, routing mail to compliance mailboxes, and applying encryption to messages containing sensitive data.

Transport Rule Patterns

Standard transport rules to deploy as a baseline. Test each in report-only mode before enforcement.

External sender warning Prepend subject or add banner to emails from outside the organization.

Block executable attachments Reject messages containing .exe, .bat, .cmd, .ps1, .vbs attachments.

Auto-encrypt sensitive content Apply encryption when message body matches DLP patterns (credit card, SSN).

Journal to compliance mailbox Copy messages matching regulatory scope to a dedicated journal mailbox.

Migration Patterns

Common migration scenarios and approach for each:

IMAP migration From third-party providers (GoDaddy, Rackspace, generic IMAP). Batch migration with CSV mapping.

Cutover migration Small on-premises Exchange (fewer than 150 mailboxes). All mailboxes migrate at once, MX record cut.

Hybrid coexistence On-premises Exchange alongside Exchange Online. Shared address space, free/busy lookup, staged migration.

Quarantine Management

Review quarantine policies to balance security with usability. End-user quarantine notifications should be enabled so users can release false positives without admin intervention. Admin quarantine review should be scheduled weekly for high-confidence blocks.