Exchange Online — Advanced Admin Settings, Mail Flow Rules & Compliance

Exchange Online — Advanced Admin Settings, Mail Flow Rules & Compliance

This guide covers the advanced administrative layer of Exchange Online — mail flow rules (transport rules), retention and archive policies, litigation hold, send connectors, anti-spam configuration, and eDiscovery. These tools give admins precise control over how email is processed, stored, and audited across the organisation.

Mail Flow Rules (Transport Rules)

Mail flow rules process email in transit based on conditions you define — before messages reach the recipient's inbox. They can block, redirect, encrypt, tag, or modify email automatically.

Create a mail flow rule

1. Go to admin.exchange.microsoft.com → Mail flow → Rules.
2. Click + Add a rule.
3. Choose a template or select Create a new rule.
4. Set the Apply this rule if condition (e.g. sender is outside the organisation, subject contains specific words).
5. Set the Do the following action (e.g. redirect, reject, add a disclaimer, encrypt).
6. Add exceptions if needed.
7. Set the rule to Enforce or Test mode, then click Save.

Common mail flow rule use cases

Email Archiving & Retention Policies

Enable the online archive (In-Place Archive)

The online archive provides a secondary mailbox for older email, helping users manage their primary mailbox size without deleting anything.

1. Go to admin.exchange.microsoft.com → Recipients → Mailboxes.
2. Click the user's mailbox → Others tab → Mailbox archive → Manage mailbox archive.
3. Toggle it to Enabled and click Save.
4. The archive appears as Online Archive in Outlook and OWA within 24 hours.

Licence note: The online archive requires Exchange Online Plan 2, or Exchange Online Plan 1 with the Exchange Online Archiving add-on.

Create a retention policy (Microsoft Purview)

1. Go to compliance.microsoft.com → Data lifecycle management → Retention policies.
2. Click + New retention policy.
3. Name the policy and choose the locations (Exchange email, SharePoint, OneDrive, Teams).
4. Choose whether to retain content for a set period, delete it after a period, or both.
5. Click Create. The policy is applied within 24 hours.

Litigation Hold

Litigation Hold prevents a mailbox from being modified or deleted — preserving all content indefinitely for legal or compliance purposes. It overrides any retention or deletion policies applied to the mailbox.

Enable Litigation Hold

1. Go to admin.exchange.microsoft.com → Recipients → Mailboxes.
2. Click the user's mailbox → Others tab → Litigation hold → Edit.
3. Toggle Litigation hold to On.
4. Optionally set a Hold duration in days (leave blank to hold indefinitely) and add a note explaining why the hold is in place.
5. Click Save.

Important: Litigation Hold requires Exchange Online Plan 2. Placing a hold on a Plan 1 mailbox without this licence will fail silently. Verify the licence is assigned before relying on the hold.

eDiscovery — Searching Mailbox Content

eDiscovery lets admins search across mailboxes, SharePoint sites, and Teams for specific content — typically used in legal investigations, HR matters, or compliance audits.

1. Go to compliance.microsoft.com → eDiscovery → Standard.
2. Click Create a case. Name and describe the case.
3. Inside the case, go to Searches → + New search.
4. Choose the locations to search (specific mailboxes, all mailboxes, SharePoint sites, Teams).
5. Enter keywords, date ranges, senders, or recipients to narrow the search.
6. Run the search. Results show a count of items and estimated size.
7. Click Review set → Add to review set to export or review results.

Anti-Spam & Anti-Malware Configuration

Outbound spam policy (control auto-forwarding)

1. Go to security.microsoft.com → Email & collaboration → Policies & rules → Threat policies → Anti-spam.
2. Click Anti-spam outbound policy (Default).
3. Under Automatic forwarding rules, set to Automatic – System controlled (blocks forwarding to external addresses) unless your organisation specifically requires it.
4. Under Notifications, add an admin email address to receive alerts when a user is blocked for sending too much email (a sign of account compromise).

Quarantine policies

1. Go to Threat policies → Quarantine policies.
2. Create a custom policy or use the defaults. You can control whether end users can release their own quarantined emails or must request admin approval.
3. Review the quarantine regularly: Email & collaboration → Review → Quarantine.

Anti-malware policy

1. Go to Threat policies → Anti-malware.
2. Click the default policy.
3. Under Protection settings, enable Common attachments filter to automatically block high-risk file types (executables, scripts, macros).
4. Configure notifications so that admins are alerted when malware is detected in inbound or outbound email.

Send Connectors (Routing Email via Third-Party Services)

If you use a third-party service for email delivery (e.g. a marketing platform, scanning appliance, or SMTP relay), you may need to configure a send connector.

1. Go to admin.exchange.microsoft.com → Mail flow → Connectors.
2. Click + Add a connector.
3. Choose the connection flow direction (From Office 365 to Partner organisation, or From Partner organisation to Office 365).
4. Configure the connector name, routing settings, and any certificate requirements.
5. Test the connector before enabling it.

Mailbox Reporting & Usage Statistics

• Go to admin.microsoft.com → Reports → Usage.
• Click Exchange to see mailbox usage — storage consumed per user, active vs inactive mailboxes, and email activity (sent/received).
• Use these reports to identify near-capacity mailboxes before they hit limits and to spot unusually high email volumes that could indicate a compromised account.

Troubleshooting

Mail flow rule not triggering

• Check the rule priority — rules are evaluated in order from lowest to highest number. If a higher-priority rule stops processing first, later rules do not run. Use the Stop processing more rules action carefully.
• Switch the rule to Test mode with Policy Tips to confirm the conditions are matching.
• Use Message Trace (Mail flow → Message trace) to see which rules were applied to a specific message.

Litigation Hold failing to enable

• Confirm the user has an Exchange Online Plan 2 licence (or Microsoft 365 E3/E5) assigned.
• If the mailbox was recently created, allow 24 hours for provisioning to complete before applying a hold.

Archive mailbox not appearing in Outlook

• Allow up to 24 hours after enabling for the archive to be provisioned.
• In OWA, archives appear automatically. In Outlook desktop, the archive appears once Outlook syncs — trigger a manual send/receive (F9) to speed this up.

eDiscovery search returning no results for known emails

• Confirm the mailbox is included in the search scope.
• If the user's mailbox is on Litigation Hold, all content is preserved — but searches are filtered by the keywords and conditions you set. Try broadening the search terms.
• Searches may take several hours for large mailboxes. Check the status indicator in the search results panel.

Related Guides

• Exchange Online — Email Flow, Forwarding & Troubleshooting
• Shared Mailboxes & Mailbox Permissions in Microsoft 365
• Microsoft 365 Security — MFA, Passwords & Account Protection
• Distribution Lists & Microsoft 365 Groups
• Managing Users in Microsoft 365

Need Help?

Need help setting this up? We can manage your Microsoft 365 for you — from setup to ongoing support.

Find out more about our Microsoft 365 managed service →