One of the requirements for the MS-220 Troubleshooting Exchange Online exam is that you should be able to determine which active mail-flow rules impact email attachments. This is useful if you are an Exchange administrator and you have users reporting to you that they are not receiving expecting mail attachments from senders.
In the tutorial, I am going to show you how you can use both the Exchange Admin center and PowerShell to find active mail flow rules which are impacting attachments.
Pre-requisites
To complete this task you must be a member of the Exchange Administrators group or Global Administrators group in Microsoft 365.
Also, in order to run the necessary scripts in this tutorial, you should also have the Exchange Online PowerShell module installed. See my tutorial on how to install the Exchange Online PowerShell module.
Determine which active rules impact email attachments with the Exchange Admin Center
To find which active rules affect mail attachments using the Exchange Admin Center web UI, follow the below steps.
2. From the left-hand menu, expand Mail flow and select Rules.
3. Use the search box at the upper left and search for the word ‘attachment‘. This will also search the rule description which includes the rule conditions.
4. You will now only see search results that include the term ‘attachment’ in the name or description. You can then click each rule manually to determine the conditions and actions.
Determine which active rules impact email attachments with PowerShell
To generate a report using PowerShell of rule conditions that affect email attachments, you can use the following script. The script may be a little over-engineered, but it will convert the ‘array list’ type conditions to a string, then the whole variable to a string, before extracting the data into headed columns which can be searched or exported.
The only parameter you need to manually define is the $rulename variable, where I have used the example below as ‘Block certain messages’.
#Connect to Exchange Online
Connect-ExchangeOnline
#Store exact rule name
$rulename = "Block certain messages"
#Store rule parameters which affect attachments
$attachmentrules = get-transportrule "$rulename" | Select *attachment*
#Convert array objects to string
$string1 = $attachmentrules.AttachmentExtensionMatchesWords | out-string
$attachmentrules.AttachmentExtensionMatchesWords = $string1
$string2 = $attachmentrules.AttachmentNameMatchesPatterns | out-string
$attachmentrules.AttachmentNameMatchesPatterns = $string2
$string3 = $attachmentrules.AttachmentPropertyContainsWords | out-string
$attachmentrules.AttachmentPropertyContainsWords = $string3
$string4 = $attachmentrules.AttachmentContainsWords | out-string
$attachmentrules.AttachmentContainsWords = $string4
$string5 = $attachmentrules.AttachmentMatchesPatterns | out-string
$attachmentrules.AttachmentMatchesPatterns = $string5
$string6 = $attachmentrules.ExceptIfAttachmentNameMatchesPatterns | out-string
$attachmentrules.ExceptIfAttachmentNameMatchesPatterns = $string6
$string7 = $attachmentrules.ExceptIfAttachmentExtensionMatchesWords | out-string
$attachmentrules.ExceptIfAttachmentExtensionMatchesWords = $string7
$string8 = $attachmentrules.ExceptIfAttachmentPropertyContainsWords | out-string
$attachmentrules.ExceptIfAttachmentPropertyContainsWords = $string8
$string9 = $attachmentrules.ExceptIfAttachmentSizeOver | out-string
$attachmentrules.ExceptIfAttachmentSizeOver = $string9
$string10 = $attachmentrules.ExceptIfAttachmentContainsWords | out-string
$attachmentrules.ExceptIfAttachmentContainsWords = $string10
$string11 = $attachmentrules.ExceptIfAttachmentMatchesPatterns | out-string
$attachmentrules.ExceptIfAttachmentMatchesPatterns = $string11
$string = "$attachmentrules"
#Create Report object
$Report = [System.Collections.Generic.List[Object]]::new()
#Define regex parameters
$reg = [RegEx]"(\w+)=(\w*)"
#Create report to review
$table=@()
$table = $reg.Matches($string) | ForEach-Object {
$rhs = if($_.Groups[2].Value){
$_.Groups[2].Value
}else{
"N/A"
}
$obj = [PSCustomObject][ordered]@{
"TYPE" = $_.Groups[1].Value
"VALUE" = $rhs
}
$Report.Add($obj)
} | Format-Table
#Display report in session
$report
#Export report to CSV
$report | export-csv C:\temp\MailRuleAttachmentInfo.csv -NoTypeInformation
I have also expanded on the above and the below script will generate a report with PowerShell on all transport rules in Exchange Online. In this case, you do not need to specify any variable as it will loop through each rule and produce an output.
#Connect to Exchange Online
Connect-ExchangeOnline
#Create Report object
$Report = [System.Collections.Generic.List[Object]]::new()
#Store all transport rules
$alltransportrules = get-transportrule
#Loop through all transport rules
ForEach ($Rule in $alltransportrules){
#Store rule parameters which affect attachments
$attachmentrules = get-transportrule $rule.name | Select *attachment*
#Convert array objects to string
$string1 = $attachmentrules.AttachmentExtensionMatchesWords | out-string
$attachmentrules.AttachmentExtensionMatchesWords = $string1
$string2 = $attachmentrules.AttachmentNameMatchesPatterns | out-string
$attachmentrules.AttachmentNameMatchesPatterns = $string2
$string3 = $attachmentrules.AttachmentPropertyContainsWords | out-string
$attachmentrules.AttachmentPropertyContainsWords = $string3
$string4 = $attachmentrules.AttachmentContainsWords | out-string
$attachmentrules.AttachmentContainsWords = $string4
$string5 = $attachmentrules.AttachmentMatchesPatterns | out-string
$attachmentrules.AttachmentMatchesPatterns = $string5
$string6 = $attachmentrules.ExceptIfAttachmentNameMatchesPatterns | out-string
$attachmentrules.ExceptIfAttachmentNameMatchesPatterns = $string6
$string7 = $attachmentrules.ExceptIfAttachmentExtensionMatchesWords | out-string
$attachmentrules.ExceptIfAttachmentExtensionMatchesWords = $string7
$string8 = $attachmentrules.ExceptIfAttachmentPropertyContainsWords | out-string
$attachmentrules.ExceptIfAttachmentPropertyContainsWords = $string8
$string9 = $attachmentrules.ExceptIfAttachmentSizeOver | out-string
$attachmentrules.ExceptIfAttachmentSizeOver = $string9
$string10 = $attachmentrules.ExceptIfAttachmentContainsWords | out-string
$attachmentrules.ExceptIfAttachmentContainsWords = $string10
$string11 = $attachmentrules.ExceptIfAttachmentMatchesPatterns | out-string
$attachmentrules.ExceptIfAttachmentMatchesPatterns = $string11
$string = "$attachmentrules"
#Define regex parameters
$reg = [RegEx]"(\w+)=(\w*)"
#Create report to review
$table=@()
$table = $reg.Matches($string) | ForEach-Object {
$rhs = if($_.Groups[2].Value){
$_.Groups[2].Value
}else{
"N/A"
}
$obj = [PSCustomObject][ordered]@{
"RULE NAME" = $Rule.name
"TYPE" = $_.Groups[1].Value
"VALUE" = $rhs
}
$Report.Add($obj)
} | Format-Table
}
#Display report in session
$report
#Export report to csv
$report | export-csv C:\temp\AllMailRuleAttachmentInfo.csv -NoTypeInformation
If you have a lot of rules, the output will be quite large. You should use the ‘filter’ feature in Excel to reduce your results appropriately.
- Navigate to C:\temp and open the CSV file.
2. Adjust the width of the columns, then select the Value column, click the data tab at the top and click filter.
3. Click the drop-down arrow next to Value and uncheck N/A and False.
4. You will now only be left with meaningful information.
Disable impacting rules
Once you have determined which rules are affecting email attachments, you can disable the rule while you further resolve the root cause of the issue.
To disable rules through the Exchange Admin Center
1. While logged into the Exchange Admin Center, expand mail flow and select rules.
2. Identify the rule you wish to disable in the list and click on the rule name.
3. Click the Enable or disable rule slider to disable the rule.
To disable rules with PowerShell
Firstly, to view all rules which are enabled, you can run the following:
Get-TransportRule | Where-Object {$_.State -eq "Enabled"}
You can then use the below script to target a specific rule, ensure you change the rule identity to the name of the rule that matches your target rule.
$Rule = Get-TransportRule -Identity "Block .exe attachments"
If ($rule.state -eq "Enabled") {
Disable-TransportRule -Identity $Rule.Name -confirm:$false
Write-host $rule.name ": has been disabled" -ForegroundColor black -BackgroundColor green
} Else {
Write-host $rule.name ": is already disabled" -ForegroundColor black -BackgroundColor yellow
}
You can also view all of the above scripts on my GitHub here.