Hello All
Hope everyone is doing good, today we are going to see How to Validate Exchange Online Rules using Powershell command Test-Message
Test-Message cmdlet is now generally available. The purpose of the cmdlet is very simple: it tests the path of a message through the rules applied by the Exchange Online transport service to reveal what actions those rules take.
Using this command we can understand, why the rules are not working .
Syntax :
Ramki: 09/28/2023 15:56:26>Test-Message -Sender ramki@2t6xvv.onmicrosoft.com -Recipients adminramkicm@2t6xvv.onmicrosoft.com -SendReportTo adminramkicm@2t6xvv.onmicrosoft.com -TransportRules -UnifiedDLPRules
Let us take example of the rules which i created to disable the outlook reactions
Link :
https://cloudmonkeys20.blogspot.com/2023/09/how-to-disable-outlook-reaction-in.html
and the rule
Test-Message - Sample
you will be receive the email from postmaster with subject line Exchange Transport Rules Tracing Report: Exchange diagnostic message
========================================================================ETR processing started
OriginalAuthenticator , System False, IPM True, Opaque False, Security type None
IPM message. Should apply rules.
Loading tenant rules
A rule collection is executing on a message.
Evaluating rule collection 'TransportVersioned'
Skip disabled rule with id 'ea018bbe-6e32-4e0b-ad8a-e8daee052e38'
ShouldEvaluateRule: Skip rule with id 'ea018bbe-6e32-4e0b-ad8a-e8daee052e38'
Evaluating rule with id '7a5913e1-6114-4c8e-9a0b-dbeef722f3d8'
A rule collection is executing on a message.
Evaluating rule collection 'TransportVersioned'
Skip disabled rule with id 'ea018bbe-6e32-4e0b-ad8a-e8daee052e38'
ShouldEvaluateRule: Skip rule with id 'ea018bbe-6e32-4e0b-ad8a-e8daee052e38'
Skip disabled rule - Meaning the The rule was disabled state and unable to process and skip to next rule
RuleExit: Continue to the next rule
Evaluating rule with id '7b3321cc-56f2-4483-8051-0facf6404e12'
Enter rule 'Outlook Reaction Disabled'
Entering transport rule with id '7b3321cc-56f2-4483-8051-0facf6404e12'
Evaluating condition Microsoft.Exchange.MessagingPolicies.Rules.AndCondition
Condition 'True' evaluated as Match
Message.Auth property value evaluated as rule condition: 'FromInternal'
Condition 'Microsoft.Exchange.MessagingPolicies.Rules.IsPredicate' evaluated as 'Not Match'
Condition 'Not' evaluated as Match
Message.From property value evaluated as rule condition: 'System.Collections.Generic.List`1[System.String]'
property is a collection of values: 'ramki@2t6xvv.onmicrosoft.com'
Condition 'Microsoft.Exchange.MessagingPolicies.Rules.IsInternalPredicate' evaluated as 'Match'
Condition 'Predicate' evaluated as Match
Condition 'And' evaluated as Match
Condition evaluated as Match
Execute Actions for rule with id '7b3321cc-56f2-4483-8051-0facf6404e12'
Rule 'Outlook Reaction Disabled' matched
Rule with id '7b3321cc-56f2-4483-8051-0facf6404e12' matched. Executing actions...
Execute Action 'SetHeader'
Executing action SetHeader
Finished execution of Actions for rule with id '7b3321cc-56f2-4483-8051-0facf6404e12'
Exit rule 'Outlook Reaction Disabled'
RuleExit: Exiting rule with id '7b3321cc-56f2-4483-8051-0facf6404e12'
RuleExit: Continue to the next rule
Finished evaluation of rule collection 'TransportVersioned'
Rule evaluation completed
==================================================================
We can see that a match occurred for the rule "Outlook Reaction Disabled" which executed actions to disable the outlook reactions . After executing the actions, the transport service stopped processing further rules because the rule settings forced an exit.
This powerful cmdlet can now be used by tenant admins to independently investigate any issues related to the execution of Exchange Transport Rules (ETR) and Unified Data Loss Prevention (DLP) rules
In future blog, we will see how this command work for DLP
I hope this is useful during the Exchange online Transport rule troubleshooting and Happy Learning 😃
Comments
Post a Comment