Removing the ability to accidentally email colleagues from my personal mailbox in Office 365

Posted on By Mark Wilson
This content is 7 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

For some time now, Outlook has supported the use of multiple Exchange servers inside a single profile. This is very useful because I can use a single client to connect to my work email (@risual.com), my Microsoft email (until recently), any email accounts that are provided by customers (e.g. for project purposes) and my personal email account.

There are a couple of gotchas though:

  • My employer uses Azure Information Protection (AIP) to classify email and the AIP client will not allow me to send a message unless it’s classified, regardless of whether I’m sending using my risual.com account or one of the others.
  • I have to be careful to make sure that I don’t accidentally send business email from my personal account. This isn’t a problem when responding to an existing message but is possible if the focus is on my personal Inbox and I start a new message thinking “I just need to email so-and-so about something-or-other” (often out of hours).

The first of these is just a minor inconvenience – I just send as Unclassified if I’m not using my risual.com account. The second requires a little more thought – and my colleague Simon Bilton (@sabrisual) suggested creating a transport rule in Exchange Online (who said Engagement Managers aren’t technical?).

So, as of now, the following rule is in place:

<?xml version="1.0" encoding="utf-16" standalone="yes"?>
<rules name="TransportVersioned">
  <rule name="Prevent accidentally sending work email from personal account" id="a0f59e36-93f1-4f2e-bccb-3eddf0c097e1" format="cmdlet">
    <version requiredMinVersion="15.0.3.0">
      <commandBlock><![CDATA[New-TransportRule -Name 'Prevent accidentally sending work email from personal account' -Comments '
' -Mode Enforce -RecipientAddressContainsWords 'risual.com' -ExceptIfSentTo 'markw@risual.com' -SetAuditSeverity 'High' -RejectMessageReasonText 'This email contains recipients at risual.com and you are sending from your personal account' -RejectMessageEnhancedStatusCode '5.7.1']]></commandBlock>
    </version>
  </rule>
</rules>

This rejects email sent from my Exchange Online subscription to any risual.com address except markw@risual.com. That exception allows my wife (on the same server) to send email to me and still allows me to forward emails to myself at work (e.g. receipts for expenses using my personal email address).

I’ve tested by sending to both markw@risual.com (allowed) and mark@risual.com (blocked) so accidentally emailing someone at work from my personal address is no longer a concern!

Custom mail flow rule blocks email sent to work from personal mailbox

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.