Exchange Online Mail flow Alert policies

Hi All,

Maybe you have noticed the new Mail flow Alert policies in Exchange Admin Center.
You can define new Alert policies, define the Severity, the Insight, the recipient, the Notification Limit and sometimes also the Threshold for the Alert.

For me it's a little bit odd to send an Email in case something does not work well with the Mailflow.
It could be that you get the Email very late or even when the issue is already resolved. As far as i know there is still no dedicated API to get to Informations like these... Let me know if i am wrong.

Alert policies in Exchange Online

This is the direct Link for Exchange Admin Center

I've clicked on the Existing Alert Policy

You have some general Settings

And the Settings itself

Let's create a new Alert Policy

You can also see these Alertpolicies in Microsoft Purview

To view the Alerts you need the ExchangeOnlineManagement Module and the following commands

Get-ProtectionAlert | where {$_.Category -eq "MailFlow"}

I've created every combination:
Severity: High / Medium / Low
Insight: Mail loop / Slow transport rule / New users forwarding / New domains beeing forwarded / Cert expiry

These seem to be the Filters. Now you can go ahead and create the Alerts via PowerShell


Insight Type Filter
Mail Loop Insights.InsightType -eq '1602'
Slow Transport Rule Insights.InsightType -eq '1604'
New users forwarding Insights.InsightType -eq '1606'
New fomains beeing forwarded Insights.InsightType -eq '1607'
Cert expiry Insights.InsightType -eq '1610'

Andres Bohren