Recently I had to implement a tag for external emails. However, I wanted to test it out first and see what would be tagged.
I created my rule and set these settings:
Audit this rule… should be checked off but can be set to “Not specified” while the mode should be Test without Policy Tips.
Ok the rule.
Wait a day, then go to to the Reports section of Office365 Security & Compliance Center. On the Dashboard, click on the Exchange transport rule section.
Once there, click the dropdown for “Show data for” and choose your transport rule. This will only list transport rules where you have checked off Audit this rule with severity level: . No matter the setting, that must be checked off or you won’t see results here!
That’s it. Filter by sender, date, etc. and you’ll see the emails affected by the rule. Happy hunting!