Processing moderation requests
Moderators receive messages similar to the one shown in Figure 3
to enable them to approve or reject a message. Provided that a
supported client is used (Outlook 2013, Outlook 2010, or Outlook Web
App; other clients do not include the necessary UI), the process is
very straightforward and requires only a simple click from the
moderator to allow the message to proceed. When multiple users are
assigned to be the moderators for a mail-enabled object, Exchange
delivers copies of messages for moderation to every moderator. The
first moderator who processes the request determines its outcome. In
other words, if moderation requests go to two moderators, and the first
moderator approves the request, Exchange respects that decision even if
the second moderator attempts to decline the request a couple of
seconds later. After a response is received, Exchange removes the
moderation request from the mailboxes of the other moderators.
Logically,
moderators are automatically excluded from moderation because a
moderator is always regarded to be a trusted sender. Group owners are
also excluded from moderation because if someone owns a group, he
should be able to send to the group membership without hindrance. Also,
if you don’t assign a moderator to a group, the group owner
automatically fulfills the moderation role and receives the requests
for approval to send to the group.
Behind the scenes, the
transport service is responsible for detecting when a message is sent
to a moderated recipient. Some previous versions of Exchange do not
support moderated recipients, so moderation does not occur if a message
sent to a group is processed by an Exchange 2007 hub transport server.
The solution to this problem is to configure the moderated group always
to use either an Exchange 2010 hub transport server or an Exchange 2013
Mailbox server. For example:
Set-DistributionGroup –Identity 'Exchange 2013 Interest Group'
–ExpansionServer 'ExServer3'
Of
course, mailboxes and mail-enabled contacts don’t use expansion
servers, so this solution is not available for these objects. Instead,
to process moderation properly, the servers that host these objects
should run either Exchange 2010 or Exchange 2013 because this takes
care of the problem.
When the categorizer running in the
transport service detects a moderated recipient, it routes the message
to an arbitration mailbox. This is a temporary holding location where
the Store keeps moderated messages until they can be processed by a
human. In this case, messages remain in the arbitration mailbox until
they are approved or rejected by the group moderator who receives the
requests for approval in her mailbox alongside regular messages.
Approved
messages are then rerouted to the group and delivered as normal;
declined messages are returned to the original sender. A process called
Information Assistant is responsible for monitoring messages in the
arbitration mailbox and routing them after approvals or rejections are
received from a moderator. Information Assistant also cleans up the
arbitration mailbox by removing old or orphaned requests that can
accumulate there.
Note
The
default expiry time for moderated messages is five days; this interval
cannot be changed. When a message expires, Exchange returns it to the
originator with a note to tell him that delivery didn’t occur because
the moderator failed to make a decision.
Users can see the
current status of a message awaiting moderator approval through
delivery or message-tracking reports but cannot do anything to
encourage moderators to take action except send them a message (which
they might ignore) or phone them.
Exchange does not maintain a
special queue for messages awaiting moderation that an administrator
can view to prompt a moderator to take action or to redirect a message
if a moderator is unavailable for any reason. In addition, an
administrator cannot log on to the arbitration mailbox to act on a
message awaiting approval. Everything awaits moderator approval; if it
doesn’t come and a message expires, the moderator cannot take further
action, and the message is returned to the originator with a reject
status.
Messages
can be sent to recipient lists that include moderated and nonmoderated
recipients. In this case, the transport service bifurcates the message
and delivers a copy immediately to the nonmoderated recipients. A
separate copy is delivered to the arbitration mailbox to await
attention from a moderator. A moderated group can contain subgroups,
some of which also require moderation. You can allow a separate
moderation process to occur for each group, or you can mark the group
to allow automatic approval for all subgroups by setting its
BypassNestedModerationEnabled flag. For example:
Set-DistributionGroup –Identity 'Exchange 2013 Interest Group'
-BypassNestedModerationEnabled $True
Moderated mailboxes are another common scenario in many
Exchange deployments when the need exists to protect mailboxes the
company might deem sensitive. Moderation provides an effective solution
to this problem, but you can set up moderation for mailboxes only
through EMS. In this example, moderation for the CEO’s mailbox is set
so that his executive assistant does the processing of incoming
messages. A MailTip to indicate that the mailbox is moderated is
displayed when users address email to the CEO’s mailbox. Ideally, you
should customize the MailTip to add text to tell users who will
moderate their messages as shown in the example code that follows.
In the meantime, this command sets up moderation
for the CEO mailbox, establishes a list of users whose messages bypass
moderation, and creates the customized MailTip.
Set-Mailbox –Identity 'CEO Mailbox' –ModeratedBy 'CEO Executive Assistant'
–ModerationEnabled $True –ByPassModerationFromSendersOrMembers 'Executive Committee'
–MailTip 'Messages sent to the CEO are reviewed by their Executive Assistant (851-1187) before delivery'
You
can assign the responsibility for moderation only to other mailboxes;
you cannot assign this task to a distribution group, even a security
group. Instead, if you want to assign moderation to multiple users, you
have to specify each mailbox individually. For example:
Set-Mailbox –Identity 'CEO Mailbox' –ModerationEnabled $True –ModeratedBy 'CEO Executive Assistant', 'CEO Support Team'
Finally,
you can protect mail-enabled contacts. This command shows how you might
apply moderation to a mail contact that points to an external recipient
for the public relations (PR) agency. You don’t want everyone in the
company to communicate with the agency, so you apply moderation and set
up a bypass for the members of the marketing department.
Set-MailContact –Identity 'PR Agency' –ModeratedBy 'PR Administrator'
–ModerationEnabled $True –ByPassModerationFromSendersOrMembers 'Marketing Dept'
