# Create Rules The Email flow rule enables Nightfall to route your emails back to Exchange Online once scanned. Additionally, you can also create a rule for quarantining suspicious emails. This rule is optional and is required only if you wish to quarantine emails. 1. On the **Exchange Admin Center** page, Expand **Mail flow** and select **Rules**. 2. Click **Add a Rule** and select **Create a new Rule**. 3. Enter a name for the rule in the **Name** field. 4. In the **Apply this rule if** field, select **The sender**. 5. Select **Is External/Internal**. 6. Select **Inside the Organization** in the **select sender location** field. 7. Click **Save**. 8. Select **Redirect the message to** in the **Do the following** field. 9. Select the **Following connector** option and select the connector created in the **OutBound Connector** section. 10. Click **Save**. 11. Click **+** to add an additional condition to the rule. 12. Select **Modify the message properties** in the **And** field. 13. Select **Set a message Header.** 14. Click the first **Enter text** button.

15. Enter **x-nightfall-id** and click **Save**. 16. Click the second **Enter text** button. 17. Enter the UUID of your Nightfall tenant and click **Save**. You can view the UUID of your Nightfall tenant by navigating to the **Settings** section from the Nightfall app. 18. Select **The message headers…** in the **Except if** field. 19. Select **includes any of these words.** 20. Click **Enter text**. 21. Type **x-nightfall-scanned** and click **Save**. 22. Click **Enter words**. 23. Type **True**, and click **Add**. Select the **True** check box. 24. Click **Save**.

25. Click **Next**. 26. Ensure that the **Rule mode** is set to **Enforce** and the **Severity** is set to **High**. 27. Click **Next**. 28. Click **Finish**. ## Create Quarantine Rule You must create this rule only if you wish to implement the quarantine action while creating policies. 1. Click **Add a Rule** and select **Create a new Rule**. 2. Enter a name for the rule in the **Name** field. 3. In the **Apply this rule if** field, select **The message headers...** 4. Select **includes any of these words.**

5. Click **Enter Text**. 6. Type **X-NIGHTFALL-QUARANTINE** and click **Save**. 7. Click **Enter words**. 8. Type **True**, and click **Add**. 9. Select the **True** option. 10. Click **Save**.

11. Select **Redirect the message** **to** in the **Do the following** field. 12. Select the **hosted quarantine** option. 13. Select **The message headers** option in the **Except if** field. 14. Select **includes any of these words.** 15. Click **Enter Text**. 16. Type **X-MS-Exchange-Generated-Message-Source** and click **Save**. 17. Click **Enter words**. 18. Type **Quarantine**, and click **Add**. 19. Select the **Quarantine** option. 20. Click **Save**. 21. Click **Next**.

22. Ensure that the **Rule mode** is set to **Enforce** and the **Severity** is set to **High**. 23. Click **Next**. 24. Click **Finish**. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.nightfall.ai/microsoft-exchange/getting_started/installing-microsoft-exchange/create-rules.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.