Create Rules

The Email flow rule enables Nightfall to route your emails back to Exchange Online once scanned.

Additionally, you can also create a rule for quarantining suspicious emails. This rule is optional and is required only if you wish to quarantine emails.

  1. On the Exchange Admin Center page, Expand Mail flow and select Rules.

  2. Click Add a Rule and select Create a new Rule.

  3. Enter a name for the rule in the Name field.

  4. In the Apply this rule if field, select The sender.

  5. Select Is External/Internal.

  6. Select Inside the Organization in the select sender location field.

  7. Click Save.

  8. Select Redirect the message to in the Do the following field.

  9. Select the Following connector option and select the connector created in the OutBound Connector section.

  10. Click Save.

  11. Click + to add an additional condition to the rule.

  12. Select Modify the message properties in the And field.

  13. Select Set a message Header.

  14. Click the first Enter text button.

  1. Enter x-nightfall-id and click Save.

  2. Click the second Enter text button.

  3. Enter the UUID of your Nightfall tenant and click Save. You can view the UUID of your Nightfall tenant by navigating to the Settings section from the Nightfall app.

  4. Select The message headers… in the Except if field.

  5. Select includes any of these words.

  6. Click Enter text.

  7. Type x-nightfall-scanned and click Save.

  8. Click Enter words.

  9. Type True, and click Add. Select the True check box.

  10. Click Save.

  1. Click Next.

  2. Ensure that the Rule mode is set to Enforce and the Severity is set to High.

  3. Click Next.

  4. Click Finish.

Create Quarantine Rule

You must create this rule only if you wish to implement the quarantine action while creating policies.

  1. Click Add a Rule and select Create a new Rule.

  2. Enter a name for the rule in the Name field.

  3. In the Apply this rule if field, select The message headers...

  4. Select includes any of these words.

  5. Type X-NIGHTFALL-QUARANTINE and click Save.

  6. Click Enter words.

  7. Type True, and click Add. Select the True check box.

  8. Click Save.

  9. Select Redirect the message to in the Do the following field.

  10. Select the hosted quarantine option.

  11. Click Next.

  1. Ensure that the Rule mode is set to Enforce and the Severity is set to High.

  2. Click Next.

  3. Click Finish.

PreviousCreate ConnectorsNextCreate MX Record

Last updated

Was this helpful?