You must create three compliance rules. The first rule ensures that all the emails are routed towards Nightfall for scanning. It is mandatory for you to create the scan rule.

The second and third compliance rules are required for blocking and quarantining emails. You must create these rules only if you wish to use the block and quarantine actions in Gmail policies. You can configure either any one or both block and quarantine rules. It is recommended that you configure at least one of the two rules.