• Cloud App Security
• Understanding Cloud App Security
  • Understanding Email Security
    • Understanding Post-Delivery Email Recheck
  • Using Data Leak Protection
  • Understanding Anomalies
  • Understanding Click-Time Protection
• Configuring Cloud App Security
  • Subscribing to Cloud App Security
  • Activating Cloud Applications for Cloud App Security
  • Activating Office 365 and Microsoft 365 Cloud Applications
    • Manually Configuring Office 365 and Microsoft 365 Cloud Applications During Activation
• Managing Quarantine for Office 365 and Microsoft 365
  • Setting Up a Quarantine Mailbox for Office 365 and Microsoft 365 Email (Exchange Online)
  • Setting Up a Quarantine Folder for Office 365 and Microsoft 365 OneDrive
  • Setting Up a Quarantine Folder for Office 365 and Microsoft 365 SharePoint
  • Using the Quarantine View for Office 365 and Microsoft 365 Email (Exchange Online)
  • Using the Quarantine Page
  • Using the Quarantined File Creator Dashboard
  • Using the User Dashboard for Office 365 and Microsoft 365
  • Managing Restore Requests
• Using the SonicWall Cloud App Security Dashboard
  • Using the Security Events Widgets
    • Changing a Security Event Widget to an Alert or Custom Query
    • Resetting a Security Event Widget
    • Hiding a Security Event Widget
    • Configuring Security Event Widget Custom Queries
    • Adjusting the Time Scale
  • Viewing the Summary of Security Events
  • Viewing Login Events
  • Viewing Secured Applications
  • Viewing the Scanned Files Summary
• Managing Security Events
  • Using the Security Event Graphs
    • Viewing Security Events by Severity
    • Viewing Security Events by State
    • Viewing Security Events by Cloud Application
  • Viewing and Acting on Security Events
    • Removing Filters
    • Acting on Security Events
  • Managing Multiple Events
• Managing Policies
  • Understanding Cloud App Security Policies
    • Before You Set Email Policies
    • Monitor only
    • Detect and Prevent
    • Protect (Inline)
  • Creating New Policy Rules
    • Creating Data Leak Protection Policy Rules
      • Using Regular Expressions in DLP Policies for Email
    • Creating Malware Policy Rules
    • Creating Threat Detection Policy Rules
    • Creating Policy Rules for Click-Time Protection
    • Creating Office 365 and Microsoft 365 Email Encryption Policy Rules
    • Creating Custom Query Policies
  • Stopping Policy Rules
  • Removing Policy Rules
  • Managing Office 365 and Microsoft 365 (Exchange Online) Mail-Flow Rules
• • Configuring Data Leak Protection Detection Rules
  • Reactivating Data Leak Protection
  • Predefined Data Leak Protection Policy Rules
    • Global Rules
    • Credentials and Secrets
    • Predefined Data Leak Protection Rules for Specific Countries
      • Argentina
      • Australia
      • Belgium
      • Brazil
      • Canada
      • Chile
      • China
      • Columbia
      • Denmark
      • Finland
      • France
      • Germany
      • Hong Kong
      • India
      • Indonesia
      • Ireland
      • Israel
      • Italy
      • Japan
      • Korea
      • Mexico
      • The Netherlands
      • Norway
      • Paraguay
      • Peru
      • Poland
      • Portugal
      • Singapore
      • Spain
      • Sweden
      • Taiwan
      • Thailand
      • Turkey
      • United Kingdom
      • United States
      • Uruguay
      • Venezuela
• Managing Spam and Anti-Phishing
  • Managing Spam
  • Managing User-Reported Phishing
  • Customizing Warning Messages
  • Managing Nickname Impersonation
  • Managing the Anti-Phishing Exceptions
    • Managing Excluded Email Addresses
      • Adding Email Addresses to the Anti-Phishing Block-List
      • Removing Email Addresses from the Anti-Phishing Block-List
    • Managing Excluded IP Addresses
      • Adding IP Addresses to the Anti-Phishing Block-List
      • Removing IP Addresses from the Anti-Phishing Block-List
    • Managing Excluded Domains
      • Adding Domains to the Anti-Phishing Block-List
      • Removing Domains from the Anti-Phishing Block-List
    • Creating Block-List Rules from Email Messages
    • Managing the Anti-Phishing Allow-List
      • Creating Anti-Phishing Allow-List Rules from the Security Events Page
      • Creating Anti-Phishing Allow-List Rules from the Anti-Phishing Allow-List Page
    • Managing the Anti-Phishing Block-List
• Using the Mail Explorer
  • Using the Mail Explorer to Search Emails
  • Using the Mail Explorer to Quarantine Items
  • Using the Mail Explorer to Add Items to the Blocked List
• Working with Office 365 and Microsoft 365 Email Encryption
• Configuring and Using Click-Time Protection
  • Activating Click-Time Protection
  • Configuring Click-Time Protection
    • Configuring the Click-Time Protection Workflow
    • Configuring Custom Click-Time Protection for Specific Domains
      • Adding Custom Click-Time Protection for Specific Domains
      • Deleting Custom Click-Time Protection for Specific Domains
  • Using Click-Time Protection
    • Viewing Security Events for Click-Time Protection
    • Managing Email Messages with Click-Time Protection
    • Creating Custom Queries for Click-Time Protection
• Using Cloud App Security Analytics
  • Viewing the Summary Report
  • Viewing the Weekly Reports
  • Viewing Email Analytics
  • Viewing Office 365 and Microsoft 365 OneDrive Analytics
  • Viewing Office 365 and Microsoft 365 SharePoint Analytics
  • Viewing Shadow SaaS Analytics
  • Viewing and Creating Custom Queries
    • Creating Custom Queries
    • Adding Custom Queries to the Dashboard
• Configuring Cloud Applications in the Cloud App Store
  • Configuring Office 365 and Microsoft 365 for Cloud App Security
  • Re-Authorizing Cloud Applications
• Managing Security Applications in the Security App Store
  • Starting Security Applications
  • Stopping Security Applications
• Managing Anomaly Exceptions
  • Creating Exceptions Based on Anomaly Events
  • Sending Anomaly Event Notifications
• Managing Security Tool Exceptions
• Using the System Log
  • Viewing the System Log
  • Exporting the System Log
• Managing Cloud App Security Licenses
  • Adding Administrator Users
  • Adding Read-Only Users
  • Managing Group Licensing
  • Unassigning Cloud App Security Licenses
• SonicWall Support
  • About This Document

Managing Office 365 and Microsoft 365 (Exchange Online) Mail-Flow Rules

The SonicWall Cloud App Security Office 365 and Microsoft 365 Mail-Flow Rules automate actions for emails-in-traffic based on custom policies. In most enterprise environments, every mail-flow rule falls under one of these categories:

• Delivery Rule: A mail-flow rule that modifies the delivery of the email. For example, a Delivery Rule might:
  • quarantine emails from a specified domain.
  • add emails to the Allowed list that come from a specific IP address.
  • mark emails with a specified nickname as Spam (SCL).
  • send emails to a specified connector.
  • forward emails sent to a specific email address to a different specified email address.
• Modification Rule: A mail-flow rule that modifies the content of the email. For example, a Modification Rule rule might:
  • add [EXTERNAL] to the subject line of an email message, if the sender of the email is from outside your organization.
  • add a disclaimer to the email body footer.

The SonicWall Cloud App Security Protect policy for Office 365 and Microsoft 365 for Exchange Online automatically creates a mail-flow rule with the name of “SonicWall - Protect” with default priority of 0 (highest priority).

Unless you have a reason to keep your rules in a specific order, keep the Delivery Rules on top of the Modification Rules. Place the SonicWall Protect Rule between the Delivery Rules and the Modification Rules.