Description
Shield transport rules reside in the Shield organization's Microsoft 365 tenant. All rules are deployed during Step 3 of Shield onboarding except Shield - Send to Bracket. This rule is only created once Preferences are saved to Configure Bracket after an organization has been successfully onboarded.
Corresponding Shield Connectors are detailed here.
Shield - Send to Frontline
|
Status Enabled Priority 0 Stop processing more rules: ✅ (Yes) Apply this rule if A recipient's domain is 'domain.tld' Do the following Redirect the message to the following connector 'Shield - Send to Frontline' And Modify the message properties set a message header Set the message header 'X-Frontline-API' to the value '{"extract_origin": "true"}' Except if The sender IP address is any of these these ranges or exactly matches Sender's IP address is in the range
Or
The sender is external/external
The sender is located 'InOrganization' |
Shield - Bypass Spam Filtering
|
Status Enabled Priority 1 Stop processing more rules: ❌ (No) Apply this rule if The sender IP address is any of these these ranges or exactly matches Sender's IP address is in the range
Do the following Modify the message properties... Set the spam confidence level to Bypass Spam Filtering Set the spam confidence level (SCL) to '-1' Except if The message headers... matches these text patterns X-Shield-API message header matches "action":"bypass" or "action":"junk" |
Shield - Send to Bracket
|
Status Enabled Priority 2 Stop processing more rules: ✅ (Yes) Apply this rule if The recipient is external/external The recipient is located 'NotInOrganization' And The sender domain is The sender's domain is 'domain.tld' (replace with Shield domain[s] for the tenant) And The subject or body subject matches these text patterns The subject matches these text patterns: ^\[.*\] And The sender is external/external The sender is located 'InOrganization' Do the following Redirect the message to the following connector route the message using the following connector 'Shield - Send to Bracket' |
Shield - Send to Outpost
|
Status Enabled Priority 3 Stop processing more rules: ✅ (Yes) Apply this rule if The recipient is external/internal The recipient is located 'NotInOrganization' And The sender domain is The sender's domain is 'domain.tld' And The sender is external/internal The sender is located 'InOrganization' Do the following Redirect the message to the following connector route the message using the following connector 'Shield - Send to Outpost' |
Shield - Send to Junk
|
Status Enabled Priority 4 Stop processing more rules: ❌ (No) Apply this rule if The sender IP address is any of these these ranges or exactly matches Sender's IP address is in the range
And
The recipient domain is 'domain.tld'
And
The message headers... matches these text patterns
X-Shield-API message header matches "action":"junk"
Do the following
Modify the message properties set the spam confidence
Set the spam confidence level (SCL) to '6'
|
Related to
Updated