Shield Transport Rules

Description

Shield transport rules reside in the Shield organization's Microsoft 365 tenant. Automatically deployed connectors include Bracket connectors, whether an organization is using Bracket (yet) or not. This allows Bracket to be enabled per user without requiring additional manual configuration.

Corresponding Shield Connectors are detailed here.

Shield - Send to Frontline

Shield - Send to Frontline -- Rule.png

Status

Enabled

Priority

0

Stop processing more rules: ✅ (Yes)

Apply this rule if

A recipient's domain is 'domain.tld'

Do the following

Redirect the message to the following connector 'Shield - Send to Frontline'

And

Modify the message properties set a message header

Set the message header 'X-Frontline-API' to the value '"extract_origin": "true"}'

Except if

The sender IP address is any of these these ranges or exactly matches

Sender's IP address is in the range
  • 3.133.222.181
  • 18.189.152.83
  • 3.13.18.50
  • 3.21.178.168
  • 3.135.43.190
  • 13.58.249.20
  • 3.128.208.182
  • 3.129.146.181
Or
The sender is external/external
The sender is located 'InOrganization'

Shield - Send to Junk

Shield - Send to Junk -- Rule.png Status

Enabled

Priority

1

Stop processing more rules: ❌ (No)

Apply this rule if

The sender IP address is any of these these ranges or exactly matches

Sender's IP address is in the range
  • 3.133.222.181
  • 18.189.152.83
  • 3.13.18.50
  • 3.21.178.168
  • 3.135.43.190
  • 13.58.249.20
  • 3.128.208.182
  • 3.129.146.181
And
The recipient domain is 'domain.tld'
And
The message headers... matches these text patterns
'X-Shield-API' message header matches {"action": "junk"}
Do the following
Modify the message properties set the spam confidence
Set the spam confidence level (SCL) to '6'

Shield - Bypass Spam Filtering

Shield - Bypass Spam Filtering -- Rule.png

Enabled

Priority

2

Stop processing more rules: ❌ (No)

Apply this rule if

The sender IP address is any of these these ranges or exactly matches

Sender's IP address is in the range
  • 3.133.222.181
  • 18.189.152.83
  • 3.13.18.50
  • 3.21.178.168
  • 3.135.43.190
  • 13.58.249.20
  • 3.128.208.182
  • 3.129.146.181

Do the following

Modify the message properties... Set the spam confidence level to Bypass Spam Filtering

Set the spam confidence level (SCL) to '-1'

Shield - Send to Outpost

Shield - Send to Outpost -- Rule.png

Status

Enabled

Priority

3

Stop processing more rules: ✅ (Yes)

Apply this rule if

The recipient is external/internal

The recipient is located 'NotInOrganization'

And

The sender domain is

The sender's domain is 'domain.tld'

And

The sender is external/internal

The sender is located 'InOrganization'

Do the following

Redirect the message to the following connector

route the message using the following connector 'Shield - Send to Outpost'

And

Modify the message properties set a message header

Set the message header 'X-Shield-Outbound-Token' to the value

'4fd02496e036a7f5f0ff4b3c71538c7e809cc06e27f1f0d839b68c37ed522973'

Shield - Send to Bracket

Bracket Trigger Rule -- Rule.png

Status

Enabled

Priority

4

Stop processing more rules: ✅ (Yes)

Apply this rule if

The recipient is external/external

The recipient is located 'NotInOrganization'

And

The sender domain is

The sender's domain is 'domain.tld' (replace with Shield domain[s] for the tenant)

And

The subject or body subject matches these text patterns

The subject matches these text patterns: Encrypt.Bracket.Email

And

The sender is external/external

The sender is located 'InOrganization'

Do the following

Redirect the message to the following connector

route the message using the following connector 'Shield - Send to Bracket'

Getting Help

If you need assistance, please contact the Partner Success team.

 

Related to

Updated

Was this article helpful?

0 out of 0 found this helpful