Deliver emails to the junk email folder and administrative quarantine

In this tutorial, you will learn to deliver SUSPICIOUS and BULK messages to the user’s junk email folder, and MALICIOUS, SPAM, and SPOOF messages to the Administrative Quarantine (this requires an administrator to release the emails).

​​ Configure domains

You first need to configure the domains you are onboarding on the Area 1 dashboard. To configure your domains:

1. Log in to the Area 1 dashboard Open external link .
2. Go to Settings (the gear icon).
3. Go to Email configuration > Domains & Routing > Domains.
4. Make sure each domain you are onboarding has been added.
5. For each domain you are configuring, select … > Edit, and set the following options:
   • Domain - <YOUR_DOMAIN>.
   • Configured as - MX Records.
   • Forwarding to - This should match the expected MX record for each domain in your Office 365 account Open external link .
   • IP Restrictions - Leave this field empty.
   • Outbound TLS - Forward all messages over TLS.
   • Quarantine Policy - Do not check any dispositions.

​​ Configure anti-spam policies

To configure anti-spam policies:

1. Open the Microsoft 365 Defender console Open external link .

2. Go to Email & collaboration > Policies & rules.

3. Select Threat policies.

4. Under Policies, select Anti-spam.

5. Select the Anti-spam inbound policy (Default) text (not the checkbox).

6. In Actions, scroll down and select Edit actions.

   

7. Set the following conditions and actions (you might need to scroll up or down to find them):

   • Spam: Move messages to Junk Email folder.
   • High confidence spam: Quarantine message.
     • Select quarantine policy: AdminOnlyAccessPolicy.
   • Phishing: Quarantine message.
     • Select quarantine policy: AdminOnlyAccessPolicy.
   • High confidence phishing: Quarantine message.
     • Select quarantine policy: AdminOnlyAccessPolicy.
   • Retain spam in quarantine for this many days: Default is 15 days. Cloudflare Area 1 recommends 15-30 days.

   

8. Select Save.

​​ Create transport rules

To create the transport rules that will send emails with certain dispositions to Area 1:

1. Open the new Exchange admin center Open external link .

2. Go to Mail flow > Rules.

3. Select Add a Rule > Create a new rule.

4. Set the following rule conditions:

   • Name: Area 1 Deliver to Junk Email folder.
   • Apply this rule if: The message headers > includes any of these words.
     • Enter text: X-Area1Security-Disposition > Save.
     • Enter words: SUSPICIOUS, BULK > Add > Save.
   • Apply this rule if: Select + to add a second condition.
   • And: The sender > IP address is in any of these ranges or exactly matches > enter the egress IPs in the Egress IPs page.
   • Do the following - Modify the message properties > Set the Spam Confidence Level (SCL) > 5.

   

5. Select Next.

6. You can use the default values on this screen. Select Next.

7. Review your settings and select Finish > Done.

8. Select the rule Area 1 Deliver to Junk Email folder you have just created, and Enable.

9. Select Add a Rule > Create a new rule.

10. Set the following rule conditions:

    • Name: Area 1 Admin Managed Host Quarantine.
    • Apply this rule if: The message headers > includes any of these words.
      • Enter text: X-Area1Security-Disposition > Save.
      • Enter words: MALICIOUS, UCE, SPOOF > Add > Save.
    • Apply this rule if: Select + to add a second condition.
    • And: The sender > IP address is in any of these ranges or exactly matches > enter the egress IPs in the Egress IPs page.
    • Do the following: Redirect the message to > hosted quarantine.

    

11. Select Next.

12. You can use the default values on this screen. Select Next.

13. Review your settings and select Finish > Done.

14. Select the rule Area 1 Admin Managed Host Quarantine you have just created, and select Enable.