[Email Security] Add M365 MX/Inline use cases

Author: Maddy-Cloudflare

src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/microsoft365-email-security-mx.mdx renamed to src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/m365-email-security-mx/index.mdx

@@ -0,0 +1,27 @@
+---
+title: 5 - Junk email folder and administrative quarantine
+pcx_content_type: integration-guide
+updated: 2023-01-12
+sidebar:
+  order: 5
+head:
+  - tag: title
+    content: Deliver emails to the junk email folder - Office 365
+
+---
+
+import { Render } from "~/components"
+
+In this tutorial, you will learn to deliver `SUSPICIOUS` and `BULK` messages to the user's junk email folder, and `MALICIOUS`, `SPAM`, and `SPOOF` messages to the Administrative Quarantine (this requires an administrator to release the emails).
+
+## Configure domains
+
+<Render file="email-security/deployment/m365-use-case-configure-domain" params={{ one: "Do not check any dispositions." }} />
+
+## Configure anti-spam policies
+
+<Render file="email-security/deployment/m365-use-cases-antispam" params={{ one: "_AdminOnlyAccessPolicy_", two: "_AdminOnlyAccessPolicy_", three: "_AdminOnlyAccessPolicy_", four: "step7-adminonly-case5.png" }} />
+
+## Create transport rules
+
+<Render file="email-security/deployment/m365-use-case-transport-rules" params={{ one: "Email Security Deliver to Junk Email folder`", two: "`SUSPICIOUS`, `BULK`", three: "_Modify the message properties_ > _Set the Spam Confidence Level (SCL)_ > _5_", four: "step4-rules.png", five: "`Email Security Admin Managed Host Quarantine`", six: " `MALICIOUS`, `UCE`, `SPOOF`", seven: "_Redirect the message to_ > _hosted quarantine_", eight: "step10-hosted-quarantine-case5.png" }} />

src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/m365-email-security-mx/use-cases/five-junk-admin-quarantine.mdx

@@ -0,0 +1,61 @@
+---
+title: 4 - User managed quarantine and administrative quarantine
+pcx_content_type: integration-guide
+updated: 2023-01-12
+sidebar:
+  order: 4
+head:
+  - tag: title
+    content: User managed quarantine and administrative quarantine - Office 365
+
+---
+
+import { Render } from "~/components"
+
+In this tutorial, you will learn to deliver `SPAM` and `SPOOF` messages to the user managed quarantine, and `MALICIOUS` messages to the administrative quarantine (this requires an administrator to release the emails).
+
+## Configure domains
+
+<Render file="email-security/deployment/m365-use-case-configure-domain" params={{ one: "Do not check any dispositions." }} />
+
+## Create quarantine policies
+
+<Render file="email-security/deployment/m365-use-case-2-4-create-quarantine-policy" />
+
+## Configure quarantine notifications
+
+<Render file="email-security/deployment/m365-use-case-configure-quarantine-notifications" />
+
+## Configure anti-spam policies
+
+To configure anti-spam policies:
+
+1. Open the [Microsoft 365 Defender console](https://security.microsoft.com/)
+
+2. Go to **Email & collaboration** > **Policies & rules**.
+
+3. Select **Threat policies**.
+
+4. Under **Policies**, select **Anti-spam**.
+
+5. Select the **Anti-spam inbound policy (Default)** text (not the checkbox).
+
+6. In the **Actions** section, scroll down and select **Edit actions**.
+
+7. Set the following conditions and actions (you might need to scroll up or down to find them):
+
+   * **Spam**: *Quarantine message*.
+     * **Select quarantine policy**: *UserNotifyUserRelease*.
+   * **High confidence spam**: *Quarantine message*.
+     * **Select quarantine policy**: *UserNotifyAdminRelease*.
+   * **Phishing**: *Quarantine message*.
+     * **Select quarantine policy**: *UserNotifyAdminRelease*.
+   * **High confidence phishing**: *Quarantine message*.
+     * **Select quarantine policy**: *UserNotifyAdminRelease*.
+   * **Retain spam in quarantine for this many days**: Default is 15 days. Email Security recommends 15-30 days.
+
+8. Select **Save**.
+
+## Create transport rules
+
+<Render file="email-security/deployment/m365-use-case-transport-rules" params={{ one: "`Email Security User Quarantine Message`", two: "`UCE`, `SPOOF`", three: "_Modify the message properties_ > _Set the Spam Confidence Level (SCL)_ > _5_", four: "step4-rules-case4.png", five: "`Email Security User Quarantine Message Admin Release`", six: "`MALICIOUS`", seven: "_Modify the message properties_ > _Set the Spam Confidence Level (SCL)_ > _9_", eight: "step10-admin-release-case4.png" }} />

src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/m365-email-security-mx/use-cases/four-user-quarantine-admin-quarantine.mdx

@@ -0,0 +1,13 @@
+---
+title: Use cases
+pcx_content_type: how-to
+sidebar:
+  order: 1
+  group:
+    hideIndex: true
+---
+
+import { DirectoryListing } from "~/components"
+
+
+<DirectoryListing />

src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/m365-email-security-mx/use-cases/index.mdx

@@ -0,0 +1,55 @@
+---
+title: 1 - Junk email and Email Security Admin Quarantine
+pcx_content_type: integration-guide
+sidebar:
+  order: 1
+head:
+  - tag: title
+    content: Junk email and Email Security Admin Quarantine -
+      Microsoft 365
+
+---
+
+import { Render } from "~/components"
+
+In this tutorial, you will learn how to deliver emails to the Microsoft 365 junk email folder and the Admin Quarantine in Email Security.
+
+## Create quarantine policies
+
+<Render file="email-security/deployment/m365-use-case-1-3-create-quarantine-policy" />
+
+## Configure quarantine notifications
+
+<Render file="email-security/deployment/m365-use-case-configure-quarantine-notifications" />
+
+## Configure anti-spam policies
+
+<Render file="email-security/deployment/m365-use-cases-antispam" params={{ one: "_UserNotifyAdminRelease_", two: "_UserNotifyAdminRelease_", three: "_UserNotifyAdminRelease_" }} />
+
+## Create transport rules
+
+To create the transport rules that will send emails with certain dispositions to Email Security:
+
+1. Open the new [Exchange admin center](https://admin.exchange.microsoft.com/#/homepage).
+
+2. Go to **Mail flow** > **Rules**.
+
+3. Select **Add a Rule** > **Create a new rule**.
+
+4. Set the following rule conditions:
+
+   * **Name**: `Email Security Deliver to Junk Email folder`.
+   * **Apply this rule if**: *The message headers* > *includes any of these words*.
+     * **Enter text**: `X-CFEmailSecurity-Disposition` > **Save**.
+     * **Enter words**: `SUSPICIOUS`, `BULK` > **Add** > **Save**.
+   * **Apply this rule if**: Select **+** to add a second condition.
+   * **And**: *The sender* > *IP address is in any of these ranges or exactly matches* > enter the egress IPs in the [Egress IPs](/cloudflare-one/email-security/setup/pre-delivery-deployment/egress-ips/) page.
+   * **Do the following** - *Modify the message properties* > *Set the Spam Confidence Level (SCL)* > *5*.
+
+5. Select **Next**.
+
+6. You can use the default values on this screen. Select **Next**.
+
+7. Review your settings and select **Finish** > **Done**.
+
+8. Select the rule `Email Security Deliver to Junk Email folder` you have just created, and select **Enable**.

src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/m365-email-security-mx/use-cases/one-junk-admin-quarantine.mdx

@@ -0,0 +1,30 @@
+---
+title: 3 - Junk email and administrative quarantine
+pcx_content_type: integration-guide
+sidebar:
+  order: 3
+head:
+  - tag: title
+    content: Junk email and administrative quarantine - Microsoft 365
+
+---
+
+import { Render } from "~/components"
+
+In this tutorial, you will learn how to deliver `SUSPICIOUS` and `BULK` messages to the users's junk email folder, and `MALICIOUS`, `SPAM`, and `SPOOF` messages to the administrative quarantine (this requires an administrator to release the emails).
+
+## Create quarantine policies
+
+<Render file="email-security/deployment/m365-use-case-1-3-create-quarantine-policy" />
+
+## Configure quarantine notifications
+
+<Render file="email-security/deployment/m365-use-case-configure-quarantine-notifications" />
+
+## Configure anti-spam policies
+
+<Render file="email-security/deployment/m365-use-cases-antispam" params={{ one: "_UserNotifyAdminRelease_", two: "_UserNotifyAdminRelease_", three: "_UserNotifyAdminRelease_" }} />
+
+## Create transport rules
+
+<Render file="email-security/deployment/m365-use-case-transport-rules" params={{ one: "`Email Security Deliver to Junk Email folder`", two: "`SUSPICIOUS`, `BULK`", three: "_Modify the message properties_ > _Set the Spam Confidence Level (SCL)_ > _5_", four: "step4-rules.png", five: "`Email Security User Quarantine Message`", six: "`MALICIOUS`, `UCE`, `SPOOF`", seven: "_Modify the message properties_ > _Set the Spam Confidence Level (SCL)_ > _9_", eight: "step10-user-quarantine.png" }} />

src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/m365-email-security-mx/use-cases/three-junk-admin-quarantine.mdx

@@ -0,0 +1,30 @@
+---
+title: 2 - Junk email and user managed quarantine
+pcx_content_type: integration-guide
+sidebar:
+  order: 2
+head:
+  - tag: title
+    content: Junk email and user managed quarantine - Microsoft 365
+
+---
+
+import { Render } from "~/components"
+
+In this tutorial, you will learn how to deliver `SUSPICIOUS` and `BULK` messages to the user's junk folder, and `SPAM` and `SPOOF` messages to the user managed quarantine.
+
+## Create quarantine policies
+
+<Render file="email-security/deployment/m365-use-case-2-4-create-quarantine-policy" />
+
+## Configure quarantine notifications
+
+<Render file="email-security/deployment/m365-use-case-configure-quarantine-notifications" />
+
+## Configure anti-spam policies
+
+<Render file="email-security/deployment/m365-use-cases-antispam" params={{ one: "_UserNotifyUserRelease_", two: "_UserNotifyAdminRelease_", three: "_UserNotifyAdminRelease_" }} />
+
+## Create transport rules
+
+<Render file="email-security/deployment/m365-use-case-transport-rules" params={{ one: "`Email Security Deliver to Junk Email folder`", two: "`SUSPICIOUS`, `BULK`", three: "_Modify the message properties_ > _Set the Spam Confidence Level (SCL)_ > _5_", four: "step4-rules.png", five: "`Email Security User Quarantine Message`", six: "`UCE`, `SPOOF`", seven: "_Modify the message properties_ > _Set the Spam Confidence Level (SCL)_ > _9_", eight: "step10-user-quarantine.png" }} />

src/content/docs/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/m365-email-security-mx/use-cases/two-junk-user-quarantine.mdx

@@ -0,0 +1,35 @@
+---
+{}
+
+---
+
+To create quarantine policies:
+
+1. Open the [Microsoft 365 Defender console](https://security.microsoft.com/)
+
+2. Go to **Email & collaboration** > **Policies & rules**.
+
+3. Select **Threat policies**.
+
+4. Under **Rules**, select **Quarantine policies**.
+
+5. Select **Add custom policy**.
+
+6. Set the **Policy name** to `UserNotifyAdminRelease`.
+
+7. Select **Next**.
+
+8. In **Recipient message access**, select **Set specific access (Advanced)**, and then:
+
+   * In **Select release action preference**, choose *Allow recipients to request a message to be released from quarantine*.
+   * In **Select additional actions recipients can take on quarantined messages**, select the **Delete** and **Preview** checkboxes.
+
+9. Select **Next**.
+
+10. In **Quarantine notification**, select **Enable**.
+
+11. Select **Next**.
+
+12. Review your settings and select **Submit**.
+
+13. Select **Done**.

src/content/partials/cloudflare-one/email-security/deployment/m365-use-case-1-3-create-quarantine-policy.mdx

@@ -0,0 +1,56 @@
+---
+{}
+
+---
+
+To create quarantine policies:
+
+1. Open the [Microsoft 365 Defender console](https://security.microsoft.com/).
+
+2. Go to **Email & collaboration** > **Policies & rules**.
+
+3. Select **Threat policies**.
+
+4. Under **Rules**, select **Quarantine policies**.
+
+5. Select **Add custom policy**.
+
+6. Set the **Policy name** to `UserNotifyUserRelease`.
+
+7. Select **Next**.
+
+8. In **Recipient message access**, select **Set specific access (Advanced)**, and then:
+
+   * In **Select release action preference**, choose *Allow recipients to release a message from quarantine*.
+   * In **Select additional actions recipients can take on quarantined messages**, select the **Delete** and **Preview** checkboxes.
+
+9. Select **Next**.
+
+10. In **Quarantine notification**, select **Enable**.
+
+11. Select **Next**.
+
+12. Review your settings and select **Submit**.
+
+13. Select **Done**.
+
+14. Select **Add custom policy**.
+
+15. Set the **Policy name** to `UserNotifyAdminRelease`.
+
+16. Select **Next**.
+
+17. In **Recipient message access**, select **Set specific access (Advanced)**, and then:
+
+    * In **Select release action preference**, from the drop-down menu, choose *Allow recipients to request a message to be released from quarantine*.
+    * In **Select additional actions recipients can take on quarantined messages**, select the **Delete** and **Preview** checkboxes.
+
+18. Select **Next**.
+
+19. In **Quarantine notification**, select **Enable**.
+
+20. Select **Next**.
+
+21. Review your settings and select **Submit**.
+
+22. Select **Done**.

src/content/partials/cloudflare-one/email-security/deployment/m365-use-case-2-4-create-quarantine-policy.mdx

@@ -0,0 +1,20 @@
+---
+inputParameters: quarantinePolicy
+
+---
+
+import { Markdown } from "~/components"
+
+You first need to configure the domains you are onboarding on the Email Security dashboard. To configure your domains:
+
+1. Log in to the [Email Security dashboard](https://horizon.area1security.com/).
+2. Go to **Settings** (the gear icon).
+3. Go to **Email configuration** > **Domains & Routing** > **Domains**.
+4. Make sure each domain you are onboarding has been added.
+5. For each domain you are configuring, select **...** > **Edit**, and set the following options:
+   * **Domain** - `<YOUR_DOMAIN>`.
+   * **Configured as** - `MX Records`.
+   * **Forwarding to** - This should match the expected MX record for each domain in your [Microsoft 365 account](https://admin.microsoft.com/#/Domains/).
+   * **IP Restrictions** - Leave this field empty.
+   * **Outbound TLS** - `Forward all messages over TLS`.
+   * **Quarantine Policy** - {props.one}