cloudflare · Maddy-Cloudflare · Jun 25, 2025 · Jun 24, 2025 · Jun 24, 2025 · Jun 24, 2025
@@ -499,6 +499,7 @@
 /cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/office365-email-security-mx/ /cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/microsoft365-email-security-mx/ 301
 /cloudflare-one/email-security/setup/post-delivery-deployment/api/office365-api/ /cloudflare-one/email-security/setup/post-delivery-deployment/api/m365-api/ 301
 /cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/office365-journaling/ /cloudflare-one/email-security/setup/post-delivery-deployment/bcc-journaling/journaling-setup/m365-journaling/ 301
+/cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/microsoft365-email-security-mx/ /cloudflare-one/email-security/setup/pre-delivery-deployment/prerequisites/m365-email-security-mx/ 301
 
 # firewall
 /firewall/api/cf-lists/ /waf/tools/lists/lists-api/ 301

@@ -0,0 +1,22 @@
+---
+title: 5 - Junk email folder and administrative quarantine
+pcx_content_type: integration-guide
+sidebar:
+  order: 5
+head:
+  - tag: title
+    content: Deliver emails to the junk email folder - Office 365
+
+---
+
+import { Render } from "~/components"
+
+In this tutorial, you will learn to deliver `SUSPICIOUS` and `BULK` messages to the user's junk email folder, and `MALICIOUS`, `SPAM`, and `SPOOF` messages to the Administrative Quarantine (this requires an administrator to release the emails).
+
+## Configure anti-spam policies
+
+<Render file="email-security/deployment/m365-use-cases-antispam" params={{ one: "_AdminOnlyAccessPolicy_", two: "_AdminOnlyAccessPolicy_", three: "_AdminOnlyAccessPolicy_", four: "step7-adminonly-case5.png" }} />
+
+## Create transport rules
+
+<Render file="email-security/deployment/m365-use-case-transport-rules" params={{ one: "Email Security Deliver to Junk Email folder`", two: "`SUSPICIOUS`, `BULK`", three: "_Modify the message properties_ > _Set the Spam Confidence Level (SCL)_ > _5_", four: "step4-rules.png", five: "`Email Security Admin Managed Host Quarantine`", six: " `MALICIOUS`, `UCE`, `SPOOF`", seven: "_Redirect the message to_ > _hosted quarantine_", eight: "step10-hosted-quarantine-case5.png" }} />
@@ -0,0 +1,56 @@
+---
+title: 4 - User managed quarantine and administrative quarantine
+pcx_content_type: integration-guide
+sidebar:
+  order: 4
+head:
+  - tag: title
+    content: User managed quarantine and administrative quarantine - Office 365
+
+---
+
+import { Render } from "~/components"
+
+In this tutorial, you will learn to deliver `SPAM` and `SPOOF` messages to the user managed quarantine, and `MALICIOUS` messages to the administrative quarantine (this requires an administrator to release the emails).
+
+## Create quarantine policies
+
+<Render file="email-security/deployment/m365-use-case-2-4-create-quarantine-policy" />
+
+## Configure quarantine notifications
+
+<Render file="email-security/deployment/m365-use-case-configure-quarantine-notifications" />
+
+## Configure anti-spam policies
+
+To configure anti-spam policies:
+
+1. Open the [Microsoft 365 Defender console](https://security.microsoft.com/)
+
+2. Go to **Email & collaboration** > **Policies & rules**.
+
+3. Select **Threat policies**.
+
+4. Under **Policies**, select **Anti-spam**.
+
+5. Select the **Anti-spam inbound policy (Default)** text (not the checkbox).
+
+6. In the **Actions** section, scroll down and select **Edit actions**.
+
+7. Set the following conditions and actions (you might need to scroll up or down to find them):
+
+   * **Spam**: *Quarantine message*.
+     * **Select quarantine policy**: *UserNotifyUserRelease*.
+   * **High confidence spam**: *Quarantine message*.
+     * **Select quarantine policy**: *UserNotifyAdminRelease*.
+   * **Phishing**: *Quarantine message*.
+     * **Select quarantine policy**: *UserNotifyAdminRelease*.
+   * **High confidence phishing**: *Quarantine message*.
+     * **Select quarantine policy**: *UserNotifyAdminRelease*.
+   * **Retain spam in quarantine for this many days**: Default is 15 days. Email Security recommends 15-30 days.
+
+8. Select **Save**.
+
+## Create transport rules
+
+<Render file="email-security/deployment/m365-use-case-transport-rules" params={{ one: "`Email Security User Quarantine Message`", two: "`UCE`, `SPOOF`", three: "_Modify the message properties_ > _Set the Spam Confidence Level (SCL)_ > _5_", four: "step4-rules-case4.png", five: "`Email Security User Quarantine Message Admin Release`", six: "`MALICIOUS`", seven: "_Modify the message properties_ > _Set the Spam Confidence Level (SCL)_ > _9_", eight: "step10-admin-release-case4.png" }} />
@@ -0,0 +1,13 @@
+---
+title: Use cases
+pcx_content_type: how-to
+sidebar:
+  order: 1
+  group:
+    hideIndex: true
+---
+
+import { DirectoryListing } from "~/components"
+
+
+<DirectoryListing />
@@ -0,0 +1,55 @@
+---
+title: 1 - Junk email and Email Security Admin Quarantine
+pcx_content_type: integration-guide
+sidebar:
+  order: 1
+head:
+  - tag: title
+    content: Junk email and Email Security Admin Quarantine -
+      Microsoft 365
+
+---
+
+import { Render } from "~/components"
+
+In this tutorial, you will learn how to deliver emails to the Microsoft 365 junk email folder and the Admin Quarantine in Email Security.
+
+## Create quarantine policies
+
+<Render file="email-security/deployment/m365-use-case-1-3-create-quarantine-policy" />
+
+## Configure quarantine notifications
+
+<Render file="email-security/deployment/m365-use-case-configure-quarantine-notifications" />
+
+## Configure anti-spam policies
+
+<Render file="email-security/deployment/m365-use-cases-antispam" params={{ one: "_UserNotifyAdminRelease_", two: "_UserNotifyAdminRelease_", three: "_UserNotifyAdminRelease_" }} />
+
+## Create transport rules
+
+To create the transport rules that will send emails with certain dispositions to Email Security:
+
+1. Open the new [Exchange admin center](https://admin.exchange.microsoft.com/#/homepage).
+
+2. Go to **Mail flow** > **Rules**.
+
+3. Select **Add a Rule** > **Create a new rule**.
+
+4. Set the following rule conditions:
+
+   * **Name**: `Email Security Deliver to Junk Email folder`.
+   * **Apply this rule if**: *The message headers* > *includes any of these words*.
+     * **Enter text**: `X-CFEmailSecurity-Disposition` > **Save**.
+     * **Enter words**: `SUSPICIOUS`, `BULK` > **Add** > **Save**.
+   * **Apply this rule if**: Select **+** to add a second condition.
+   * **And**: *The sender* > *IP address is in any of these ranges or exactly matches* > enter the egress IPs in the [Egress IPs](/cloudflare-one/email-security/setup/pre-delivery-deployment/egress-ips/) page.
+   * **Do the following** - *Modify the message properties* > *Set the Spam Confidence Level (SCL)* > *5*.
+
+5. Select **Next**.
+
+6. You can use the default values on this screen. Select **Next**.
+
+7. Review your settings and select **Finish** > **Done**.
+
+8. Select the rule `Email Security Deliver to Junk Email folder` you have just created, and select **Enable**.
@@ -0,0 +1,30 @@
+---
+title: 3 - Junk email and administrative quarantine
+pcx_content_type: integration-guide
+sidebar:
+  order: 3
+head:
+  - tag: title
+    content: Junk email and administrative quarantine - Microsoft 365
+
+---
+
+import { Render } from "~/components"
+
+In this tutorial, you will learn how to deliver `SUSPICIOUS` and `BULK` messages to the users's junk email folder, and `MALICIOUS`, `SPAM`, and `SPOOF` messages to the administrative quarantine (this requires an administrator to release the emails).
+
+## Create quarantine policies
+
+<Render file="email-security/deployment/m365-use-case-1-3-create-quarantine-policy" />
+
+## Configure quarantine notifications
+
+<Render file="email-security/deployment/m365-use-case-configure-quarantine-notifications" />
+
+## Configure anti-spam policies
+
+<Render file="email-security/deployment/m365-use-cases-antispam" params={{ one: "_UserNotifyAdminRelease_", two: "_UserNotifyAdminRelease_", three: "_UserNotifyAdminRelease_" }} />
+
+## Create transport rules
+
+<Render file="email-security/deployment/m365-use-case-transport-rules" params={{ one: "`Email Security Deliver to Junk Email folder`", two: "`SUSPICIOUS`, `BULK`", three: "_Modify the message properties_ > _Set the Spam Confidence Level (SCL)_ > _5_", four: "step4-rules.png", five: "`Email Security User Quarantine Message`", six: "`MALICIOUS`, `UCE`, `SPOOF`", seven: "_Modify the message properties_ > _Set the Spam Confidence Level (SCL)_ > _9_", eight: "step10-user-quarantine.png" }} />
@@ -0,0 +1,30 @@
+---
+title: 2 - Junk email and user managed quarantine
+pcx_content_type: integration-guide
+sidebar:
+  order: 2
+head:
+  - tag: title
+    content: Junk email and user managed quarantine - Microsoft 365
+
+---
+
+import { Render } from "~/components"
+
+In this tutorial, you will learn how to deliver `SUSPICIOUS` and `BULK` messages to the user's junk folder, and `SPAM` and `SPOOF` messages to the user managed quarantine.
+
+## Create quarantine policies
+
+<Render file="email-security/deployment/m365-use-case-2-4-create-quarantine-policy" />
+
+## Configure quarantine notifications
+
+<Render file="email-security/deployment/m365-use-case-configure-quarantine-notifications" />
+
+## Configure anti-spam policies
+
+<Render file="email-security/deployment/m365-use-cases-antispam" params={{ one: "_UserNotifyUserRelease_", two: "_UserNotifyAdminRelease_", three: "_UserNotifyAdminRelease_" }} />
+
+## Create transport rules
+
+<Render file="email-security/deployment/m365-use-case-transport-rules" params={{ one: "`Email Security Deliver to Junk Email folder`", two: "`SUSPICIOUS`, `BULK`", three: "_Modify the message properties_ > _Set the Spam Confidence Level (SCL)_ > _5_", four: "step4-rules.png", five: "`Email Security User Quarantine Message`", six: "`UCE`, `SPOOF`", seven: "_Modify the message properties_ > _Set the Spam Confidence Level (SCL)_ > _9_", eight: "step10-user-quarantine.png" }} />
@@ -0,0 +1,35 @@
+---
+{}
+
+---
+
+To create quarantine policies:
+
+1. Open the [Microsoft 365 Defender console](https://security.microsoft.com/)
+
+2. Go to **Email & collaboration** > **Policies & rules**.
+
+3. Select **Threat policies**.
+
+4. Under **Rules**, select **Quarantine policies**.
+
+5. Select **Add custom policy**.
+
+6. Set the **Policy name** to `UserNotifyAdminRelease`.
+
+7. Select **Next**.
+
+8. In **Recipient message access**, select **Set specific access (Advanced)**, and then:
+
+   * In **Select release action preference**, choose *Allow recipients to request a message to be released from quarantine*.
+   * In **Select additional actions recipients can take on quarantined messages**, select the **Delete** and **Preview** checkboxes.
+
+9. Select **Next**.
+
+10. In **Quarantine notification**, select **Enable**.
+
+11. Select **Next**.
+
+12. Review your settings and select **Submit**.
+
+13. Select **Done**.
@@ -0,0 +1,56 @@
+---
+{}
+
+---
+
+To create quarantine policies:
+
+1. Open the [Microsoft 365 Defender console](https://security.microsoft.com/).
+
+2. Go to **Email & collaboration** > **Policies & rules**.
+
+3. Select **Threat policies**.
+
+4. Under **Rules**, select **Quarantine policies**.
+
+5. Select **Add custom policy**.
+
+6. Set the **Policy name** to `UserNotifyUserRelease`.
+
+7. Select **Next**.
+
+8. In **Recipient message access**, select **Set specific access (Advanced)**, and then:
+
+   * In **Select release action preference**, choose *Allow recipients to release a message from quarantine*.
+   * In **Select additional actions recipients can take on quarantined messages**, select the **Delete** and **Preview** checkboxes.
+
+9. Select **Next**.
+
+10. In **Quarantine notification**, select **Enable**.
+
+11. Select **Next**.
+
+12. Review your settings and select **Submit**.
+
+13. Select **Done**.
+
+14. Select **Add custom policy**.
+
+15. Set the **Policy name** to `UserNotifyAdminRelease`.
+
+16. Select **Next**.
+
+17. In **Recipient message access**, select **Set specific access (Advanced)**, and then:
+
+    * In **Select release action preference**, from the drop-down menu, choose *Allow recipients to request a message to be released from quarantine*.
+    * In **Select additional actions recipients can take on quarantined messages**, select the **Delete** and **Preview** checkboxes.
+
+18. Select **Next**.
+
+19. In **Quarantine notification**, select **Enable**.
+
+20. Select **Next**.
+
+21. Review your settings and select **Submit**.
+
+22. Select **Done**.
@@ -0,0 +1,20 @@
+---
+{}
+
+---
+
+To configure quarantine notifications:
+
+1. Open the [Microsoft 365 Defender console](https://security.microsoft.com/).
+
+2. Go to **Email & collaboration** > **Policies & rules**.
+
+3. Select **Threat policies**.
+
+4. Under **Rules**, select **Quarantine policies**.
+
+5. Select **Global settings**.
+
+6. Scroll to the bottom and set the desired frequency in **Send end-user spam notifications every (days)**. This value can only be incremented in days.
+
+7. Select **Save**.
@@ -0,0 +1,53 @@
+---
+inputParameters: ruleName;;ruleWords;;doFollowing;;img;;ruleName2;;ruleWords2;;doFollowing2;;img2
+
+---
+
+import { Image } from 'astro:assets';
+import { GlossaryTooltip, Markdown } from "~/components"
+
+To create the transport rules that will send emails with certain [disposition](/cloudflare-one/email-security/reference/dispositions-and-attributes/#dispositions) to Email Security:
+
+1. Open the new [Exchange admin center](https://admin.exchange.microsoft.com/#/homepage).
+
+2. Go to **Mail flow** > **Rules**.
+
+3. Select **Add a Rule** > **Create a new rule**.
+
+4. Set the following rule conditions:
+
+   * **Name**: *{props.one}*.
+   * **Apply this rule if**: *The message headers* > *includes any of these words*.
+     * **Enter text**: `X-CFEmailSecurity-Disposition` > **Save**.
+     * **Enter words**: <code>{props.two}</code> > **Add** > **Save**.
+   * **Apply this rule if**: Select **+** to add a second condition.
+   * **And**: *The sender* > *IP address is in any of these ranges or exactly matches* > enter the egress IPs in the [Egress IPs](/cloudflare-one/email-security/setup/pre-delivery-deployment/egress-ips/) page.
+   * **Do the following** - *{props.three}*.
+
+5. Select **Next**.
+
+6. You can use the default values on this screen. Select **Next**.
+
+7. Review your settings and select **Finish** > **Done**.
+
+8. Select the rule {props.one} you have just created, and **Enable**.
+
+9. Select **Add a Rule** > **Create a new rule**.
+
+10. Set the following rule conditions:
+
+    * **Name**: *{props.five}*.
+    * **Apply this rule if**: *The message headers* > *includes any of these words*.
+      * **Enter text**: `X-CFEmailSecurity-Disposition` > **Save**.
+      * **Enter words**: *{props.six}* > **Add** > **Save**.
+    * **Apply this rule if**: Select **+** to add a second condition.
+    * **And**: *The sender* > *IP address is in any of these ranges or exactly matches* > enter the egress IPs in the [Egress IPs](/cloudflare-one/email-security/setup/pre-delivery-deployment/egress-ips/) page.
+    * **Do the following**: *{props.seven}*.
+
+11. Select **Next**.
+
+12. You can use the default values on this screen. Select **Next**.
+
+13. Review your settings and select **Finish** > **Done**.
+
+14. Select the rule *{props.five}* you have just created, and select **Enable**.