Back
Managing Mail Rules in Microsoft 365: How to Create, Edit, and Delete Mail Rules
Microsoft 365 provides powerful tools for managing email flow, automating actions, and enforcing security policies. Whether you're a user looking to filter emails in Outlook or an administrator managing rules at the organizational level via the Microsoft Exchange Admin Center, mail rules can help you automate workflows, enhance security, and reduce clutter.
This guide walks you through the steps to create, edit, and delete mail rules in Microsoft Outlook (user-level) and Microsoft Exchange Admin Center (EAC) (admin-level).
1. Creating Mail Rules in Microsoft 365
Mail rules (also called inbox rules or transport rules) can be created at two levels:
- User-Level Rules: Created in Outlook to manage personal inboxes.
- Admin-Level Rules: Configured in Exchange Admin Center (EAC) to enforce rules across the organization.
1.1 Creating User-Level Mail Rules in Outlook (Web & Desktop)
If you want to create a rule that applies only to your own inbox, you can do so in Outlook Web App (OWA) or Outlook Desktop.
Steps for Outlook on the Web (OWA)
- Open Outlook Web and sign in.
- Click on the gear icon (⚙️ Settings) in the top-right corner.
- Click "View all Outlook settings" at the bottom.
- Navigate to Mail → Rules.
- Click "Add new rule" and define:
- Name: Give your rule a descriptive name.
- Conditions: Select criteria (e.g., "From," "Subject includes," "Has attachment").
- Actions: Choose what should happen (e.g., "Move to folder," "Mark as read," "Forward to another address").
- Exceptions: Define conditions where the rule should not apply.
- Click Save to activate the rule.
Steps for Outlook Desktop (Windows & Mac)
- Open Outlook Desktop and go to the Home tab.
- Click Rules → Manage Rules & Alerts.
- Click New Rule and use the Rules Wizard to set up:
- Conditions (e.g., specific senders, subjects, keywords).
- Actions (e.g., move, delete, forward).
- Exceptions (if needed).
- Click Finish to apply the rule.
1.2 Creating Organization-Level Mail Rules in Microsoft Exchange Admin Center (EAC)
For administrators managing company-wide mail policies, rules must be configured in the Exchange Admin Center (EAC).
Steps to Create a Mail Rule in EAC
- Sign in to Microsoft Exchange Admin Center.
- Go to Mail flow → Rules.
- Click "Add a rule" → Choose Create a new rule.
- Configure the rule settings:
- Name: Enter a descriptive name.
- Apply this rule if...: Set conditions (e.g., sender, subject, attachment type).
- Do the following...: Choose an action (e.g., block, quarantine, forward, mark as spam).
- Set priority: Define if this rule should run before others.
- Click Save to apply the rule across the organization.
2. Editing Mail Rules in Microsoft 365
2.1 Editing User-Level Mail Rules in Outlook
- Open Outlook Web App (
Settings→Rules). - Locate the rule you want to modify.
- Click on the rule and edit conditions, actions, or exceptions.
- Click Save to update.
For Outlook Desktop, go to Rules & Alerts (Rules → Manage Rules & Alerts), select the rule, and click Change Rule.
2.2 Editing Organization-Level Rules in Microsoft Exchange Admin Center
- Open Exchange Admin Center (EAC) → Mail flow → Rules.
- Click on the rule you want to edit.
- Modify conditions, actions, or exceptions.
- Click Save to apply the changes.
3. Deleting Mail Rules in Microsoft 365
3.1 Deleting User-Level Rules in Outlook
- Open Outlook Web App → Mail Settings → Rules.
- Locate the rule to remove.
- Click Delete, then confirm.
For Outlook Desktop, go to Rules & Alerts, select the rule, and click Delete.
3.2 Deleting Organization-Level Rules in Exchange Admin Center
- Open Exchange Admin Center (EAC) → Mail flow → Rules.
- Select the rule to delete.
- Click Delete, then confirm.
Best Practices for Managing Mail Rules
- Use Descriptive Names: This makes rule management easier.
- Review Periodically: Mail rules can become outdated and may need adjustments.
- Avoid Broad Forwarding Rules: Forwarding all emails externally can pose security risks.
- Test Before Applying: Especially for organization-wide rules, test in a controlled environment before rolling out.
By following these steps, you can efficiently create, edit, and delete mail rules in Microsoft 365, helping users and administrators automate email management, enforce security policies, and improve productivity. 🚀
Frequently Asked Questions
What is an "Impossible Travel" sign-in event?
This occurs when a user logs in from two distant locations within a time period that would be physically impossible. For example:
- 8:00 AM: Sign-in from New York.
- 8:15 AM: Sign-in from London. This indicates possible account compromise or session hijacking.
Why is sign-in monitoring important for security?
Sign-in logs help detect unauthorized access attempts, brute-force attacks, and compromised accounts. Reviewing sign-ins can reveal impossible travel scenarios, MFA bypass attempts, or login anomalies that indicate potential breaches.
How can creating policies help enhance security?
Creating policies allows you to:
- Proactively Manage Threats: Implement rules that automatically respond to unusual or unauthorized activities, helping to mitigate potential risks before they escalate.
- Customize Security Measures: Tailor security settings to fit the unique needs of your organization, ensuring that protective measures align with your specific security goals.
- Ensure Compliance: Maintain compliance with regulatory requirements by enforcing consistent policies that govern data access and user behavior.
How to enforce MFA on a user
How to enforce MFA on a user
To enforce Multi-Factor Authentication (MFA) on a user in our platform, follow these steps:
- Go to Identity Hub.
- Click on the selected user.
- Navigate to the Remediations tab.
- Scroll to the Enforce MFA section.
- Select the application where you wish to enforce MFA for the user.
- Click Enforce.
MFA will then be enforced for the user on the selected application.
How to reset a user password
How to reset a user password
To reset a user’s password on our platform, follow these steps:
- Go to Identity Hub.
- Click on the selected user.
- Navigate to the Remediations tab.
- Scroll to the Reset Password section.
- Select the integration where you wish to reset the user's password.
- Click Reset Password.
- Follow any additional instructions if prompted.
The user’s password will then be reset according to the selected integration’s requirements.
How to Suspend a User
How to suspend a user
To suspend a user on our platform, follow these steps:
- Go to Identity Hub.
- Click on the selected user.
- Navigate to the Remediations tab.
- Scroll to the Suspend Account section.
- Select the integrations from which you'd like to suspend the user.
- Click Suspend.
The user will then be suspended from the chosen integrations.
How Rotate Enhances Identity Security
Rotate's Identity Hub offers a comprehensive suite of features designed to strengthen your organization's identity security:
- User and Device Management: Gain visibility into user details, monitor actions, and manage connected devices and applications.
- Security Enforcement: Enforce Multi-Factor Authentication (MFA) and strong password policies, and enroll employees in security awareness training programs.
- Remediation Actions: Quickly respond to threats by suspending accounts, resetting passwords, disconnecting users from all apps and devices, and enforcing MFA.
- Access Monitoring and Anomaly Detection: Track login behaviors with geo-location heatmaps and AI-driven insights to detect risky activities and anomalies, such as impossible travel or suspicious login times and locations.
- Policy Management: Create and enforce security policies with specific actions like alerts or restrictions to address potential threats.
By integrating these capabilities, Rotate's Identity Hub provides a robust framework to protect your organization against identity-related threats.