This document will show you how to configure your inbound rules that will enable you to receive an alert when a user clicks on one of our Monthly Phishing e-mails and, also, when they receive their initial training e-mail.
Monthly Phishing Alert Setup:
Within your O365, you need to setup a rule on inbound email.
- If mail is from training@csalearn.co.uk / training@sattlearn.co.uk / training@csalearning.co.uk / training@satteducation.co.uk
- And “Subject” contains “You have been re-enrolled in Security Awareness training”
- Forward a copy to [contact@customer-domain.co.uk]
To create this rule in your O365, you will need to follow the steps below:
- Log into Microsoft Office with an Administrator user profile and select “Admin” for navigating to the Microsoft Admin Centre.
- Once you are in the Admin Centre, Click on Show All, then select Exchange, to navigate to the Exchange Admin Center.
- Now, you need to select “Mail Flow” from the left-hand menu and then select “Rules” from within the Mail Flow option.
- Click on Add a Rule, then select Create a new Rule.
- Give the new rule a name - "SATT Email Alerts Approval Rule"
- Now you need to set the rule conditions. First you need to set the Apply this Rule if.. condition. Select the following in the drop down menus that pop up when you click on Apply this rule if..
Make sure the first drop down menu is set to "The sender" and the second drop down menu is set to "is the person".
- Now you need to enter these 3 sender addresses when you will be prompted with the textbox to Enter the sender (address). Make sure to enter these 3 addresses that we use to send phishing test emails: "training@csalearn.co.uk", "training@sattlearn.co.uk", ""training@satteducation.co.uk" and "training@csalearning.co.uk". Remember to click on "+Save" and "Save" at the end of the page before moving on to the next step.
- Now you need to click on the "+" button to add another condition to the rule. Make sure the first drop down menu is set to "The recipient", and the second one is set to "is the person", under the "And" section, as shown below.
- Now you need to add the recipient address when you will be prompted by a similar textbox as before. Make sure the recipient address you enter is your own email address. The email address you enter, should lie within the O365 group, as the rule won't activate if the address is not within the O365 group. Remember to click on "+Save" and "Save" at the end of the page before moving on to the next step.
- Now you need to again click on the "+" button to add another condition to the rule. Then you need to make sure you have selected "The subject or body" from the first drop down menu, and "subject matches these text patterns" from the second drop down menu under the second "And" section.
- Just similar to before, you will be prompted with a textbox to enter the text patterns as per the condition added to the rule. Make sure to add "You have been re-enrolled in Security Awareness training" in the textbox when prompted, as shown below. Remember to click on Add, once you've entered the text, and Save before moving on to the next steps.
- Under the "Do the following" option, make sure you select "Forward the message for approval" in the first drop down menu, and select "to these people" in the second drop down menu, as shown below.
- Similar to before, you will be prompted to enter the address of these 'people', to which the rule will forward the email for approval, as per the conditions set above. Make sure you enter the desired email address in this textbox, we recommend entering the email address of a manager or someone who will be responsible for the SATT emails that we send. You also need to make sure this email also is within the O365 group, otherwise the rule will not be applied. Remember to click on "+Save" and "Save" at the end of the page before moving on to the next step.
- After you've followed the above steps, now you need to click on the Next button at the bottom of the page, to set the rule settings.
- Now you need to make sure that the Priority for the rule is set to 0 and the Enforce option is checked, the reason is just so that this is the first rule that is applied to your emails, and the rule is enabled and applied.
This rule will now forward the original email, including the original recipient, to the additional named recipient, for approval.
Comments
0 comments
Please sign in to leave a comment.