This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I have a large tenant with different domains, and having some issues with compromised accounts creating inbox rules and sending to all students phishing emails. Is there any possible way to block the creation of inbox and/or forwarding rules for a specific domain or group (or other category like Custom Attribute or similar)?
Or is there any policy I can configure to manage the type of characters allowed in the inbox rule (OWA or Outlook Client)?
I saw a post in Microsoft but is not possible for Outlook client.
I hope someone have an answer with some examples.
Thanks in advance
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 91%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJZ%3C/text%3E%3C/svg%3E)
Hi @Anielka Oliveros ,
I did some research on your question and found that it is indeed not possible to block the creation of inbox rules and forwarding rules for specific domains or groups, and there is no relevant policy to manage the types of characters allowed in inbox rules.
However, there may be other ways you can solve the problem you are experiencing, and I have some ideas to suggest:
Set-Mailbox -Identity [User's Email Address] -RulesQuota 0
2.If you receive a phishing email with a fixed sender, subject, body, etc., you can set up a mail flow rule to block emails from that recipient/subject/body, etc. For specific operations, you can refer to the screenshot below to set up blocking fixed senders in the Exchange Online Management Center.
Thank you for the quick response, I will try that option with a test user and I will post the result here. Also in my research with copilot I found the following procedure, but I think this one need to be on schedule, or if there is a way to integrate it with MIM?
I made a test with a user in Powershell and I have two errors, the first one, says:
Exception setting "RulesQuota": "RulesQuota: The property (RulesQuota (Microsoft.Exchange.Data.ByteQuantifiedSize)) is out of range. The valid range is from '32 KB (32,768 bytes)' to
'256 KB (262,144 bytes)', actual '32 B (32 bytes)'."
And if I modify the parameter to the minimum, 32,786B, I got another error:
Write-ErrorMessage : Cannot process argument transformation on parameter 'RulesQuota'. Cannot convert value "System.Collections.Generic.List`1[System.String]" to type "Microsoft.Exchange.Data.ByteQuantifiedSize". Error: "Object of type
'System.Collections.Generic.List`1[System.String]' cannot be converted to type 'Microsoft.Exchange.Data.ByteQuantifiedSize'."
Hi @Anielka Oliveros ,
I'm sorry for my mistake. It is true that I made a mistake in the value of RulesQuota. After my test, you can use the command in the following format:
Set-Mailbox -Identity user@example.com -RulesQuota ([Microsoft.Exchange.Data.ByteQuantifiedSize]::Parse("32KB"))
However, I read the method mentioned in your comment, and I think it can solve your problem very well. You can try it with confidence. If you encounter any problems during the process, feel free to leave me a comment and I will be glad to help you.
Just circling back to check to see how things are going on with this thread. Should you need more help on this, you can feel free to post back.
Is there any update on this thread? If the issue has been resolved, please mark the helpful replies as answers, this will make answer searching in the forum easier and be beneficial to other community members as well. Thanks for your understanding.
Hi, I am sorry for the delay, I couldn't find a solution. I tried OWA Policy but it only block the "Rules" Button in the web client. I will be glad to know if there is any other way to resolve this with any other policy, maybe Defender?