---
title: "Creating Microsoft 365 Transport Rule to Quarantine Unauthorized Inbound Emails | DMARC Report"
description: "Creating Microsoft 365 Transport Rule to Quarantine Unauthorized Inbound Emails from DMARC Report explains practical steps for email authentication, domain."
image: "https://dmarcreport.com/og/blog/creating-microsoft-365-transport-rule-to-quarantine-unauthorized-inbound-emails.png"
canonical: "https://dmarcreport.com/blog/creating-microsoft-365-transport-rule-to-quarantine-unauthorized-inbound-emails/"
---
Quick Answer
The three core email authentication standards - SPF (RFC 7208), DKIM (RFC 6376), and DMARC (RFC 7489) - work together to verify that an email genuinely originates from the domain it claims to represent. Since February 2024, Google and Yahoo require all three for bulk senders. DMARC Report
Related: [Free DMARC Checker](/tools/dmarc-checker/) ·[How to Create an SPF Record](/tools/spf-record-generator/) ·[SPF Record Format](/blog/spf-format-checker-dos-and-donts-for-email-authentication/)
Share
[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fcreating-microsoft-365-transport-rule-to-quarantine-unauthorized-inbound-emails%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Creating%20Microsoft%20365%20Transport%20Rule%20to%20Quarantine%20Unauthorized%20Inbound%20Emails&url=undefined%2Fblog%2Fcreating-microsoft-365-transport-rule-to-quarantine-unauthorized-inbound-emails%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fcreating-microsoft-365-transport-rule-to-quarantine-unauthorized-inbound-emails%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fcreating-microsoft-365-transport-rule-to-quarantine-unauthorized-inbound-emails%2F&title=Creating%20Microsoft%20365%20Transport%20Rule%20to%20Quarantine%20Unauthorized%20Inbound%20Emails "Share on Reddit") [ ](mailto:?subject=Creating%20Microsoft%20365%20Transport%20Rule%20to%20Quarantine%20Unauthorized%20Inbound%20Emails&body=Check out this article: undefined%2Fblog%2Fcreating-microsoft-365-transport-rule-to-quarantine-unauthorized-inbound-emails%2F "Share via Email")
> The email authentication landscape changed permanently in 2024, says Brad Slavin, General Manager of DuoCircle. Google, Yahoo, and now Microsoft all require DMARC. What used to be a best practice is now a hard prerequisite for reaching inboxes. Organizations that delayed are now paying the price in deliverability.
The three core email authentication standards - SPF ([RFC 7208](https://datatracker.ietf.org/doc/html/rfc7208)), DKIM ([RFC 6376](https://datatracker.ietf.org/doc/html/rfc6376)), and DMARC ([RFC 7489](https://datatracker.ietf.org/doc/html/rfc7489)) - work together to verify that an email genuinely originates from the domain it claims to represent. Since February 2024, Google and Yahoo require all three for bulk senders. DMARC Report
Creating Microsoft 365 Transport Rule to Quarantine Unauthorized Inbound Emails
```
```
/
```
```
RSS Feed
```
Share
Link
Embed
```
/\*! This file is auto-generated \*/ ’ title=“Embed Code” class=“input-embed input-embed-11604” readonly/>
```
```
Domain owners use [DMARC reports](https://dmarcreport.com/blog/how-to-read-dmarc-reports-guide-2026/) to instruct receiving mailboxes to quarantine or reject emails from **unauthorized IP addresses**. _This helps minimize the possibility of victims engaging with potentially [fraudulent emails](https://www.cnbc.com/2024/02/14/gen-ai-financial-scams-are-getting-very-good-at-duping-work-email.html) sent on the pretext of official conversation from your company_.
However, Microsoft works a bit differently!
Microsoft doesn’t \*\*reject emails because it considers the instances of [false positives](https://www.nospamproxy.de/en/what-is-a-false-positive-and-what-is-a-false-negative/). In simpler words, sometimes genuine emails don’t pass [DMARC checks](https://dmarcreport.com/tools/dmarc-checker/) and get marked as suspicious; so if such messages are rejected, genuine conversations will get hampered. Instead, Microsoft places them in [spam folders](https://dmarcreport.com/blog/how-can-dmarc-improve-email-deliverability-and-reduce-phishing-risks/) so that there is still some chance that recipients will check the spam folders and pull such emails out to inboxes.
## How Do You Create Transport Rule to Quarantine Unauthorized Inbound Emails From Internal Domains?
In this scenario, the internal domains in the From **address receive emails**. This practice registers conversations into the [quarantine folders](https://cyberpedia.reasonlabs.com/EN/quarantine%20folder.html) of the desired recipients instead of placing them in primary inboxes. _The check passes when the From field is exactly the same as your domain. The regulation also confirms if the DMARC check has failed for that email to understand what action has to be taken_.
As of 2025, DMARC is mandatory under multiple compliance frameworks. [CISA BOD 18-01](https://www.cisa.gov/news-events/directives/bod-18-01) requires p=reject for US federal domains. [PCI DSS v4.0](https://www.pcisecuritystandards.org/) mandates DMARC for organizations processing payment card data as of March 2025\. Google and Yahoo require DMARC for bulk senders (5,000+ messages/day) since February 2024, and [Microsoft began rejecting](https://learn.microsoft.com/en-us/defender-office-365/email-authentication-dmarc-configure) non-compliant email in May 2025\. The UK [NCSC](https://www.ncsc.gov.uk/collection/email-security-and-anti-spoofing), Australia’s [ASD](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/ism/cyber-security-guidelines/guidelines-email), and Canada’s [CCCS](https://www.cyber.gc.ca/en/guidance/implementation-guidance-email-domain-protection) all mandate DMARC for government domains. Cyber insurers increasingly require DMARC enforcement as an underwriting condition.
It’s highly recommended that this rule be enforced on a small restricted user base before making it a **domain-wide criterion**. In this manner, potential issues during the testing phase will not adversely affect your entire [email infrastructure](https://dmarcreport.com/blog/dmarc-office-365-complete-setup-guide-2026/). It is crucial for all authorized senders to successfully navigate DMARC to prevent legitimate emails from being flagged by mailboxes.
These are the steps you need to follow-
- Login with your credentials to access the Exchange Online admin center .
- Navigate to ‘Mail Flow’ and choose ‘Rules’ from the menu.
- Click the ‘Add’ icon and select ‘Create a New Rule.’
- Modify the ‘Match sender address in the message’ to ‘Header.’
- In the ‘Apply this rule if…’ field, choose the desired condition from the **drop-down menu**. In this case, set the rule for instances where the [DMARC](https://dmarcreport.com/) authentication result is ‘fail,’ and the ‘From’ domain exactly matches your own domain.
- In the ‘Do the following…’ field, select the action as ‘Deliver the message to the **hosted quarantine**.’
- Save the changes by clicking ‘Save.‘
## How Do You Create Transport Rule to Quarantine Unauthorized Inbound Emails From External Domains?
If you receive messages from external domains, we suggest you set a disclaimer, cautioning about potential phishing and [spoofing attempts](https://www.foxnews.com/tech/urgent-paypal-email-scam-afford-ignore). This precaution is all the more important for external domains that don’t pass SPF and [DKIM](https://dmarcreport.com/what-is-dkim/) checks, offering a more nuanced approach than rejecting emails. This is important as improperly configured protocols often result in \*\*failed authentication checks for genuine emails.
Follow these steps:
- Access your [Exchange Online](https://spanning.com/blog/guide-to-exchange-online/) admin center using your login credentials.
- Go to ‘Mail Flow’ and choose ‘Rules.’
- Click the ‘Add’ icon to create a new rule.
- Modify the ‘Match sender address in message’ to ‘Header.’
- In the ‘Apply this rule if…’ field, select the condition from the drop-down menu. For instance, set the rule for cases where the \*\*DMARC authentication result is ‘fail’ and the ‘From’ domain exactly matches your own domain.
- In the ‘Do the following…’ field, choose the action ‘Prepend the disclaimer’ and insert your desired disclaimer.
- _Optionally, add an exception to the rule, such as when the “From” header matches your domain name_.
- Save the changes by clicking ‘Save.‘
## Steps to Make Microsoft 365 Transport Rule to Reject Unauthorized Inbound Emails
- Access your Exchange Online admin center by using your login credentials.
- Navigate to ‘[Mail Flow](https://www.enowsoftware.com/solutions-engine/exchange-center/exchange-monitoring-what-is-mailflow)’ and choose ‘Rules.’
- Click on the ‘Add’ icon, then select ‘+Add a rule.’
- Choose ‘Create a new rule’ from the **drop-down menu**.
- Name your rule.
- Under “Apply this rule if,” select “the message headers include any of these words.”
- Click ‘Enter Text’ and choose ’ Authenticated results .’
- Click ‘Enter words’ and choose your preferred option(s), or select all available options.
- Under ‘Do the following,’ choose ‘**Block the message**.’
- Opt for “Reject the message and include an explanation.”
- _Save the email flow rule and allow some time for it to propagate throughout the internet_.
- You’re finished.
## What Else to Take Care of?
- Start by checking if your domain’s [SPF](https://dmarcreport.com/what-is-spf/) and DKIM records are accurately configured. Please don’t forget that DMARC’s effectiveness relies on these two protocols only.
- We emphasize that you choose to receive [DMARC aggregate and forensic reports](https://dmarcreport.com/blog/why-is-rua-important-for-monitoring-email-authentication-issues/), as they provide valuable insights into \*\*email activity from your domain and aid in the identification of [potential threats](https://cloudsecurityalliance.org/blog/2024/03/05/evolving-email-threats-5-attacks-to-watch-for-in-2024).
- _Start by implementing the ‘none’ policy, as it’s the most relaxing one and helps with monitoring_.
- Gradually move to stricter policies; start with the ‘quarantine’ policy and let it be deployed until you gain the confidence to reject all [unauthorized emails](https://www.jdsupra.com/legalnews/uc-san-diego-health-announces-data-6717727/); this confidence is difficult to come by due to occurrences of **false positives**.
- Don’t underestimate the importance of running your SPF, DKIM, and [DMARC records](https://dmarcreport.com/dmarc-record/) through analyzing tools.
## Sources
- [RFC 7208 - Sender Policy Framework (SPF)](https://datatracker.ietf.org/doc/html/rfc7208)
- [RFC 7489 - Domain-based Message Authentication, Reporting, and Conformance (DMARC)](https://datatracker.ietf.org/doc/html/rfc7489)
## Topics
[ dkim ](/tags/dkim/)[ DMARC ](/tags/dmarc/)[ dmarc record ](/tags/dmarc-record/)[ email security ](/tags/email-security/)[ SPF ](/tags/spf/)
[ Vishal Lamba ](/authors/vishal-lamba/)
Content Specialist
Content Specialist at DMARC Report. Writes vendor-specific email authentication guides and troubleshooting walkthroughs.
[LinkedIn Profile →](https://www.linkedin.com/in/vishal-lamba/)
## Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.
[Start Free Trial](https://app.dmarcreport.com/) [Check Your DMARC Record](/tools/dmarc-checker/)
## Related Articles
[ Foundational 7m 4 sectors that need email authentication the most and why Oct 15, 2024 ](/blog/4-sectors-that-need-email-authentication-the-most-and-why/)[ Foundational 4m 8 Misconceptions About DMARC and its Deployment for Businesses Dec 4, 2023 ](/blog/8-misconceptions-about-dmarc-and-its-deployment-for-businesses/)[ Foundational 8m 9 technologies to protect your emails from cyber actors Dec 10, 2024 ](/blog/9-technologies-to-protect-your-emails-from-cyber-actors/)[ Foundational 14m Add TXT Record on Namecheap (SPF, DKIM & DMARC) - 2026 Mar 5, 2025 ](/blog/add-txt-record-on-namecheap-a-complete-dns-guide/)
```json
{"@context":"https://schema.org","@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]}
```
```json
{"@context":"https://schema.org","@type":"WebSite","name":"DMARC Report","url":"https://dmarcreport.com","description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","publisher":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}}
```
```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Creating Microsoft 365 Transport Rule to Quarantine Unauthorized Inbound Emails","description":"Creating Microsoft 365 Transport Rule to Quarantine Unauthorized Inbound Emails from DMARC Report explains practical steps for email authentication, domain.","url":"https://dmarcreport.com/blog/creating-microsoft-365-transport-rule-to-quarantine-unauthorized-inbound-emails/","datePublished":"2024-03-13T07:11:08.000Z","dateModified":"2026-04-16T15:53:43.000Z","dateCreated":"2024-03-13T07:11:08.000Z","author":{"@type":"Person","@id":"https://dmarcreport.com/authors/vishal-lamba/#person","name":"Vishal Lamba","url":"https://dmarcreport.com/authors/vishal-lamba/","jobTitle":"Content Specialist","description":"Vishal Lamba writes DMARC Report's how-to guides and vendor-specific configuration walkthroughs. His work focuses on step-by-step implementation guides for major email platforms (Google Workspace, Microsoft 365, SendGrid, Mimecast, Proofpoint, Brevo, and others), troubleshooting common SPF and DMARC errors, and translating RFC-level specifications into practical deployment procedures for IT administrators.","image":"https://media.mailhop.org/dmarcreport/images/team/vishal-lamba.jpg","knowsAbout":["SPF Vendor Configuration","Email Platform Integrations","SPF Troubleshooting","Technical Documentation","Step-by-Step Guides"],"worksFor":{"@type":"Organization","name":"DMARC Report","url":"https://dmarcreport.com"},"sameAs":["https://www.linkedin.com/in/vishal-lamba/"]},"publisher":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com","logo":{"@type":"ImageObject","url":"https://dmarcreport.com/images/dmarcreport-logo.png"},"description":"DMARC reporting and email authentication management. Monitor aggregate and forensic DMARC reports, analyze authentication results, and enforce DMARC policies across all your domains.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.wikidata.org/wiki/Q138898167","https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.g2.com/products/dmarc-report/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc","https://www.trustradius.com/products/duocircle/reviews"],"aggregateRating":{"@type":"AggregateRating","ratingValue":"4.8","reviewCount":"470","bestRating":"5","worstRating":"1","url":"https://www.g2.com/products/dmarc-report/reviews"},"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://dmarcreport.com/support/"},"knowsAbout":["DMARC","DMARC Reporting","DMARC Aggregate Reports","DMARC Forensic Reports","Sender Policy Framework","DKIM","Email Authentication","Email Security","DNS Management","Email Deliverability"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://dmarcreport.com/blog/creating-microsoft-365-transport-rule-to-quarantine-unauthorized-inbound-emails/"},"articleSection":"foundational","keywords":"dkim, DMARC, dmarc record, email security, SPF","wordCount":1194,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/dmarcreport/images/2022/04/dmarc-alignment-6379.jpg","caption":"Creating Microsoft 365 Transport Rule to Quarantine Unauthorized Inbound Emails","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}]
```
```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://dmarcreport.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://dmarcreport.com/blog/"},{"@type":"ListItem","position":3,"name":"Foundational","item":"https://dmarcreport.com/foundational/"},{"@type":"ListItem","position":4,"name":"Creating Microsoft 365 Transport Rule to Quarantine Unauthorized Inbound Emails","item":"https://dmarcreport.com/blog/creating-microsoft-365-transport-rule-to-quarantine-unauthorized-inbound-emails/"}]}
```