This article serves as a guide on how to create a mail flow rule or setup password reset email redirection in Microsoft 365/Exchange Online.
What is mail redirection? To prevent unauthorized password change, we implement ‘mail redirection’ which re-routes password reset emails to the password administrator in your firm. For more details, visit the Mail Redirection article.
Prerequisites:
- Microsoft 365 Global Administrator Account
Create Mail Redirection Rule
1. Login to Microsoft 365 Admin Portal
2. On the Admin Centers, click on Exchange
3. On the left navigation pane, go to Mail Flow then select Rules.
4. Click Add a rule then Create a new rule
6. Fill in the requires fields accordingly. Under the Name field, type Practice Protect Reset Email Redirection
8. Under Apply this rule if, Select The sender and domain is. This should prompt you to add domain. If not, just click on the pencil icon.
9. On the specify domain page, enter the application’s domain and click Add. Repeat this step for adding multiple domains.
10. Once finished, click Save.
11. To add condition, click on the plus sign (+) next to the “domain is”
12. On the drop-down list, select The subject or body and subject includes any of these words. This should prompt you to add subject. If not, just click on the pencil icon
13. On the specify words or phrases page, fill in the password reset subject lines and click Add. Repeat this step for adding multiple subjects and hit Save to apply.
Note: If you want to add a generic subject line add these lines “Password”, “Password Expiry”, “Reset”, “Password Recovery” or “Password Reset”.
14. Check the list of the common email subject lines & domains, click Common Apps Password Reset & Redirect Info.
15. Under Do the following, Select Redirect the message to and these recipients
16. On the Select Member page, select the email address of the nominated password admin in the firm and hit Save.
Note: If this is a setup that is required during onboarding, add Practice Protect email (onboardingsetup@practiceprotect.com) instead.
17. Click Next to continue on the next section.
18. On the Set Rule Settings, set the Rule mode to enforce and leave the other settings by default. Click Next.
19. Review and click Finish. Rule should now created. By default it is set to Disabled
To Enable Mail Flow Rule
1. On the list of rules, click the Rule (ex. Practice Protect Password Reset Redirection) you wish to enable.
2. Switch on the toggle. Wait for confirmation and close the settings
3. Rule is now Enabled.
Note: After onboarding, ensure to remove the recipient Practice Protect email (onboardingsetup@practiceprotect.com) and replace it with the nominated password admins.
For more information, visit these pages on how to update an existing rule or exclude a user on the rule