May 09 2023 10:26 AM
Hello All,
My first post on the forum so forgive me if this has been discussed before.
I am working on an exchange tansport rule that would quarantine any email that includes the url "https://www.google.com/url?hl=en-GB&q=https://exampledomain.com/exablesubfolder/xys" Ideally the rule would block any email that includes just the google redirect url but I seem to be struggling a bit with this. My current powershell script is as follows:
New-TransportRule -Name "Quarantine if Known Good Redirect URLv2" -SubjectOrBodyContainsWords '^https://www.google.com/url?hl=en-GB&q=' -Quarantine $True
I've included the carrot per the instructions found in this doc. Any guidance would be appreciated!
May 09 2023 11:21 PM
May 18 2023 12:56 AM
May 18 2023 03:08 AM - edited May 18 2023 03:12 AM
For the pattern, for starters the exempted sender's address [Community auto-redact] is probably a good idea.
Update: hoping no-one will have problems decoding this:
googlealerts<hyphen>noreply<at>google<period>com
May 24 2023 11:38 AM
Hi @Cole_ALbury
you can use Microsoft Defender to do the same
navigate to https://security.microsoft.com
From Policies and rules/threat policies/ tenant allow-block list click block to add url.
this will quarantine any mail that contain the link you enterd
If I have answered your question, please mark your post as Solved If you like my response, please give it a Like Appreciate your Kudos! Proud to contribute! 🙂 |