# Forward phishing emails from Outlook on the web

In this article, you create an inbox rule in Outlook on the web that forwards messages from a single mailbox to Radiant Security based on conditions you define. Inbox rules let you forward a subset of messages (e.g, reports from a specific group of users or messages matching a subject pattern) without changing tenant-wide forwarding policy.

### Prerequisites

Before you create the inbox rule, confirm the following:

* [ ] You have completed the steps in the [phishing email forwarding overview](/radiant-connectors/connectors-and-data-ingestion/phishing-email-forwarding-overview.md), including enabling your monitored domains.
* [ ] You have access to the mailbox that receives phishing reports from end users (for example, `phishing@example.com`).
* [ ] You can sign in to Outlook on the web as the owner of that mailbox or with delegated access that allows rule management.

### Create the conditional forwarding rule

{% stepper %}
{% step %}

#### Open the rule manager

Sign in to Outlook on the web as the owner of the mailbox that receives phishing reports. Click **Rules > Manage Rules** to open the rule manager.

<figure><img src="/files/ykH3mM4m2fsHiwXBq6px" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}

#### Add a new rule

Click **+ Add new rule**.

<figure><img src="/files/S0klRJlfLDTLjOqf8c9F" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}

#### Configure the rule name, condition, and action

Set the following:

* **Name:** `Forward to Radiant Security`
* **Condition:** From the **Add a condition** dropdown, select the condition that matches the messages you want to forward. The example below uses **From** to match messages from specific senders.
* **Action:** From the **Add an action** dropdown, select **Redirect**, then enter `alerts@report.radiantsecurity.ai`.

{% hint style="info" %}
**Note:** **From** is one of several conditions available. Choose the condition that best matches the messages you need to forward (e.g., **Subject includes** for messages with a specific phishing report tag, or **To** for messages sent to a particular alias). Adding multiple conditions combines them with AND.
{% endhint %}
{% endstep %}

{% step %}

#### Stop processing more rules

Select the **Stop processing more rules** checkbox. This prevents other rules from acting on a message after it has been redirected to Radiant.

{% hint style="warning" %}
**Important note:** Outlook processes inbox rules top to bottom and applies the first matching rule. If you have other rules that should run before the forwarding rule, move them higher in the rule list and leave **Stop processing more rules** disabled on those rules.
{% endhint %}
{% endstep %}

{% step %}

#### Save the rule

Click **Save** to create the rule.
{% endstep %}
{% endstepper %}

### Verify the integration

After you save the rule, confirm reports are reaching Radiant:

1. Send a message to the mailbox where you created the rule. The message must match the condition you set (e.g., if you used **From**, send the test message from one of the listed sender addresses).
2. Sign in to [Radiant Security](https://app.radiantsecurity.ai/) and check the **Alerts** and **Cases** tabs for the triaged report.

If the report does not appear, confirm the following:

* The rule's condition matches the test message you sent.
* The redirect action is set to exactly `alerts@report.radiantsecurity.ai`.
* The forwarding rule is positioned above any other rule that might process the message first.
* The mailbox owner's domain is enabled in [Radiant's Monitored Domains](https://app.radiantsecurity.ai/settings/organization/phishing-configuration) tab.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/connectors-and-data-ingestion/phishing-email-forwarding-overview/forward-phishing-emails-from-outlook-on-the-web.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.