We use Office 365 beginning in Grade 3 - so having control of mail flow is very important to us. My rule to block inbound email for students is breaking SkyDrive Pro's sharing notifications. Here is the rule (our custom attributes specify school and grade level)
Disable Inbound email for Students
If the message...recipient's specified properties contain these words: 'CustomAttribute4:Student' or 'Title:Student'and recipient's specified properties matches these text patterns: 'CustomAttribute3:ACS'and Is received from 'Outside the organization'Do the following...Set audit severity level to 'Low'and Delete the message without notifying the recipient or senderand Send the incident report to pmcleod@myacs.org, include these message properties in the report: sender, recipients, subject, cc'd recipients, bcc'd recipients, matching rules, matching content, original mailExcept if...recipient's specified properties contain these words: 'CustomAttribute1:8' [note: 8th grade only]or sender's address domain portion belongs to any of these domains: 'acs.abpk12.org' or 'abpk12.org' or 'myacs.org' or 'barnstead.k12.nh.us' or 'pmhschool.com' or 'prezi.com' or 'edline.net' or 'sau72.org' or 'alton.k12.nh.us'Rule commentsRule modeEnforceAdditional propertiesSender address matches: HeaderVersion: 15.0.5.3
Here is the incident report I received - the file was shared from one student to another:
This email was automatically generated by the Generate Incident Report action.
Message Id: <CH1YL1SMTP003o6j3ws0005f5de@CH1YL1SMTP003.YLO001.MSOPRD.MSFT.NET>
Sender: no-reply@sharepointonline.com
Subject: xxxxxx@myacs.org has shared 'summer'
To: xxxxxx@myacs.org
Rule Hit: Disable Inbound email for Students, Action: AuditSeverityLevel, DeleteMessage, GenerateIncidentReport
I'm surprised that internal/process emails like this would be blocked, or would be considered "external". Is there a list somewhere of exceptions that we need to make to these rules in order to ensure that Office 365 functions as expected?