Office 365 FOPE and Credit Card Rules


Whilst working with a customer here in the UK on their O365 project, they asked about using Forefront Online Protection for Exchange (FOPE) (the version that comes with O365) how to setup rules to block credit cards details. There are various rues you can configure, Basic or RegEx, more details can be found here.

We setup up the following rules also using this site:-

The credit card format is like this 1234-1234-1234-1234, so we set up rues to cover various scenarios, such as:-

Credit Card Format




1234 1234 1234 1234




The top 2 rules for example can be added into a single rule, as shown below and in the screenshot


To configure and create new rules, follow the steps below:-

1. Login to FOPE admin center - (also as a side note, this is the site to access quarantine messages -, but also note that global admins can’t manage quarantine by default -


2. Select Administration

3. Policy Rules

4. New Policy Rule, on the right hand side under Tasks

5. Then configure the rule accordingly, so in this example we using body to match the rule


Since we are in the UK we are not worried about social security numbers, but we did add in American Express (Amex) formats too, as show below:-

Credit Card Format


1234 123456 12345






Written by Daniel Kenyon-Smith