Enforcement Flow
The Enforcement Flow shows the enforcement action taken by Microsoft and Avanan on an email. You can view the Enforcement Flow for an email in the Security Stack section of the email profile page.
The Enforcement Flow does not include manual actions taken on the email.
Depending on the Protection mode selected in the threat detection policy, the Enforcement Flow would be different.
-
Example of an email inspected by a policy in Prevent (Inline) protection mode.
Microsoft finds the email Clean and intends to deliver it to the user's mailbox; Avanan scans the email, finds it Malicious, and quarantines it before it gets to the user's mailbox since it's inspected by a Prevent (Inline) policy.
-
Microsoft finds the email Clean and intends to deliver it to the user's mailbox. Enforcement: Deliver to Inbox.
-
Avanan scans the email and finds it malicious. Avanan quarantines the email before it gets delivered to the user's mailbox and quarantines it. Enforcement: Quarantine.
-
-
Example of an email inspected by a policy in Detect & Remediate protection mode.
-
Microsoft finds the email Clean and delivers it to the user's mailbox. Enforcement: Deliver to Inbox.
-
Avanan scans the email and finds it malicious. Avanan pulls the email from the user's mailbox and quarantines it. Enforcement: Quarantine.
-
-
Example of an email inspected by a policy in Detect protection mode.
-
Microsoft finds the email Clean and delivers it to the user's mailbox. Enforcement: Deliver to Inbox.
-
Avanan only scans the email and does not perform any enforcement as the policy protection is in Detect mode. Enforcement: Deliver to Inbox (Monitoring).
-
-
When Avanan is configured to automatically restore emails quarantined by Microsoft 365 for being High Confidence Phishing, and if Avanan classifies them as Clean.
-
Microsoft finds the email High Confidence Phishing and quarantines it.
-
Avanan scans the email and finds it clean. Avanan restores the email to the user's inbox.
For information about how to configure Avanan to automatically restore emails quarantined by Microsoft 365 for being High Confidence Phishing, see Overriding Microsoft's False Positive Detections.
-