Threat Detection Policy for Incoming Emails

Configuring a Threat Detection Policy Rule

  1. Click Policy on the left panel of the Infinity Portal.

  2. Click Add a New Policy Rule.

  3. From the Choose SaaS drop-down list, select the SaaS platform you want to set policy for Office 365 Mail or Gmail.

  4. From the Choose Security drop-down list, select Threat Detection and click Next.

  5. Select the desired policy protection mode (Detect, Detect and Remediate or Prevent (Inline)).

    If required, you can change the Rule Name.

    Note - Harmony Email & Collaboration protects Microsoft 365 Groups (a service that works with the Microsoft 365) only when the policy mode is set to Prevent (Inline).

  6. Under Scope, select the users and groups to which the policy is applicable and click Add to Selected.

    • To apply the policy to all users and groups in your organization, select All Users and Groups checkbox.

    • To apply the policy only to specific users or groups, select the users/groups and click Add to Selected.

    • To exclude some of the users or groups from the policy, select the users/groups and click Add to Excluded.

  7. Select the workflows required for the policy.

    Note - If you select Detect and Remediate or Detect mode, you may not see some of these additional configuration options that allows you to customize the end user email notifications.

    For more information on workflows, see Phishing Protection, Malware Protection, Spam Protection, and Password Protected Attachments Protection.

  8. Configure Alerts to send to the administrators, users, and specific email addresses.

    • To send email alerts about phishing and malware, select Send email alert to admin(s) about phishing and Send email alert to admin(s) about malware.

    • To send email alerts to specific emails, select Send Email alert to ... and enter the email address.

    • To stop sending alerts to administrators for block-listed items, clear the Send email notifications to Admin on blocklisted items checkbox.

    • To stop sending alerts to users for block-listed items, clear the Send email notifications to User on blocklisted items checkbox.

    Notes:

    • Even when the alerts are enabled here in the policy, the administrator only receives email alerts for security events when Receive Alerts role is enabled in the Specific Service Role. For more details about managing roles and permissions in the Infinity Portal, refer to Global Settings > Users in Infinity Portal Administration Guide.

    • To customize the email alert templates, click on the gear icon to the right of the alert.

  9. After the policy is configured, click Save and Apply.

    Note - Policies are based on the order of precedence. Make sure your policies are applied in the proper order. You can adjust the policy order from the order column of Policy.