Threat Detection Policy
Threat Detection policy rules are designed to prevent malicious emails (phishing, spam, malware etc.) from getting to your end-users mailbox or alternatively prevent them from being sent by your end-users to external parties.
Detect and Remediate mode and Prevent (Inline) mode offers three separate workflows to manage malware and phishing attacks. In Detect and Remediate mode the workflow scans the emails after delivery of email to the user and in Prevent (Inline) mode, the workflow scans the emails prior to delivery to the user.
In this chapter:
-
Threat Detection Policy Workflows
Sync Times with Microsoft
-
If you change the policy protection mode from Monitor Only or Detect and Remediate mode to Prevent (Inline) mode, it takes time to start protecting in Prevent (Inline) mode. It could take up to an hour, depending on the number of protected users in the Harmony Email & Collaboration account.
-
When adding a user to the scope of a Prevent (inline) policy that is not set to All Users and Groups, it may take up to 1 hour for emails from this user to be inspected inline.
-
When a new user is added to Microsoft 365, administrators can include them in the policy scope within 10 minutes or it might take up to 24 hours.