Threat Detection Policy
Threat Detection policy rules are designed to prevent malicious emails (phishing, spam, malware etc.) from getting to your end-users mailbox or alternatively prevent them from being sent by your end-users to external parties.
Detect and Remediate mode and Prevent (Inline) mode offers three separate workflows to manage malware and phishing attacks. In Detect and Remediate mode the workflow scans the emails after delivery of email to the user and in Prevent (Inline) mode, the workflow scans the emails prior to delivery to the user.
In this chapter:
-
Threat Detection Policy Workflows
Sync Times with Microsoft
-
If you change the policy protection mode from Monitor Only or Detect and Remediate mode to Prevent (Inline) mode, it takes time to start protecting in Prevent (Inline) mode. It could take up to an hour, depending on the number of protected users in the Harmony Email & Collaboration account.
-
When adding a user to the scope of a Prevent (inline) policy that is not set to All Users and Groups, it may take up to 1 hour for emails from this user to be inspected inline.
-
When a new user is added to Microsoft 365, administrators can include them in the policy scope within 10 minutes or it might take up to 24 hours.
Email Security Mode Comparison
|
Policy |
Category |
Setting |
Policy Protection Mode |
|
|---|---|---|---|---|
|
Prevent (Inline) |
Detect and Remediate | |||
| Threat Detection
|
Scan Behavior | Pre-Delivery Protection | Supported | Not Supported |
| Post-Delivery Protection | Supported | Supported | ||
| Phishing | Phishing Workflow | All workflows are supported | All workflows except "Email is allowed. Header is added to the email" are supported | |
|
Attachment Workflow
|
Malware Attachment Workflow |
All workflows are supported |
All workflows except "Email is allowed. Header is added to the email" are supported |
|
|
Password-Protected Attachments |
Supported |
Supported |
||
|
Attachment Cleaning (Threat Extraction) |
Supported |
Not Supported |
||
|
Spam
|
Spam Workflow |
All workflows are supported |
All workflows except "Email is allowed. Header is added to the email" are supported |
|
|
Allow Users to Trust Spam Senders |
Supported |
Supported |
||
|
Deliver Graymail Emails to Promotions folder |
Supported |
Not Supported |
||
|
Clean Emails |
Deliver Clean Emails With Smart Banners |
Supported |
Not Supported |
|
|
Advanced Options
|
Protect Outgoing Traffic |
Supported |
Not Supported |
|
|
Protect Internal Traffic |
Supported |
Not Supported |
||
|
Excluded IPs in Mail Flow Rule |
Supported |
Not Supported |
||
|
DLP |
- |
- |
Supported |
N/A |
|
Click-Time Protection |
- |
- |
Supported |
Not Supported |