Threat Detection Policy

Threat Detection policy rules are designed to prevent malicious emails (phishing, spam, malware etc.) from getting to your end-users mailbox or alternatively prevent them from being sent by your end-users to external parties.

Detect and Remediate mode and Prevent (Inline) mode offers three separate workflows to manage malware and phishing attacks. In Detect and Remediate mode the workflow scans the emails after delivery of email to the user and in Prevent (Inline) mode, the workflow scans the emails prior to delivery to the user.

In this chapter:

Sync Times with Microsoft

  • If you change the policy protection mode from Monitor Only or Detect and Remediate mode to Prevent (Inline) mode, it takes time to start protecting in Prevent (Inline) mode. It could take up to an hour, depending on the number of protected users in the Harmony Email & Collaboration account.

  • When adding a user to the scope of a Prevent (inline) policy that is not set to All Users and Groups, it may take up to 1 hour for emails from this user to be inspected inline.

  • When a new user is added to Microsoft 365, administrators can include them in the policy scope within 10 minutes or it might take up to 24 hours.

Email Security Mode Comparison

 

Policy

 

Category

 

Setting

 

Policy Protection Mode

Prevent (Inline)

Detect and Remediate
Threat Detection

 

 

 

 

 

 

 

 

 

 

Scan Behavior Pre-Delivery Protection Supported Not Supported
Post-Delivery Protection Supported Supported
Phishing Phishing Workflow All workflows are supported All workflows except "Email is allowed. Header is added to the email" are supported

Attachment Workflow

 

 

Malware Attachment Workflow

All workflows are supported

All workflows except "Email is allowed. Header is added to the email" are supported

Password-Protected Attachments

Supported

Supported

Attachment Cleaning (Threat Extraction)

Supported

Not Supported

Spam

 

 

Spam Workflow

All workflows are supported

All workflows except "Email is allowed. Header is added to the email" are supported

Allow Users to Trust Spam Senders

Supported

Supported

Deliver Graymail Emails to Promotions folder

Supported

Not Supported

Clean Emails

Deliver Clean Emails With Smart Banners

Supported

Not Supported

Advanced Options

 

 

Protect Outgoing Traffic

Supported

Not Supported

Protect Internal Traffic

Supported

Not Supported

Excluded IPs in Mail Flow Rule

Supported

Not Supported

DLP

-

-

Supported

N/A

Click-Time Protection

-

-

Supported

Not Supported