Onboarding Next Steps

Learning Mode

After activating Office 365 Mail or Gmail, Harmony Email & Collaboration performs several calibration processes for the Anti-Phishing engine.

The processes include:

  • Scanning 13 months of email metadata (sender, recipient, subject, time) in users’ mailboxes to determine the communication patterns.

  • Automatic identification of MTAs placed before Microsoft or Google. It could affect SPF checks and other aspects of detection.

While these processes are running, Harmony Email & Collaboration will be in Learning Mode. You can see a banner at the top of the dashboard. Also you can see the progress of the Learning Mode in Overview tab.

Note - To complete these processes, it takes a couple of minutes to 48 hours, depending on the number of protected mailboxes and the volume of their emails.

In Learning Mode, no email will be flagged as phishing or spam. All Anti-Phishing scans return Phishing Status as Clean and the Detection Reason as Learning Mode.

All other security engines work as usual in the Learning Mode and flag the malware, DLP, Shadow IT, and anomalies.

Harmony Email & Collaboration automatically exits Learning Mode after the calibration processes are complete.

Note - If a Prevent (Inline) policy rule is added, Learning Mode automatically stops.

While in Learning Mode, and at times for a while after it is completed, Anti-Phishing engine automatically adjusts these parameters to fine tune the detection accuracy:

  • Upstream MTAs - In Learning Mode, Harmony Email & Collaboration automatically detects and adds MTAs to the list. It does not delete MTAs added manually by administrators. See Upstream Message Transfer Agents (MTAs).

  • Phishing Confidence Level (Threshold)

    Note - If administrators configured the phishing confidence level to a value different from the default value, Harmony Email & Collaboration does not change this value.

Live Scanning

After activating the SaaS application, Harmony Email & Collaboration starts scanning all the files and emails for any threats in real-time.

The Overview page shows the security events found, if any. At the bottom of the overview screen, you can see the status of active scans of your SaaS applications. Depending on the amount of data, this stage may take time.

Note - The number of active users may exceed the number of licensed users in the SaaS and does not necessarily reflect the number of Harmony Email & Collaboration licenses required.

Click Active users to review the list of users. This opens a query in the Custom Queries under Analytics tab.

For example, in Office 365, Shared Mailboxes do not require a separate license in Harmony Email & Collaboration but are counted as active users.

Note - By default, after activating a SaaS application, policy gets created for threats (phishing and malware). For DLP, there is no default policy.