End-User Daily Quarantine Report (Digest)

Daily Quarantine Report (Digest) allows you to send a email report daily to end-users about quarantined and junk/spam emails. The end-users get detailed report that has information about the emails sent to them and quarantined in the last 24 hours.

Global and targeted attacks can generate multiple phishing emails per day, and each one results in a quarantine notification email from Email Security based on the policy defined by the administrator. When the administrator activates the Daily Quarantine Report (Digest), the user receives a single, aggregated email report per day for the quarantined emails.

The report includes:

  • Quarantined emails - Emails quarantined by Check Point and Microsoft based on the policy workflows. Each quarantined email has an associated user action:

    • Request to release – Sends a notification to the admin to release the email. After the administrator approves, the email gets delivered to the inbox. For more details, see Managing Restore Requests.

    • Release – Delivers the email to the inbox immediately.

  • Junk emails (Optional) - Emails that were identified as junk/spam by the Anti-Phishing engine, Office 365 (Spam Confidence Level (SCL) >= 5) or Google. By default, these emails are sent to the Junk folder. Users can find any misclassified emails and move them to their inboxes, if required.

  • Link to generate quarantine report on demand (Optional) - Adds a link at the bottom of the Daily Quarantine Report (Digest) email. The end users can click this link to generate a new quarantine report for the last 24 hours.

Notes:

  • The report does not include quarantined emails that do not allow user action.

  • If there are no events that happened in the last 24 hours, the user will not receive the Daily Quarantine Report (Digest) email.

Configuring Daily Quarantine Report (Digest)

00:05: This tutorial demonstrates, how to configure the daily quarantine report digest

00:09: for end-users and explains the end user experience when the administrator

00:14: configures to send an email report for quarantined junk and spam

00:18: emails from the past 24 hours.

00:21: Log in to the Check Point Portal and access the Email Security Administration Portal.

00:26: From the left navigation panel, go to security settings and in the user

00:30: interaction section, click quarantine

00:34: You can send a daily quarantine report to end users to do that.

00:38: Go to the end user, quarantine report digest section and enable

00:42: the send daily quarantine report to end users toggle button.

00:46: To configure the required Time and Time Zone to send the daily quarantine report,

00:50: go to the scheduling section and select the desired options to

00:55: send the report multiple times a day. Click plus add more if required.

00:59: You can configure the report to be sent every hour up to 24

01:03: times per day

01:05: You can select the users to send the daily quarantine report to do that.

01:09: Go to the recipient section and select the required options to

01:13: send the report to all Office 365 and Google users in your organization

01:17: select all Office 365 and Google users.

01:38: To stop sending alerts for individual quarantined emails for Office 365

01:43: users, select the Office 365 users.

01:46: Stop alerts on individual. Quarantined emails recommended To

01:51: stop. Sending alerts for individual. Quarantined emails for Google users,

01:55: select the Google users.

01:57: Stop alerts on individual. Quarantined emails.

02:00: Recommended

02:02: You can configure the required sender. Email address for the daily quarantine

02:06: report to do that. Go to the sender section and select the required

02:10: options.

02:12: To configure the daily quarantine report content.

02:14: For end users, go to the content section and select the desired options

02:19: to include spam emails sent to the junk folder in the report.

02:22: Select the include spam emails that are sent to the junk folder checkbox.

02:27: To allow and users to generate a new quarantine report.

02:30: For the last 24 hours, select the allow end users to generate

02:35: a quarantine report on demand checkbox.

02:38: You can customize the subject and the body of the daily quarantine report email

02:42: as required in the email subject and body section.

02:57: To specify the actions end users can perform on emails, quarantined

03:01: by Microsoft select the supported actions in the end user permitted

03:05: action section.

03:07: To include block listed emails in the daily.

03:09: Quarantine report select the include block listed emails checkbox

03:13: in the block listed emails section.

03:16: Click save and apply.

03:18: When the administrator configures, the daily quarantine report for end users,

03:22: they receive a detailed report containing information about emails sent

03:26: to them and quarantined as junk or spam in the last 24 hours.

03:31: To generate a new quarantine report of the last 24 hours, the end

03:35: user must scroll down to the end of the report and click the link provided in

03:39: the email.

03:47: Email Security will send a verification code to your email. Copy the code from the

03:52: email notification.

03:54: Enter the code and click submit to authenticate once authenticated,

03:58: Harmony email and collaboration stores a cookie in your browser, which

04:03: remains valid for 30 days, or until deleted whichever occurs

04:07: earlier, during this period, you won't need to authenticate again, when using

04:11: the same browser,

04:13: The system displays the request confirmation message and the end user

04:17: receives a new report for the last 24 hours.

  1. Click Security Settings > User Interaction > Quarantine.

  2. In the End User Quarantine Report (Digest) section, select Send daily quarantine report to end users toggle button.

  3. In the Scheduling, select the time and time zone to send the report.

    • In the Daily at section, select a specific time of the day to send the report.

      • To send the report multiple times a day, click + Add More and select the required time.

      • If required, you can configure the report to be sent every hour, up to 24 times per day.

    • In the Time zone section, select the required time zone.

  4. In the Recipients section, select the users to send the daily quarantine report.

    • To send the report to all Office 365 and Google users in your organization, select All Office 365 and Google Users.

    • To send the report to all Google users in your organization and specific Office 365 users or groups, select All Google users and specific Office 365 Users or Groups.

      1. In the Specific Users and Groups section, select the required users or groups.

      2. Click Add to Selected.

        Note - Users who receive the daily quarantine report will no longer get notifications about individual phishing attacks, even if the policy is configured to send them.

  5. In the Sender section, configure the required sender email address for the daily quarantine digest.

    • Friendly-From name

      • If no friendly-from name is required, select None.

        Note - Some email clients duplicate the sending address to the Friendly-from name.

      • To use a customized name, select Custom and enter the sender name.

    • From address

      • To use the default email address, select Default. The default email address is no-reply@checkpoint.com.

      • To use a custom email address, select Custom and enter the email address.

        		•

        Notes:

        • If you use the default sender or any email address under your domain, you must add the Check Point statement to the custom domain's DNS to prevent SPF and DMARC failures.

          include:spfa.cpmails.com

        • The custom domain must be one of the protected domains in your Check Point Portal tenant.

    • Reply-to address

      • To use From address as the Reply-to address, select Same as From address.

      • To use a custom email address, select Custom and enter the email address.

  6. In the Content section, configure the content for daily quarantine report to end users:

    • To include spam emails sent to the Junk folder in the report, select the Include spam emails that are sent to the Junk folder checkbox.

    • To allow end users to include a preview link next to each quarantined email, select the Include a Preview link next to each quarantined email checkbox.

    • To allow end users to generate a new quarantine report for the last 24 hours, select the Allow end users to generate a quarantine report on demand checkbox.

      This option adds a link at the bottom of the End User Quarantine Report (Digest) email, enabling end users to generate a new quarantine report for the last 24 hours.

  7. In the Email subject and body section, configure the subject and the body of the daily quarantine digest email.

    • In the Subject field, enter the email subject for the daily quarantine digest email notification.

    • In the Body field, enter the required information in the email notification.

      1. Place the cursor where you want to add the link.

      2. Click the icon.

        or

        Right-click and select Link.

      3. In the URL field, enter the URL.

      4. In the Text to display field, enter the text that should appear for the link.

      5. If required, enter a Title for the link.

      6. In the Open link in list, select Current window or New window.

      7. Click Save.

  8. To select the actions end users can perform on Microsoft quarantined items in the daily quarantine report:

    1. Go to End User Permissions.

    2. In the Emails quarantined by Microsoft section, select Show emails quarantined by Microsoft checkbox.

    3. In the End-user permitted actions section, you can specify the actions end users can perform on emails quarantined by Microsoft for the following threats:

      • Malware

      • High Confidence Phishing

      • Phishing

      • High Confidence Spam

      • Spam

      • Bulk

      • Data Loss Prevention

      • Transport Rule

    4. Select the supported actions for each type of threat:

      • Can restore on their own

      • Cannot restore

      • Can request a restore (admin needs to approve)

    5. To include blocklisted emails in the daily quarantine report, select the Include block-listed emails checkbox in the Block Listed Emails section.

      Note - Emails quarantined due to a blocklist appear in the daily quarantine report and the End User Portal, where end users can take action on them like non-blocklisted emails.

  9. Click Save and Apply.

To manage end user authentication on web browser, seeAuthentication for Email Notifications.