In order for Prevent to provide the most value, a baseline dataset and an understanding of email relationships are required. This data is acquired through ingestion.

Important notes about ingestion:

• Prevent ingests 12 months of metadata, if available
• Ingestion is only possible for organizations using Microsoft Exchange Online
• For shared mailbox support, ingestion is required to ensure users receive real-time Prevent advice when sending from a shared mailbox or on behalf of another user

The mandatory fields for the ingestion are:

• Time - DateTime, UTC
• Sender - String, sender's SMTP address
• From - String, From: SMTP address if different from the sender
• MessageID - String, Internet Message-ID header value
• Recipients - list of recipients' addresses, as either a string or semicolon-separated string
• Subject line
• Attachment names