Defend | Post-Delivery Feature Analysis

Defend uses AI to detect and prevent the full spectrum of advanced phishing attacks. Leveraging machine learning, natural language processing, and natural language understanding, Defend detects the attacks that get through native security and Secure Email Gateways, including business email compromise.

The following features are available with Defend post-delivery.

Advanced Phishing Detection

Defend features deliver inbound email protection using self-learning techniques, behavioral intelligence, language processing engines, and automation. Every aspect of an inbound email is analyzed in unison, enhancing detection efficacy. All controls are applied cross-platform, providing protection for any device or interface.

Monitoring Mode

Monitoring mode can be enabled during deployment and allows all user-facing features to be disabled while Defend remains active and analyzes emails. Monitoring mode exceptions can be put in place to allow you to test Defend’s features with a small subset of users before rolling out Defend to your whole organization.

Tags

Tags are a core part of the Defend service. Visual email tags categorize incoming emails with colorful indicators, giving users instant context about their emails while building security awareness. Tags also allow users to filter emails based on the tag Defend has added to the email. The threat notification tag can be configured to apply to dangerous and suspicious emails.

Threat Notification

The threat notification feature enables admins to convert security incidents into educational opportunities by removing dangerous emails from users' inboxes and replacing them with a clear explanation of why they were removed. This feature helps users understand and recognize threats.

Auto-Remediation

Auto-remediation enables Defend to manage threats identified in users’ inboxes automatically. You can configure how Defend handles emails categorized as Dangerous and Suspicious individually to give you granular control.

Dangerous Emails

For emails categorized as Dangerous , Defend prioritizes immediate containment, and therefore, the default option is to move dangerous emails to the Recoverable Purges folder. However, admins can choose to manage dangerous emails according to their organizations requirements with the following options:

• Disabled
• Move to
  • _Dangerous Folder
  • Junk Folder
  • Deleted Items Folder
  • Recoverable Deletions Folder
  • Recoverable Purges Folder (Default)
• Report to
  • Microsoft Set Verdict as Phish
  • Microsoft Set Verdict as High Confidence Phish

Suspicious Emails

Suspicious emails are potential threats that may require further investigation before action is taken. By default, Defend will not move or report suspicious emails. However, admins can choose to manage suspicious emails according to their organization’s requirements with the following options:

• Disabled (Default)
• Move to
  • _Suspicious Folder
  • Junk Folder
  • Deleted Items Folder
  • Recoverable Deletions Folder
  • Recoverable Purges Folder
• Report to
  • Microsoft Set Verdict as Phish
  • Microsoft Set Verdict as High Confidence Phish

Email Productivity

Email productivity helps reduce inbox clutter by automatically managing graymail and spam. When enabled, emails categorized as graymail or spam are moved to separate folders, removing noise and distractions for users. Visual email tags also provide colorful indicators directly in the inbox, allowing users to identify and categorize graymail and spam emails quickly.