The Defend auto-remediation feature allows you to configure what happens to an email when Defend classifies an email as dangerous or suspicious. Auto-remediation enables Defend to manage threats identified in users’ inboxes automatically.
Dangerous Emails
For emails categorized as Dangerous, Defend prioritizes immediate containment, and therefore, the default option is to move dangerous emails to the Recoverable Purges folder. However, admins can choose to manage dangerous emails according to their organizations requirements with the following options:
- Disabled
- Move to
- _Dangerous Folder
- Junk Folder
- Deleted Items Folder
- Recoverable Deletions Folder
- Recoverable Purges Folder (Default)
- Report to
- Microsoft Set Verdict as Phish
- Microsoft Set Verdict as High Confidence Phish
Suspicious Emails
Suspicious emails are potential threats that may require further investigation before action is taken. By default, Defend will not move or report suspicious emails. However, admins can choose to manage suspicious emails according to their organization’s requirements with the following options:
- Disabled (Default)
- Move to
- _Suspicious Folder
- Junk Folder
- Deleted Items Folder
- Recoverable Deletions Folder
- Recoverable Purges Folder
- Report to
- Microsoft Set Verdict as Phish
- Microsoft Set Verdict as High Confidence Phish
Enabling Auto-Remediation
To configure your auto-remediation options for dangerous and suspicious emails, follow the steps below:
- Log in to the Defend admin console.
- Navigate to Settings > Auto-Remediation.
- Use the drop-down menus to select your desired action for dangerous and suspicious emails.
- Select Save Changes at the top of the page.