Skip to main content

Email Protection

Updated this week

What is it all about?

Overview

Email is still one of the most common entry points for cyberattacks. Built-in security tools from Microsoft 365 or Google Workspace can help, but they aren’t enough to stop today’s more advanced threats.

Guardz Email Protection adds powerful, AI-driven layers of defense on top of your email platform, keeping your business safe from phishing, malware, spoofing, and more.

Available in: Starter, Pro, and Ultimate plans

What it Defends Against?

  • Phishing attacks – prevents users from falling for credential-stealing emails

  • Malware & ransomware – detects and blocks malicious attachments and links

  • Spoofing & impersonation – flags emails from forged or misleading senders

  • Spam – filters out non-malicious but unwanted messages

How does it Work?

Guardz integrates directly with both Microsoft 365 and Google Workspace using secure APIs. Emails are scanned in real time without interrupting the normal flow of communication.

Microsoft 365

  • Scanning via journaling: all incoming emails are sent to Guardz for analysis

  • Outgoing emails and spam-folder items are not scanned

  • Emails are removed from temporary storage after scanning

Google Workspace

  • Event-based scanning: Guardz monitors email activity events and scans messages in real time

  • Emails from the spam folder and outgoing emails are excluded

Key Features of the Service

AI-Powered Email Scanning

  • Classifies emails as legitimate, phishing, malware, or spam

  • Explains each detection with clear reasoning

Easy & Clear Management:

  • Admins manage the findings via ‘Detection & Response’

  • Users can view the detections as Cautioned Emails (with banners) and through the user portal

Granular Security Settings

1. Multiple Scanning Options

  • Email authentication (SPF, DKIM, DMARC)

  • Impersonation detection

  • Spam detection

2. Risk-Based Actions

Risk Level

Default Action

Customizable

High

Quarantine (required)

Medium

Caution or quarantine

Low

Caution or no action

3. Spam Handling

  • Banner + move to spam folder (recommended)

  • Quarantine high-risk spam

  • Caution banner only

Disabling spam detection stops new spam alerts, but phishing/malware protection stays active.

4. Auto-Archiving

Issues related to alert emails, spam, or quarantined content are auto-archived after 14 days.

How to setup the service - StepbyStep

Setting-up the Security Control:

Microsoft:

  1. Log into the customer’s Azure portal

  2. Go to Enterprise Applications

  3. Find and select Guardz Dev

  4. Open Permissions

  5. Click Grant admin consent

Google:

  1. Log into the Google Admin Console

  2. Navigate to Apps > Google Workspace Marketplace apps > Apps list

  3. Select Guardz

  4. Click Grant Access​

Configuration Management

Email protection configurations should be defined at the global level. Admins can override these global settings by specifying them for individual customers.

1. Select the audience:

  • Select the ‘All Customers’ view

  • Go to the ‘Security Controls’ tab and open the ‘Email Security' section

2. Define the ‘Email Scan’ configuration:

  • Enable/disable ‘Impersonation Detection’: this feature flags senders whose aliases resemble company users. It helps prevent impersonation, phishing, and targeted attacks from seemingly trusted sources

  • Enable/disable "End-User Reported Email" to allow users to report suspicious emails directly from their inbox (you may also enable the ‘Send Feedback’ feature. This confirms to the users that their report has accepted)

  • Enable/disable ‘Email Authentication Detection’: this feature verifies incoming emails using SPF, DKIM, and DMARC protocols to protect against spoofing and phishing attacks. Emails failing authentication will be flagged with a warning banner

  • Enable/disable the ‘Spam Detection’ feature to allow Guardz to identify and block unwanted spam messages. If enabled, you may also define the outcome of the detections

3. Define the ‘Caution Banner & Quarantine Settings’:

  • In this section, admins define the desired actions for suspicious emails based on issue severity (high, medium, or low): either stamping the email with a banner or moving it to quarantine

  • Admins may also enable 2 other features:

    • ‘Admin - Only Quarantine’: by enabling this feature, only the admin will be able to release emails from quarantine

    • Microsoft 365 Quarantine Sync: by enabling this feature, emails quarantined by Microsoft services will be synced to the Guardz quarantine view

  • Click on the ‘Save Globally’ button to apply the settings to all customers

4. Optional: Customize the Caution Banner

  • Admins have the ability to customize the banners attached to suspicious emails. You can adjust both design and content:

    • Design: change the header stripe color and the main message background to match your branding or highlight messages

    • Content: edit banner text for Impersonation, Authentication, Spam, and Suspicious Content. Use the built-in editor to adjust fonts, colors, and layout with a real-time preview

    • For Spam and Suspicious Content, you can also add an extra optional message for additional context or instructions

5. Optional: Add Block / Allow Lists

  • Sender Lists: block or allow specific email addresses or entire domains. Internal domains and common providers (e.g., gmail.com) cannot be blocked to avoid disruptions

  • File Type Filtering: block or allow risky file types (e.g., .exe, .js) to reduce malware risk.

  • To add an item to the allow or block lists, click the ‘Plus’ button and enter the required details

Please note:

As mentioned, all settings can be overridden by defining them on a specific customer level (make sure to toggle on the ‘Override Global Settings’ feature)

How to View & Manage Quarantined / Cautioned Emails

Emails are held in the Quarantine Zone for the defined retention period. Users receive email alerts and can manage quarantined items in the user portal. If no action is taken, quarantined messages are deleted after the retention period.

For Admins:

All suspicious emails are displayed to the admin as issues under the Detection and Response section. These issues can be categorized into different types, such as:

  • Alert emails

  • Spam emails

  • Quarantined emails

  • User-reported emails

The admin can review each issue and take appropriate remediation actions.

For End Users:

Cautioned Emails:

  • Caution banners are added to suspicious emails

  • Users can:

    • Mark as Safe: clears the alert

    • Report & Delete: notifies Guardz and removes the message

Quarantined Emails:

  • Users receive a quarantine notification

  • Clicking “Review” opens the user portal

  • The user can choose to:

    • Restore: return it to the inbox

    • Trash: permanently delete it

By default, end users can release emails that were quarantined by Guardz.

However, users won't be able to release the emails that were quarantined by Microsoft (in case that Microsoft sync is enabled).

Related Articles
Your Guide to the User Portal
Microsoft Integrations
Improvements (Release Notes October 2023)
Mail delivery issues due to multiple email protection solutions
Enhanced Spam Management for Email Security Module (Release Notes August 2024)
Did this answer your question?