Overview
Email is still one of the most common entry points for cyberattacks. Built-in security tools from Microsoft 365 or Google Workspace can help, but they aren’t enough to stop today’s more advanced threats.
Guardz Email Protection adds powerful, AI-driven layers of defense on top of your email platform, keeping your business safe from phishing, malware, spoofing, and more.
Available in: Starter, Pro, and Ultimate plans
What It Protects Against
Phishing attacks – Prevents users from falling for credential-stealing emails
Malware & ransomware – Detects and blocks malicious attachments and links
Spoofing & impersonation – Flags emails from forged or misleading senders
Spam – Filters out non-malicious but unwanted messages
AI-powered threat detection – Uses machine learning to identify threats with high accuracy
How It Works
Seamless Integration
Guardz integrates directly with both Microsoft 365 and Google Workspace using secure APIs. Emails are scanned in real time without interrupting the normal flow of communication.
Email Scanning Methods
Microsoft 365
Scanning via journaling: All incoming emails are sent to Guardz for analysis.
Outgoing emails and spam-folder items are not scanned.
Emails are removed from temporary storage after scanning.
Admin setup required:
Log into the customer’s Azure portal
Go to Enterprise Applications
Find and select Guardz Dev
Open Permissions
Click Grant admin consent
Google Workspace
Event-based scanning: Guardz monitors email activity events and scans messages in real time.
Emails from the spam folder and outgoing emails are excluded.
Admin setup required:
Log into the Google Admin Console
Navigate to Apps > Google Workspace Marketplace apps > Apps list
Select Guardz
Click Grant Access
Key Features
AI-Powered Email Scanning
Classifies emails as legitimate, phishing, malware, or spam
Explains each detection with clear categories and reasoning
Visibility for:
Admins via Detection & Response
Users via Caution Banners, Quarantine Emails, and the User Portal
Granular Security Settings
Available under Security Controls > Email Protection:
1. Scanning Options
Email authentication (SPF, DKIM, DMARC)
Impersonation detection
Spam detection
2. Risk-Based Actions
Risk Level | Default Action | Customizable |
High | Quarantine (required) | ❌ |
Medium | Caution or quarantine | ✅ |
Low | Caution or no action | ✅ |
3. Spam Handling
Banner + move to spam folder (recommended)
Quarantine high-risk spam
Caution banner only
Disabling spam detection stops new spam alerts, but phishing/malware protection stays active.
4. Auto-Archiving
Issues related to alert emails, spam, or quarantined content are auto-archived after 14 days.
Email Remediation & Actions
Caution Banners
Added to suspicious emails
Users can:
Mark as Safe – Clears the alert
Report & Delete – Notifies Guardz and removes the message
Quarantine Handling
Emails are held in the Quarantine Zone for the defined retention period
Users receive email alerts and can manage quarantined items in the User Portal
If no action is taken, quarantined messages are deleted after the retention period
Managing Security Policies
Found in Security Controls > Email Protection > Caution Banner & Quarantine Settings
Define separate actions for High, Medium, and Low risk
Optional: Enable Admin-Only Quarantine
Only admins can restore, release, or delete quarantined messages
MSPs can apply global email security policies, with per-customer overrides as needed.
Self-Service via the User Portal
When an email is quarantined:
The user receives a quarantine notification
Clicking “Review” opens the User Portal
The user can choose to:
Restore – Return it to the inbox
Trash – Permanently delete it
Block & Allow Lists
Sender Lists
Admins can block or allow:
Specific email addresses
Full domains
Note: You can’t block internal domains or widely-used providers like gmail.com to avoid disruption.
Manage this in:
Security Controls > Email Protection > Block List
File Type Filtering
Admins can block or allow risky file types (like .exe, .js, etc.) to reduce malware exposure.
Settings can be global or tenant-specific (for MSPs)
Configure under:
Block List > File Type Filtering
Monitoring & Managing Issues
Review Threats
Go to Detection & Response > Email Protection Issues to:
Filter by sender, subject, or recipient
Search by threat type (phishing, malware, spam)
Sort by risk score
Admins can also view the email source code for deeper investigation.
Bulk Actions
Admins can take bulk actions across multiple messages:
Only applies to open issues of the same type
Users can override admin decisions via the User Portal
Admins get notified when an override occurs
End-User Phishing Reporting
Give users the power to report phishing from their inbox using the built-in “Report Phishing” button.
Disabled by default.
Enable via Email Security Settings > End-User Phishing Reporting
How It Works
User clicks Report Phishing
A new issue is created under End-User Reported Emails
The report includes similar emails sent to others
Admins can:
Take bulk actions
Close the issue
Optional user feedback is sent automatically
FAQs
Does Email Protection apply to all users?
Only users with an active Guardz license are protected.
Can Guardz secure personal email accounts?
No. It only protects business email accounts in the organization directory.
What happens if I turn off spam detection?
New spam issues will not be generated, but phishing and malware scans still run.
Can spam settings be customized per customer?
Yes. MSPs can set global defaults and customize them per tenant.
Why can’t I block a domain like gmail.com?
Guardz restricts blocking of internal domains and major providers to prevent issues. Instead, block specific addresses.
Using another email security tool?
To avoid conflict, you can fine-tune or disable spam detection in Guardz while keeping phishing/malware protection active.