Skip to main content

Email Protection

Guardz Email Protection: Comprehensive Security & Best Practices

Updated over 2 weeks ago

Overview

Email is still one of the most common entry points for cyberattacks. Built-in security tools from Microsoft 365 or Google Workspace can help, but they aren’t enough to stop today’s more advanced threats.

Guardz Email Protection adds powerful, AI-driven layers of defense on top of your email platform, keeping your business safe from phishing, malware, spoofing, and more.

Available in: Starter, Pro, and Ultimate plans


What It Protects Against

  • Phishing attacks – Prevents users from falling for credential-stealing emails

  • Malware & ransomware – Detects and blocks malicious attachments and links

  • Spoofing & impersonation – Flags emails from forged or misleading senders

  • Spam – Filters out non-malicious but unwanted messages

  • AI-powered threat detection – Uses machine learning to identify threats with high accuracy


How It Works

Seamless Integration

Guardz integrates directly with both Microsoft 365 and Google Workspace using secure APIs. Emails are scanned in real time without interrupting the normal flow of communication.

Email Scanning Methods

Microsoft 365

  • Scanning via journaling: All incoming emails are sent to Guardz for analysis.

  • Outgoing emails and spam-folder items are not scanned.

  • Emails are removed from temporary storage after scanning.

Admin setup required:

  1. Log into the customer’s Azure portal

  2. Go to Enterprise Applications

  3. Find and select Guardz Dev

  4. Open Permissions

  5. Click Grant admin consent

Google Workspace

  • Event-based scanning: Guardz monitors email activity events and scans messages in real time.

  • Emails from the spam folder and outgoing emails are excluded.

Admin setup required:

  1. Log into the Google Admin Console

  2. Navigate to Apps > Google Workspace Marketplace apps > Apps list

  3. Select Guardz

  4. Click Grant Access


Key Features

AI-Powered Email Scanning

  • Classifies emails as legitimate, phishing, malware, or spam

  • Explains each detection with clear categories and reasoning

  • Visibility for:

    • Admins via Detection & Response

    • Users via Caution Banners, Quarantine Emails, and the User Portal

Granular Security Settings

Available under Security Controls > Email Protection:

1. Scanning Options

  • Email authentication (SPF, DKIM, DMARC)

  • Impersonation detection

  • Spam detection

2. Risk-Based Actions

Risk Level

Default Action

Customizable

High

Quarantine (required)

Medium

Caution or quarantine

Low

Caution or no action

3. Spam Handling

  • Banner + move to spam folder (recommended)

  • Quarantine high-risk spam

  • Caution banner only

Disabling spam detection stops new spam alerts, but phishing/malware protection stays active.

4. Auto-Archiving

Issues related to alert emails, spam, or quarantined content are auto-archived after 14 days.


Email Remediation & Actions

Caution Banners

  • Added to suspicious emails

  • Users can:

    • Mark as Safe – Clears the alert

    • Report & Delete – Notifies Guardz and removes the message

Quarantine Handling

  • Emails are held in the Quarantine Zone for the defined retention period

  • Users receive email alerts and can manage quarantined items in the User Portal

  • If no action is taken, quarantined messages are deleted after the retention period


Managing Security Policies

Found in Security Controls > Email Protection > Caution Banner & Quarantine Settings

  • Define separate actions for High, Medium, and Low risk

  • Optional: Enable Admin-Only Quarantine

    • Only admins can restore, release, or delete quarantined messages

MSPs can apply global email security policies, with per-customer overrides as needed.


Self-Service via the User Portal

When an email is quarantined:

  1. The user receives a quarantine notification

  2. Clicking “Review” opens the User Portal

  3. The user can choose to:

    • Restore – Return it to the inbox

    • Trash – Permanently delete it


Block & Allow Lists

Sender Lists

Admins can block or allow:

  • Specific email addresses

  • Full domains

Note: You can’t block internal domains or widely-used providers like gmail.com to avoid disruption.

Manage this in:

Security Controls > Email Protection > Block List

File Type Filtering

Admins can block or allow risky file types (like .exe, .js, etc.) to reduce malware exposure.

  • Settings can be global or tenant-specific (for MSPs)

  • Configure under:

    Block List > File Type Filtering


Monitoring & Managing Issues

Review Threats

Go to Detection & Response > Email Protection Issues to:

  • Filter by sender, subject, or recipient

  • Search by threat type (phishing, malware, spam)

  • Sort by risk score

Admins can also view the email source code for deeper investigation.

Bulk Actions

Admins can take bulk actions across multiple messages:

  • Only applies to open issues of the same type

  • Users can override admin decisions via the User Portal

  • Admins get notified when an override occurs


End-User Phishing Reporting

Give users the power to report phishing from their inbox using the built-in “Report Phishing” button.

Disabled by default.

Enable via Email Security Settings > End-User Phishing Reporting

How It Works

  1. User clicks Report Phishing

  2. A new issue is created under End-User Reported Emails

  3. The report includes similar emails sent to others

  4. Admins can:

    • Take bulk actions

    • Close the issue

  5. Optional user feedback is sent automatically


FAQs

Does Email Protection apply to all users?

Only users with an active Guardz license are protected.

Can Guardz secure personal email accounts?

No. It only protects business email accounts in the organization directory.

What happens if I turn off spam detection?

New spam issues will not be generated, but phishing and malware scans still run.

Can spam settings be customized per customer?

Yes. MSPs can set global defaults and customize them per tenant.

Why can’t I block a domain like gmail.com?

Guardz restricts blocking of internal domains and major providers to prevent issues. Instead, block specific addresses.

Using another email security tool?

To avoid conflict, you can fine-tune or disable spam detection in Guardz while keeping phishing/malware protection active.

Did this answer your question?