365 Total Protection is a service provided by Hornetsecurity for Microsoft 365 customers. The service, at a simplistic level, integrates seamlessly with Microsoft 365 to protect customer emails and data from many different types of phishing and malware attacks.
There are three different editions available for 365 Total Protection, each offering different functionalities:
| Functionality | Business | Enterprise | Enterprise Backup |
| Protection of emails and data by filtering attachments Custom rules for email filtering Email encryption settings | x | x | x |
| Legally compliant archiving of emails | x | x | |
| Analysis mechanisms for detecting complex threats | x | x | |
| Continuity to email traffic in the event of an email server failure | x | x | |
| Microsoft 365 tenant data backup and Windows-based endpoint backups inc. restore capabilities | x |
If a new customer is onboarding to 365 Total Protection, they have the option of setting up the solution themselves, or alternatively if they are an existing Hornetsecurity customer, the administrators of the customer can migrate all applicable customer domains and mailboxes to 365 Total Protection.
Let’s take a closer look into each of the core functionalities 365 Total Protection offers for M365 customers.
Content Control
Content Control is a relatively straightforward feature allowing you to manage the handling of incoming and outgoing email attachments. For example, you can:
- Control which attachment types will be filtered out, such as XLS files with macros or media files. Either the filtered-out attachments can be stored in quarantine, or the original email can be delivered without the attachment along with a notification to the recipient that the attachment has been removed.
- Define a maximum allowed email size
- Deny particular attachment types
Content Control can be configured for all mailboxes of the domain or for groups of mailboxes, allowing you to granularly set controls based on departmental mailboxes as an example.
To activate Content Control, from the Control Panel, click Security Settings > Content Control and then switch on the feature. From here you can create policies that handle extension filtering and email size etc for incoming and outgoing emails.
Compliance Filter
Using this feature allows a customer to define filter rules, which for example could then classify incoming emails as Clean, Spam, or Threat based on the analysis of the content of each email. Additionally, based on such analysis, emails can be rejected, redirected through a different server or forwarded to other recipients.
The Compliance Filter allows you to define regular expressions so that for example if an email contains a certain word or words, it can be classified as spam, or treated a different way to just a normal delivery.
To activate the Compliance Filter, from the Control Panel, click Security Settings > Compliance Filter and then switch on the feature.
There are two options immediately available which is to add rules to either incoming or outgoing emails. Clicking Add Rule, you can define a rule for the Header of an email, Body of an email, or Advanced. Below are some sample use cases for each.
Header
Scanning the header of an email for certain words which can then prompt the email to be forwarded to a particular part of the business who should only receive such emails.
Body
Searching the body of an email for specific words triggers the email to be marked as spam.
Advanced
Using the advanced criterion allows for more customised rules based on a wide range of possibilities.
Email Encryption
Encryption is very important in today’s world with so much focus on keeping company data secure as it transits the internet and is stored across different devices, so you should not discount encryption for emails. 365 Total Protection allows you to set up encryption policies which could even be triggered based on keywords in the subject of outgoing emails.
To enable Email Encryption, from the Control Panel, click Security Settings > Email Encryption and then switch on the feature.
From here you have a number of different options:
- Always encrypt incoming emails sent from a particular sender to a particular recipient, and for example encrypt using TLS using only secure ciphers or all ciphers.
- Encrypt outbound emails using TLS, S/MIME, PGP, or Websafe based on the header of an email, body of an email, or you can use advanced criterion to further customise the rule to your needs.
Communication partners, those your organization communicates with, may not support particular encryption types. Luckily for that, 365 Total Protection offers the ability to check the encryption capability of these partners, so you can then define your encryption rules accordingly.
Archiving
The Archiving service does exactly that: archiving an organization’s received and sent emails for 10 years by default, which is adjustable. Administrators also have the option to use Archive Import to import previous emails into the archive. You can enable archiving for individual domains, groups, or users.
The emails that are archived are also displayed in Email Live Tracking within the 365 Total Protection Control Panel. Delegation to archives can be configured to give particular people in your organization access to archived emails for a limited time.
To activate Archiving, from the Control Panel, click Security Settings > Archiving and then switch on the feature.
To add exceptions, e.g., set a particular domain to only have a 2-year archiving period, click on the Add exception button.
Analysis Engines
Analysis Engines are what make up the protection an organization receives by leveraging 365 Total Protection. There are five Analysis Engines in total which I’ll briefly describe.
- Sandbox Engine. Attachments are executed in a variety of system environments and their behavior is analyzed. If the attachments turn out to be malware, then you are notified.
- URL Rewriting. Rather than directing a user directly to a link they may click on from within an email, the URL is checked using Hornetsecurity’s domain and URL intelligence databases for threats.
- URL Scanning. Links within documents such as PDFs are scanned to ensure they are safe.
- Freezing. Emails that cannot be immediately assigned to a category but still look suspicious are retained by Freezing for a short period of time. A further scan using updated signatures is then performed later.
- Targeted Fraud Forensics Filter. Detects personalized attacks carried out without malware or links using a number of detection mechanisms such as detecting and blocking forged sender identities and detecting attacks that are trying to obtain sensitive information.
Continuity Service
If your own email server fails, the Continuity Service, which can be configured for a domain or a single user, is automatically activated. This activation prompts emails to be sent to an additional POP3 mailbox which retains service until your mail system is restored.
To activate Continuity Service, from the Control Panel, click Security Settings > Continuity Service and then switch on the feature. From here, you can configure Continuity Service for all users or selected users.
Ex Post Deletion
The Ex Post Deletion feature allows administrators to delete emails that have already been delivered but have been subsequently classified as a threat. This ensures that it is not too late even once an email is delivered, adding extra peace of mind.
To activate Ex Post Deletion, from the Control Panel, click Security Settings > Advanced Threat Protection and then switch on the feature.
365 Total Backup
365 Total Backup allows you to backup and recover data from mailboxes, SharePoint, OneDrive, and Microsoft Teams chats in Microsoft 365, as well as optionally backup Windows-based endpoints. Enterprise Backup customers can make use of this functionality.
This is a solution I have already completed a write up for which you can read all about here: https://jgspiers.com/preventing-loss-of-office-365-data-with-altaro-o365-backup/
Summary
With security top of mind for all organizations, it goes without saying that the functionality in 365 Total Protection will go a long way to protecting an organization from malicious attackers trying to use emails as a way to infiltrate your systems. Get started with your free trial today.