Inbox is not covered by Email Security
Associated with
Inboxes
Underlying signals
ESEC Unprotected Inbox (RS41)
Reasonings
- Enabled inbox, and
- Any inbox that is enabled regardless if it’s regular, shared, or a distribution group. Any inbox that can receive email.
- Inbox is not present in connected email security integration, or
- Domain is not present in connected email security integration
- Some integrations do not provide the list of users protected by the tool, so Cork may infer that all inboxes of a domain are covered if that domain is present in the integration
Resolutions
- Add the inbox to your email security tool, or
- If user is being offboarded, disable the inbox
Additional Considerations
- Microsoft recommends purchasing an individual Defender for Office 365 license for shared inboxes
- The following integrations are inferred as cover-alls:
- TitanHQ SpamTitan
- Avanan
- Barracuda Email Gateway Defense
- INKY
- Perception Point