Inbox is not covered by Email Security

Associated with

Inboxes

Underlying signals

ESEC Unprotected Inbox (RS41)

Reasonings

• Enabled inbox, and
  • Any inbox that is enabled regardless if it’s regular, shared, or a distribution group. Any inbox that can receive email.
• Inbox is not present in connected email security integration, or
• Domain is not present in connected email security integration
  • Some integrations do not provide the list of users protected by the tool, so Cork may infer that all inboxes of a domain are covered if that domain is present in the integration

Resolutions

• Add the inbox to your email security tool, or
• If user is being offboarded, disable the inbox

Additional Considerations

• Microsoft recommends purchasing an individual Defender for Office 365 license for shared inboxes
  • https://learn.microsoft.com/en-us/office365/servicedescriptions/office-365-advanced-threat-protection-service-description#licensing-terms
• The following integrations are inferred as cover-alls:
  • TitanHQ SpamTitan
  • Avanan
  • Barracuda Email Gateway Defense
  • INKY
  • Perception Point