Skip to content

M365 Security

Protect your Microsoft 365 users from malicious messages.

With M365 Security, you can set up Post delivery protection. This includes Auto search and remediate, which searches your users' M365 mailboxes to identify and quarantine messages that become malicious after they're delivered. Also, this includes On demand clawback, which enables you to manually claw back messages that you successfully delivered earlier to one or more M365 mailboxes.

You must add your Microsoft 365 tenant domains to Sophos Central in Email Security Dashboard before you can use Post delivery protection.

You must be a Super Admin to set up and manage connections to your Microsoft 365 tenants.

Set up M365 Security

When you set up M365 Security, you must give permission for Sophos applications to access your Microsoft services. This allows us to scan users' inboxes for malicious messages.

You can find out how to set up M365 Security, and turn on Auto search and remediate and On demand clawback in Post delivery protection.

Manage Microsoft 365 connections

You can see the status of connections to your Microsoft 365 tenants in My Products > General Settings > Domain Settings / Status.

For more information, see Domains Settings/Status.

Manage quarantined messages

Auto search and remediate looks for messages in your users' inboxes that become malicious after delivery and quarantines them. With On demand clawback, you can manually claw back delivered messages from recipients to the quarantine. See Using on-demand clawback.

You can find quarantined messages from Microsoft 365 users in Email Security Dashboard > Quarantined Messages > Post delivery quarantine. For more information, see Post delivery quarantine message details.


M365 Security reports are available in Reports > Post delivery summary.

For more information, see Post delivery summary report.