Skip to content

Page permalink

Always use the following permalink when referencing this page. It will remain unchanged in future help versions.

https://docs.sophos.com/central/customer/help/en-us/index.html?contextId=post-delivery-protection

Post-Delivery Protection

You can connect your Microsoft 365 or Google Workspace domains to turn on post-delivery protection features such as Auto search and remediate and On demand clawback.

To access this setting, click the Global Settings icon Global Settings icon.. Go to Products & Services > Email and click Post Delivery Protection.

Before you start

You must add and connect your Microsoft 365 or Google Workspace domains to Sophos Central.

You can add and manage your domains in the following locations:

  • Gateway Domains: Add Microsoft 365 Gateway domains and Google Workspace domains.
  • M365 Mailflow Domains: Add Microsoft 365 Mailflow domains.

Note

You must be a Super Admin to set up and manage domain connections for post-delivery protection.

Features

Post-delivery protection includes features that help you detect and remove malicious or unwanted emails after they've reached users' inboxes. For Microsoft 365 mailboxes, this also includes emails that have been forwarded or replied to internally. You can see how these emails were shared within your organization and take action on them.

These features are turned off by default. You can configure them when you're ready.

Internal email remediation depends on the Include internally forwarded emails option. If this option is turned off, only the original delivered email is affected. This option is supported only for Microsoft 365 mailboxes.

Auto search and remediate

When Auto search and remediate is turned on, Sophos Email moves emails from your users' inboxes to post-delivery quarantine if they turn malicious.

You can turn on the following options:

  • Remove emails containing malicious URLs: Removes emails when URLs in the email are later identified as malicious.
  • Remove emails containing malware: Removes emails when malware is detected after delivery.
  • Include internally forwarded emails: Applies remediation to emails that were forwarded or replied to internally within your organization. This option is supported only for Microsoft 365 mailboxes.

On-demand clawback

When On-demand clawback is turned on, you can manually retract delivered messages from the mailboxes of one or more recipients into post-delivery quarantine if you consider the message unsuitable for the recipient.

You can also turn on Include internally forwarded emails to retract the original message and any messages forwarded or replied to internally for the selected email, including messages in inboxes and sent items. This option is supported only for Microsoft 365 mailboxes.

Exclude mailboxes

When Exclude mailboxes is turned on, you can exclude up to five mailboxes so that post-delivery protection features don't apply to them. As a result, auto-clawback and manual clawback don't remove emails from them.

Set up post-delivery protection

Choose the setup guide for your email platform: