Protected Email Assets

This page includes:

• Protected Email Assets
  • About protected email assets
  • Protected email assets - Inline domains
  • Protected email assets - Microsoft 365 API integrations
  • Determining if a Microsoft 365 integration is Inline or API

About protected email assets

The Protected Email Assets page lets you view and manage the email-related assets in your organization that are protected by "Acronis Email Security".

To open the Protected Email Assets page:

• In "Acronis Email Security", in the left navigation menu, select Settings > Protected Email Assets.

The Protected Email Assets page is available to admin users with a "Cyber Analyst" [or higher] role.

Protected email assets - Inline domains

The Protected Email Assets > Inline Domains section shows all the domains that have been defined for any of the following integrations:

• Microsoft 365 - Inline

• Google Workspace

• Microsoft Exchange

• "Other" integrations

• If you select a parent organization in the "Acronis Email Security" banner, then the Protected Email Assets page shows all the inline domains for all the child organizations.

• If you select a child organization in the "Acronis Email Security" banner, then the Protected Email Assets page shows the inline domains for the selected child organization only.

For each domain, you can see the verification status of the domain:

• Verified: The domain is already verified.

• Pending: Verification of the domain is still pending.

This status information may be displayed for both the primary and the secondary records. Secondary Status will appear only if multi-region is enabled. For details about the multi-region functionality, see Multi-region.

Note: [Microsoft 365 Inline integrations only] If you have configured the integration to protect specified domains, groups, or users, information about the groups and users is not shown on this page.

Adding, deleting, and editing inline domains

Adding domains

For details on how to add a domain to an existing inline integration, see: Adding a domain to an existing Microsoft 365 Inline integration Adding a domain to an existing Google Workspace integration

Deleting domains

Pending domains	To delete a domain that is pending [not yet verified]: In "Acronis Email Security", open the Settings > Protected Email Assets page. Under Inline Domains, locate the domain that you want to delete. Click Delete on the right of the domain name.
Verified domains	If the domain is already verified, then see: Deleting Microsoft 365 Inline domains Deleting Google Workspace domains

Editing domains

You can edit the SMTP server addresses that are associated with any domain. To edit the SMTP server addresses that are associated with a domain: In the Protected Email Assets page, under Inline Domains, locate the domain that you want to edit. Click the blue arrow on the left of the domain name to display details of the domain. Locate SMTP Servers and then click Edit on the right. In the Edit SMTP Servers dialog box, make the required changes.

Editing the TLS configuration [for "Other" integrations only]

You can edit the TLS configuration for any domain in an "Other" integration. When you edit the TLS configuration, you can enable or disable TLS encryption. By default, "Acronis Email Security" supports TLS version 1.2 [and not earlier versions]. When TLS encryption is enabled, you enable support for legacy versions [earlier than 1.2] as well. See Step 3 - Configuring "other" email systems. To edit the TLS configuration for a domain: In "Acronis Email Security", go to the Settings > Protected Email Assets page. Under Inline Domains, locate the domain that you want to edit. Click the blue arrow on the left of the domain name to display details of the domain. Locate TLS configuration and then click Edit on the right. In the Configure TLS Encryption dialog box, make the required changes. Use TLS encryption: When enabled, "Acronis Email Security" will use TLS encryption when sending emails to this domain. By default, TLS version 1.2 is used. Note: Before you disable TLS encryption, it is recommended that you try "Allow legacy TLS versions" [see below] - unless you’re sure that the receiving server doesn't support TLS at all. Allow legacy TLS versions: When enabled, "Acronis Email Security" will be able to use a TLS version earlier than 1.2, if that is what is required by the domain server that receives the emails from "Acronis Email Security". Click Confirm.

Protected email assets - Microsoft 365 API integrations

About protected email assets - Microsoft 365 API integrations Full protection vs Partial protection Editing the protected assets Asset details

About protected email assets - Microsoft 365 API integrations

The Protected Email Assets page shows information about the email-related assets that are protected by Microsoft 365 API integrations. You can also perform some editing functions on this page, as described below.

The protected assets can include:

• Domains

• Groups

• Users

  

Note: Email assets that are protected by a Microsoft API integration are shown only for child organizations - the protected assets are not shown when a parent organization is selected in the "Acronis Email Security" banner.

Full protection vs Partial protection

For Microsoft API integrations, you can use the Protected Email Assets page to choose which email assets to protect - either full protection, protect the full Microsoft 365 account, or partial protection, protect only specified assets inside the account.

• Protect the Entire MS365 Account

  Protects all the users inside all the domains in the organization's Microsoft 365 account, including existing assets and future assets. This means that domains that are added to the organizations Microsoft 365 account in the future will be automatically protected.

  Note: When the "protect all" option is selected, you won't be able to select a domain, and then disable or delete the domain. To delete or disable a domain, first change the organization protection to "Protect selected email assets"

• Protect Selected Email Assets

  Protects only the specified domains, groups, and users.

Switching between the two protection coverage modes

• Switching from "Protect Selected Email Assets" to "Protect the Entire MS365 Account":

  All the currently selected email assets remain protected, and protection is extended to cover all email assets in the organization's Microsoft 365 account - including both existing assets and assets that are added in the future.

• Switching from "Protect the Entire MS365 Account" to "Protect Selected Email Assets":

  Maintains protection of the domains that are already protected. However, domains that are added in the future will not be automatically protected.

  After switching to "Protect Selected Email Assets, you can modify/configure the set of assets to protect [domains, groups, and users], as described in Editing the protected assets below.

Note: After you switch between the protection coverage modes, due to technical limitations, you won't be able to switch the coverage mode again for a period of one hour. When you switch between the protection coverage modes, all settings remain unchanged [other than the modified set of protected assets]. The toggle controls affect Microsoft 365 API assets only - the controls do not affect Microsoft 365 Inline assets.

Editing the protected assets

• Full protection: If you're protecting the entire Microsoft 365 account, you won't be able to disable or delete the asset.

  To disable or delete an asset, first change the organization protection to "Protect selected email assets", and then continue as described below.

• Partial protection: If you're protecting just a specified set of assets, then you can configure [edit] the protected assets, as shown below:

  Adding assets

  To add a domain, group, or user: Click "Add Domains", "Add Groups", or "Add Users" on the right of the relevant section. A pane will open on the right - enabling you to add the required assets. or In "Acronis Email Security", go to Settings > Protected Email Assets. Click "Configure Email Protection" in the top-right corner. This will open the configuration wizard. In the wizard, use the available controls to add the required domains, groups, and users. Click Next to continue with the required configuration changes.

  Enabling assets Disabling assets Deleting assets

  You can use the functionality on the Protected Email Assets page to enable, disable, or delete any of the protected assets [domains, groups, and users]. The required controls are found on the right of each protected asset.

Asset details

The following information is shown in the Protected Email Assets page for Microsoft 365 API integrations:

• Status: Indicates if the protection for the asset [domain, group, or user] is Active, Disabled, or Empty.

  Note: If the status is Empty, "Acronis Email Security" isn't able to find any email addresses that are related to this domain. Contact "Acronis Email Security" Support [support@perception-point.io] for help to resolve the issue.

• Connection scope: Indicates which email communication types are included in the protection: Inbound, Outbound

• Connected Email Addresses: Shows the number of email addresses that are protected by "Acronis Email Security" - inside the domain.

• Email Addresses: Shows the number of email addresses that are protected by "Acronis Email Security" - inside the group.

Domains	Shows all the Microsoft 365 API domains that have been added for the organization. You can enable, disable, or delete a domain - using the controls on the right of the domain. To add a domain, click "Add Domains" on the right - which will open the "Add Domains" pane.
Groups	Shows all the groups that were individually specified, that are currently available to be protected by "Acronis Email Security". Note: The list doesn't include groups that are included in the domains specified above. You can enable, disable, or delete any group - using the controls on the right of the group. To add a group, click "Add group" on the right - which will open the "Add Groups" pane. More info... Connected email addresses The number of mailboxes in the group that are protected by "Acronis Email Security" Non-supported email addresses (on-premise) The number of mailboxes in the group that are not protected because they are inactive, soft-deleted, or hosted on-premise. Non-operative email addresses The number of mailboxes in the group that are not protected either due to a temporary issue, or because the addresses belong to guest users. Total email addresses The total number of mailboxes in the group that are retrieved using Microsoft Graph API.
Users	Shows all the users that were individually specified, that are currently available to be protected by "Acronis Email Security". Note: The list doesn't include users that are included in the domains and groups specified above. You can enable, disable, or delete any user - using the controls on the right of the user. To add a user, click "Add User" on the right - which will open the "Add Users" pane.

Determining if a Microsoft 365 integration is Inline or API

You can determine if a Microsoft 365 integration in an organization is Inline or API. This is done using the "Protected Email Assets" page.

1. In "Acronis Email Security", in the left navigation menu, select Settings > Protected Email Assets.

   The Protected Email Assets page opens.

2. In the Protected Email Assets page, look for:

   1. Inline Domains: Indicates that the organization has a Microsoft 365 Inline integration

   2. Microsoft API Domains: Indicates that the organization has a Microsoft 365 API integration

See also: 

• "Acronis Email Security"