Views:
When Cloud App Security detects a threat in a meeting invitation email and quarantines or deletes the message, the corresponding calendar item remains in the recipient's mailbox. To address this, administrators can configure Cloud App Security to take actions on calendar items associated with detected invitation emails.
When enabled, Cloud App Security can perform the following actions on calendar items:
  • Add disclaimer — Adds a warning message to the calendar item to notify end users the invitation emails detection.
  • Delete — Removes the corresponding calendar item from the recipient's mailbox.
Note
Note
  • This feature applies to Exchange Online only.
  • Calendar item actions work with real-time scanning only. Manual scanning does not support calendar item actions.
  • Calendar item updates may fail in certain scenarios, such as when the calendar item is protected by Microsoft Information Protection (MIP).

Before you begin

  • Exchange Online is provisioned in Cloud App Security.
  • The Exchange Online app has the Calendars.ReadWrite permission. If this permission is not included, a message appears in the configuration, prompting you to recreate the access token.

Procedure

  1. If the Exchange Online app does not already have the Calendars.ReadWrite permission, recreate the access token.
    1. Go to the service account page for Exchange Online.
    2. Recreate the access token to include the Calendars.ReadWrite permission.
  2. In Cloud App Security, go to Policy Global SettingsOther Settings Exchange Online API Protection Settings for calendar item options.
    If the Exchange Online is not provisioned, the page displays a message prompting you to provision the service first.
  3. Enable the Calendar item action option.
  4. Select the action to take on calendar items when the associated invitation email is quarantined or deleted:
    • Add disclaimer — Adds a warning to the calendar item notifying the end user that the associated invitation email was quarantined or deleted due to detected threats. Users should exercise caution with links and attachments in the calendar item.
    • Delete — Removes the calendar item from the recipient's mailbox.
  5. Click Save.
When the calendar item action is enabled and a threat is detected in an invitation email during real-time scanning, Cloud App Security performs the configured action on the corresponding calendar item.
  • If the invitation email was sent to a group, Cloud App Security applies the action to each recipient's calendar item.
  • If the invitation email includes recurring occurrences, Cloud App Security applies the action to all related calendar items.
  • Cloud App Security adds a disclaimer only once per calendar item.
Comments (0)