Views:
Note
Note
The following tables list all available actions in ATP and DLP policies for protected services. The specific actions available for a service vary depending on the security filter and threat type.
  • Exchange Online, Exchange Online (Inline Mode) - Inbound Protection, Exchange Online (Inline Mode) - Outbound Protection policies
    Action
    Description
    Tag subject
    Cloud Email and Collaboration Protection adds keywords before email message subject to inform the user that a security risk is detected. The email message is delivered to the intended recipient.
    Delete
    Cloud Email and Collaboration Protection deletes the entire email message.
    Quarantine
    Cloud Email and Collaboration Protection moves the email message to a dedicated quarantine location, removing it as a security risk to protected services.
    Note
    Note
    For Exchange Online, the quarantine location is a folder in the user's mailbox; for Exchange Online (Inline Mode), the quarantine location is in the storage of Cloud Email and Collaboration Protection.
    Pass
    Cloud Email and Collaboration Protection records the detection in a log and the message is unchanged.
    Pass without logging
    Cloud Email and Collaboration Protection does not record the detection in a log and the message is unchanged.
    Move to Junk Email folder
    Cloud Email and Collaboration Protection moves the email message to the user's Junk Email folder.
    Note
    Note
    • This action option is not available for Exchange Online (Inline Mode) - Outbound Protection.
    • In the Virtual Analyzer filter, this action option applies only to email messages whose attachment was submitted to Virtual Analyzer and classified as Unrated, which means that the submitted sample was not analyzed by Virtual Analyzer for a certain reason.
    Add disclaimer
    Cloud Email and Collaboration Protection adds a disclaimer to display at the beginning of the email body to inform the recipient that the email may contain some security risks.
    The disclaimer cannot exceed 512 characters.
    You can use a token to specify the exact reason that caused the sender to be identified as suspicious. For details, see Token List.
    Replace with text/file
    Cloud Email and Collaboration Protection deletes the file, infected, malicious, or undesirable content and replaces it with text or a file. The email message is delivered to the intended recipient, but the text replacement informs them that the original content was infected and was replaced.
    Note
    Note
    For Exchange Online, Cloud Email and Collaboration Protection does not support this action for MIP-encrypted email messages and applies the Pass action instead.
    Sanitize file
    Cloud Email and Collaboration Protection removes the active content from the file and delivers the email message with the sanitized file.
    Note
    Note
    For Exchange Online, Cloud Email and Collaboration Protection does not support this action for MIP-encrypted email messages and applies the Pass action instead.
    Change recipient
    Cloud Email and Collaboration Protection intercepts emails and routes them to your specified recipients instead of the original recipients.
    Note
    Note
    This action option is available for Exchange Online (Inline Mode), but not for Exchange Online.
  • Gmail, Gmail (Inline Mode) - Inbound Protection policies
    Action
    Description
    Delete
    Cloud Email and Collaboration Protection deletes the entire email message.
    Quarantine
    Cloud Email and Collaboration Protection moves the email message to a restricted access folder, removing it as a security risk to protected services.
    Move to Spam
    Cloud Email and Collaboration Protection applies Gmail's system label "Spam" to the email message and the message only displays in the user's Spam folder.
    Label email
    Cloud Email and Collaboration Protection includes a label Risky (by Trend Micro) at the top of the email message in the user's mailbox.
    Pass
    Cloud Email and Collaboration Protection records the detection in a log and the message is unchanged.
    Pass without logging
    Cloud Email and Collaboration Protection does not record the detection in a log and the message is unchanged.
    Change recipient
    Cloud Email and Collaboration Protection intercepts emails and routes them to your specified recipients instead of the original recipients.
    Note
    Note
    This action option is available for Gmail (Inline Mode), but not for Gmail.
  • SharePoint Online, OneDrive, Microsoft Teams (Teams), Box, Dropbox, and Google Drive policies
    Action
    Description
    Delete
    Cloud Email and Collaboration Protection deletes the file and replaces it with a placeholder using the original file name and .txt.
    Quarantine
    Cloud Email and Collaboration Protection moves the file to a restricted access folder, removing it as a security risk to protected services.
    Pass
    Cloud Email and Collaboration Protection records the detection in a log and the file is unchanged.
    Apply sensitivity label
    Note
    Note
    This action is available only to OneDrive, Microsoft Teams (Teams), SharePoint Online after you have granted Cloud Email and Collaboration Protection access to Microsoft Information Protection.
    Cloud Email and Collaboration Protection applies a selected Microsoft Information Protection sensitivity label on the file.
    When you select the action, click Show Advanced Options and configure Sensitivity Labeling
    Remove sensitivity label
    Note
    Note
    This action is available only to OneDrive, Microsoft Teams (Teams), SharePoint Online after you have granted Cloud Email and Collaboration Protection access to Microsoft Information Protection.
    Cloud Email and Collaboration Protection removes the Microsoft Information Protection sensitivity label from the file.
    Pass without logging
    Cloud Email and Collaboration Protection does not record the detection in a log and the file is unchanged.
    Note
    Note
    For Microsoft Teams (Teams), after Cloud Email and Collaboration Protection quarantines or deletes an image posted in a Teams channel, users can still preview and download the image in the Teams channel.
  • Teams Chat
    Action
    Description
    Block
    Cloud Email and Collaboration Protection calls Microsoft Teams to hide the message from both the sender and recipient.
    Note
    Note
    If a file in a chat message violated the policy, it was hidden from the private chat window (the Chat tab), but it is still stored in the sender's OneDrive folder and shown on the Files tab.
    Pass
    Cloud Email and Collaboration Protection records the detection in a log and the message is unchanged.
    Pass without logging
    Cloud Email and Collaboration Protection does not record the detection in a log and the message is unchanged.
    Note
    Note
    The specific actions available for Teams Chat depend on your Microsoft license. For more information, see Granting Access to Teams Chat.