NoteThe following tables list all available actions in ATP and DLP policies for protected
services. The specific actions available for a service vary depending on the security
filter and threat type.
|
-
Exchange Online, Exchange Online (Inline Mode) - Inbound Protection, Exchange Online (Inline Mode) - Outbound Protection policiesActionDescriptionTag subjectCloud Email and Collaboration Protection adds keywords before email message subject to inform the user that a security risk is detected. The email message is delivered to the intended recipient.DeleteCloud Email and Collaboration Protection deletes the entire email message.QuarantineCloud Email and Collaboration Protection moves the email message to a dedicated quarantine location, removing it as a security risk to protected services.
Note
For Exchange Online, the quarantine location is a folder in the user's mailbox; for Exchange Online (Inline Mode), the quarantine location is in the storage of Cloud Email and Collaboration Protection.PassCloud Email and Collaboration Protection records the detection in a log and the message is unchanged.Pass without loggingCloud Email and Collaboration Protection does not record the detection in a log and the message is unchanged.Move to Junk Email folderCloud Email and Collaboration Protection moves the email message to the user's Junk Email folder.Note
-
This action option is not available for Exchange Online (Inline Mode) - Outbound Protection.
-
In the Virtual Analyzer filter, this action option applies only to email messages whose attachment was submitted to Virtual Analyzer and classified as Unrated, which means that the submitted sample was not analyzed by Virtual Analyzer for a certain reason.
Add disclaimerCloud Email and Collaboration Protection adds a disclaimer to display at the beginning of the email body to inform the recipient that the email may contain some security risks.The disclaimer cannot exceed 512 characters.You can use a token to specify the exact reason that caused the sender to be identified as suspicious. For details, see Token List.Replace with text/fileCloud Email and Collaboration Protection deletes the file, infected, malicious, or undesirable content and replaces it with text or a file. The email message is delivered to the intended recipient, but the text replacement informs them that the original content was infected and was replaced.Note
For Exchange Online, Cloud Email and Collaboration Protection does not support this action for MIP-encrypted email messages and applies the Pass action instead.Sanitize fileCloud Email and Collaboration Protection removes the active content from the file and delivers the email message with the sanitized file.Note
For Exchange Online, Cloud Email and Collaboration Protection does not support this action for MIP-encrypted email messages and applies the Pass action instead.Change recipientCloud Email and Collaboration Protection intercepts emails and routes them to your specified recipients instead of the original recipients.Note
This action option is available for Exchange Online (Inline Mode), but not for Exchange Online. -
-
Gmail, Gmail (Inline Mode) - Inbound Protection policiesActionDescriptionDeleteCloud Email and Collaboration Protection deletes the entire email message.QuarantineCloud Email and Collaboration Protection moves the email message to a restricted access folder, removing it as a security risk to protected services.Move to SpamCloud Email and Collaboration Protection applies Gmail's system label "Spam" to the email message and the message only displays in the user's Spam folder.Label emailCloud Email and Collaboration Protection includes a label Risky (by Trend Micro) at the top of the email message in the user's mailbox.PassCloud Email and Collaboration Protection records the detection in a log and the message is unchanged.Pass without loggingCloud Email and Collaboration Protection does not record the detection in a log and the message is unchanged.Change recipientCloud Email and Collaboration Protection intercepts emails and routes them to your specified recipients instead of the original recipients.
Note
This action option is available for Gmail (Inline Mode), but not for Gmail. -
SharePoint Online, OneDrive, Microsoft Teams (Teams), Box, Dropbox, and Google Drive policiesActionDescriptionDeleteCloud Email and Collaboration Protection deletes the file and replaces it with a placeholder using the original file name and .txt.QuarantineCloud Email and Collaboration Protection moves the file to a restricted access folder, removing it as a security risk to protected services.PassCloud Email and Collaboration Protection records the detection in a log and the file is unchanged.Apply sensitivity label
Note
This action is available only to OneDrive, Microsoft Teams (Teams), SharePoint Online after you have granted Cloud Email and Collaboration Protection access to Microsoft Information Protection.Cloud Email and Collaboration Protection applies a selected Microsoft Information Protection sensitivity label on the file.When you select the action, click Show Advanced Options and configure Sensitivity LabelingRemove sensitivity labelNote
This action is available only to OneDrive, Microsoft Teams (Teams), SharePoint Online after you have granted Cloud Email and Collaboration Protection access to Microsoft Information Protection.Cloud Email and Collaboration Protection removes the Microsoft Information Protection sensitivity label from the file.Pass without loggingCloud Email and Collaboration Protection does not record the detection in a log and the file is unchanged.Note
For Microsoft Teams (Teams), after Cloud Email and Collaboration Protection quarantines or deletes an image posted in a Teams channel, users can still preview and download the image in the Teams channel. -
Teams ChatActionDescriptionBlockCloud Email and Collaboration Protection calls Microsoft Teams to hide the message from both the sender and recipient.
Note
If a file in a chat message violated the policy, it was hidden from the private chat window (the Chat tab), but it is still stored in the sender's OneDrive folder and shown on the Files tab.PassCloud Email and Collaboration Protection records the detection in a log and the message is unchanged.Pass without loggingCloud Email and Collaboration Protection does not record the detection in a log and the message is unchanged.Note
The specific actions available for Teams Chat depend on your Microsoft license. For more information, see Granting access to Teams.