Views:
Cloud Email and Collaboration Protection searches for security risks and undesirable data by scanning messages and their attached files in email services, files stored in other cloud applications, and messages in private Teams chats.
Cloud Email and Collaboration Protection performs real-time scans and on-demand (manual) scans. When detecting malicious or undesirable content, Cloud Email and Collaboration Protection automatically takes action against the email message, file, or Teams chat message according to scanning rules. Configure policies to scan specific targets and then take certain action or send a notification based on the security risk.
Note
Note
Manual scan is not applicable for Microsoft Teams (Chat).
By default, Cloud Email and Collaboration Protection scans all possible email messages, files, and private Teams chats in the cloud applications and services it protects. Scannable files include any file that is not encrypted, password protected, or exceeds user-configured scanning restrictions.
Real-time scanning and on-demand scanning apply to Advanced Threat Protection policies and Data Loss Prevention policies.

Real-time scan

Cloud Email and Collaboration Protection scans the following in real time:
  • For email services, scanning occurs when an email message arrives at a protected mailbox.
  • For cloud storage applications, scanning occurs when a user uploads, creates, synchronizes, or modifies a file.
  • For Teams Chat, scanning occurs when a user sends a private chat message.

Manual scan

Cloud Email and Collaboration Protection provides two manual scan types:
  • Scan and protect: Analyzes email messages or files, and takes action upon detecting any violation triggering the selected policy.
  • Scan only: Analyzes email messages or files, logs the analysis, and delivers the messages or files to users without taking any action configured in the selected policy. This helps evaluate the Cloud Email and Collaboration Protection performance with zero impact on mail flow and file sharing.
    Note
    Note
    This scan type applies to Microsoft 365 services and Gmail only.
Run a manual scan to ensure that Cloud Email and Collaboration Protection scans all messages and files. Completely scanning cloud applications and services in this way minimizes the risk of advanced threats or data protection violations. A manual scan affects all users, groups and sites; however optionally configure Cloud Email and Collaboration Protection to scan specific targets, as needed.
Cloud Email and Collaboration Protection generates and sends a comprehensive report after a manual scan to specified users, consolidating the scan results and displaying detailed information.
Manual scan requirements:
  • For a full license, run a manual scan on up to 31 days of data.
    Note
    Note
    A trial license supports a manual scan only on one day of data, and a manual scan covers 25 mailboxes, 5 SharePoint sites, 5 teams, or 5 cloud application service accounts.
  • Run only one manual scan for one kind of policy at a time.
    For example, you can perform a manual scan for Exchange Data Loss Prevention policies and SharePoint Online Data Loss Prevention policies at the same time. You cannot simultaneously perform two manual scans for Exchange Data Loss Prevention policies.