Protection scope for the security policy

When creating a security policy, you must define its protection scope by selecting user mailboxes and/or Active Directory user groups that you want to protect in the policy, and mailboxes and groups that are excluded from protection.

Protection of Active Directory groups of the Microsoft 365 type is not supported by the application; such groups are not displayed in the Management Console and cannot be included in the protection scope.

Depending on the size of the Office 365 organization and the number of selected mailboxes, it may take up to several hours to update the protection scope.

Protected mailboxes

To configure mailboxes and/or user groups that you want to protect in the policy:

  1. Select the Protected mailboxes section.
  2. Select one of the following options:
    • Protect all users and groups, if you want to protect all user mailboxes and groups within the current Office 365 organization. If you select this option, any new mailboxes further added to your organization will be included automatically in the protection scope.
    • Protect selected users and groups only, if you want to protect only specific mailboxes and/or user groups. If you select specific user groups, any new mailboxes subsequently added to them will be included automatically in the protection scope.
  3. For the Protect selected users and groups only option, select the check boxes next to the mailboxes and/or user groups that you want to protect.

    To filter the list of mailboxes and/or user groups, use the Search entry field or the Display the following users and groups list (available values are All, Selected, and Not selected).

    The mailboxes and user groups are listed alphabetically; at that, user groups are listed first. By default, the list of mailboxes and user groups is arranged by 10 lines per page. You can switch the pages of the list back and forth or change the default number of displayed lines per page at the bottom of the page.

    To view the mailboxes included in a group, click the name of the group. The elements will be displayed in a separate window.

    If you change the primary SMTP address for mailboxes included in the protection scope without group association, the application will recognize them as newly added ones. Protection for these mailboxes will be automatically disabled. To resume protection, select the required mailboxes from the list again.

  4. Click Save.

If necessary, you can force the application to retrieve the list of mailboxes and user groups from Exchange Online by clicking the Synchronize list link above the list.

Excluded mailboxes

To configure mailboxes and/or user groups that you want to exclude from protection:

  1. Select the Excluded mailboxes section.
  2. Select the corresponding elements.

    To filter the list of mailboxes and/or user groups, use the Search entry field or the Display the following users and groups list (available values are All, Selected, and Not selected).

    The mailboxes and user groups are listed alphabetically; at that, user groups are listed first. By default, the list of mailboxes and user groups is arranged by 10 lines per page. You can switch the pages of the list back and forth or change the default number of displayed lines per page at the bottom of the page.

    If the same mailbox or user group is listed as a protected item but is also added to the list of exclusions, the exclusion has priority over the general protection scope settings.

  3. Click Save.

If necessary, you can force the application to retrieve the list of mailboxes and user groups from Exchange Online by clicking the Synchronize list link above the list.

If for any reason you want to anonymize any elements in the list or make them undetectable by the application, you can achieve this by customizing your Exchange Online settings. For the information about changing a user's display name, refer to the Office 365 documentation at https://docs.microsoft.com/en-us/office365/admin/add-users/change-a-user-name-and-email-address. For the information about blocking access to mailboxes, refer to the Azure Active Directory documentation at https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview.

Page top