Integrated Email Protection Best Practices

Before you start

• Confirm Global Admin access and required licenses.

• Verify your M365 or Google Workspace integration is connected and healthy.

• Review plan overview and deployment notes.

Recommended rollout

1. Start in Enforcement mode (Recommended)
   In Enforcement mode, Barracuda remediates attacks in real time by moving suspicious messages to the recipient's junk folder and sending alerts to both you and the recipient. Once enabled, monitor your detections, false positives/negatives, and top senders and domains to establish a baseline. For details on configuring Enforcement or Reporting mode, see Enforcement or Reporting Mode.

2. Tune policies
   Based on your initial findings, adjust impersonation settings and sender and domain allow/block lists to reduce false positives and ensure legitimate mail is not disrupted.

3. Scale and validate
   After your initial tuning period, review detection accuracy and release rates to confirm protection is working as expected. Verify that business mail flow is unaffected and maintain a weekly review cadence to catch any emerging false positives.

4. Optimize
   Account Takeover Protection monitors for suspicious sign-ins across your Microsoft 365 or Google Workspace accounts once your tenant is connected. For Microsoft 365, ensure Microsoft audit log search is turned on so Barracuda can collect sign-in data. Review alerts under Account Takeover Protection to monitor for compromised accounts. Encourage end users to report suspicious emails; see Reporting a Missed Attack for details.

Ongoing health checks

• Regularly review Reports for detection trends and message flow. Use report customization and scheduling to stay on top of changes in your threat landscape.