Skip to main content
日本語 简体中文 繁體中文

Operation to consider with HENNGE Cloud Protection

Target

  • Administrator of HENNGE Cloud Protection

Purpose

  • This article explains the items that administrators should consider in advance when responding to threats discovered in HENNGE Cloud Protection.

Notes

  1. The content of this article is based on the product information as of October 2024 and is subject to change without notice thereafter.

Types of Threats Detectable by HENNGE Cloud Protection

HENNGE Cloud Protection can monitor the following threats that may occur in Microsoft 365 in real-time and automatically respond upon detecting the threats.

  1. Files containing malware (viruses, trojans, ransomware, etc.) attached to Exchange Online items (*1)
  2. Malicious URLs (*2) on Exchange Online items (*1)
  3. Files containing malware (viruses, trojans, ransomware, etc.) uploaded to SharePoint Online / OneDrive / Teams
  4. Malicious URLs within files (*3) uploaded to SharePoint Online / OneDrive / Teams
  5. Leakage of Microsoft 365 accounts to third parties (account compromise)
  6. Malicious inbox rules

*1 Exchange Online items include emails, calendars, tasks, contacts, notes, etc.
*2 URLs within attachments are not detected.
*3 The following files are subject to detection:
Microsoft Excel / Microsoft Word / Microsoft PowerPoint / PDF / OpenDocumentPresentation / OpenDocumentSpreadsheet / OpenDocumentText
PDF files are only targeted if they contain hyperlinked URLs.

For each of the above threats, it is possible to specify individual response methods when each threat is detected.
The settings that can be configured for each threat are listed below.

For procedures to follow when a threat is actually detected, please refer to the following article:
Responding to Detected Threats

Response to Threats Definable by HENNGE Cloud Protection

1. Files Containing Malware Attached to Exchange Online Items

When a file containing malware attached to an Exchange Online item is detected, it is possible to define the following two points for response.

1.1 Handling of items containing threats
1.2 Notification to item owner users and specific email addresses

1.1 Handling of items containing threats

If malware is detected in a file attached to a specific item, you can choose the following actions to take.

- Automatically delete the Exchange Online item or the file containing malware
- Automatically isolate the Exchange Online item or the file containing malware
- Take no specific action

If you choose to delete, the Exchange Online item or the file containing malware will be permanently deleted.
If you choose to isolate, the Exchange Online item or the file containing malware will be temporarily hidden from Microsoft 365, preventing it from spreading to end users' devices.

Files in isolation can be viewed by administrators on the HENNGE Cloud Protection management screen and can be restored (released) later.
Releasing an isolated item will restore the item to its original location, allowing users to view and operate it.

1.2 Notification to Item Owner Users and Specific Email Addresses

If malware is detected in a file attached to a specific item, you can choose the notification recipients from the following options.

- Email notification to the owner user of the item where malware was detected
- Email notification to specific email addresses
- Both of the above

2. Malicious URLs on Exchange Online Items

When an Exchange Online item containing a malicious URL is detected, it is possible to define the following two points for response.

2.1 Handling of items containing threats
2.2 Notification to item owner users and specific email addresses

2.1 Handling of items containing threats

If a specific item contains a malicious URL, you can choose the following actions to take.

- Automatically delete the Exchange Online item
- Automatically isolate the Exchange Online item
- Take no specific action

If you choose to delete, the Exchange Online item will be permanently deleted.
If you choose to isolate, the Exchange Online item will be temporarily hidden from Microsoft 365, preventing it from spreading to end users' devices.

Items in isolation can be viewed by administrators on the HENNGE Cloud Protection management screen and can be restored (released) later.
Releasing an isolated item will restore the item to its original location, allowing users to view and operate it.

2.2 Notification to Item Owner Users and Specific Email Addresses

If a malicious URL is detected in a specific item, you can choose the notification recipients from the following options.

- Email notification to the owner user of the malicious item
- Email notification to specific email addresses
- Both of the above

3. Files Containing Malware Uploaded to SharePoint Online / OneDrive / Teams

When a file containing malware is detected to have been uploaded to SharePoint Online / OneDrive / Teams, it is possible to define the following two points for each service.

3.1 Handling of items containing threats
3.2 Notification to specific email addresses

3.1 Handling of items containing threats

If a file containing malware is detected in a specific item, you can choose the following actions to take.

- Automatically isolate the file containing malware
- Take no specific action

If you choose to isolate, the file containing malware will be temporarily hidden from Microsoft 365, preventing it from spreading to end users' devices.

Files that have been quarantined can be viewed by administrators on the HENNGE Cloud Protection management screen, and can be restored (released) later.
Releasing a quarantined item will restore the item to its original location, making it viewable and operable by users.

Furthermore, the released item will be recorded in HENNGE Cloud Protection as a safe file from then on, and even if the same file is uploaded in the future, it will be [detected] but not [quarantined]. (In Exchange protection, even files that have been released once will be quarantined)
It is not possible to revert this action (return to being quarantined).

Reference:
Managing Quarantined Items

3.2 Notification to Specific Email Addresses

If malware is detected, it is possible to send email notifications to specific email addresses.
(By default, notifications are turned off)

4. Malicious URLs in Files Uploaded to SharePoint Online / OneDrive / Teams

If malicious URLs are detected in files uploaded to SharePoint Online / OneDrive / Teams, the process defined in step 3 will be executed.

5. Leakage of Microsoft 365 Accounts to Third Parties (Account Compromise)

In the event that a leakage of Microsoft 365 accounts to third parties is detected, it is possible to define the following point.

5.1 Notification to the Relevant Account User and Specific Email Addresses

5.1 Notification to the Relevant Account User and Specific Email Addresses

If a leakage of Microsoft 365 accounts to third parties is detected, you can select the notification recipients from the following.

・Email notification to the leaked account
・Email notification to specific email addresses
・Both of the above

6. Malicious Inbox Rules

In the event that malicious inbox rules are detected, it is possible to define the following point.

6.1 Notification to the Relevant Inbox and Specific Email Addresses

6.1 Notification to the Relevant Inbox and Specific Email Addresses

If malicious inbox rules are detected, you can select the notification recipients from the following.

・Email notification to the malicious inbox
・Email notification to specific email addresses
・Both of the above