Guided Setup of Integrated Email Security

Written By Marissa Fegan (Super Administrator)

Updated at July 9th, 2025

VIPRE Integrated Email Security (IES) is a cutting-edge cloud email security solution designed to protect organizations from modern email threats and seamlessly enhance Microsoft 365 environments. Leveraging AI-driven threat detection and non-disruptive API integration, VIPRE IES provides comprehensive, real-time protection for both external and internal emails. This robust solution effectively combats sophisticated attacks like Business Email Compromise (BEC) and social engineering, ensuring your organization remains secure.

Once you have received the VIPRE IES welcome email (sent from noreply@threatsecure.com) and set your password, follow the steps below to configure. If you have purchased VIPRE Integrated Email Security and have not yet received this email, please reach out to your Account Executive or Onboarding Manager.

Step 1: Configure an Email Source

VIPRE Integrated Email Security integrates with your organization's Microsoft 365 tenant to provide total protection by catching anything that might get through. The first step is to configure an email source within VIPRE Integrated Email Security.

Important

While VIPRE IES does work with IMAP sources, IMAP configuration is intended for testing purposes only and is not recommended for use in VIPRE IES otherwise. 

This product works best when integrated with your organization's Microsoft 365 tenent account and the instructions below are for a Microsoft 365 configuration. Compatibility with other email sources, like Google Workspace, are on the roadmap and coming soon! Watch the release notes space for updates.

 

Before getting started, you will need the administrator login credentials for your organization's Microsoft 365 tenant account.

Follow these steps from within the VIPRE IES web console:

  1. Navigate to Settings > Email Configuration
  2. On the Email Configuration screen, select Add M365 at the top
  3. Name your Microsoft 365 source
    1. This name is used in various places throughout IES, including Message Logs
  4. Select your Integration Mode
    1. Inline: All mail will be delivered to VIPRE IES via mail flow rules prior to arrival at the end user's Inbox
    2. Monitoring: A copy of all email will be delivered to VIPRE IES via journaling rules
  5. Click Continue

You will then be prompted to sign in to your Microsoft 365 tenant account. You will be presented with a list of APIs that VIPRE is requesting permissions to. 

For additional details on how to manage email sources, visit IES Email Sources. The next step in our guided setup is setting up an action rule.

 

Verifying Default Action Rules

 
 
 

Step 2: Set up Action Rules

VIPRE Integrated Email Security (IES)'s Action Rules under the Settings menu allow you to enable powerful and customizable rules for your email. 

The Anatomy of an Action Rule

Before we discuss how to configure an action rule, let's first examine its different parts.

Action Rule

An action rule has multiple parts including: 

  • Name of the action rule
  • Description of the action rule (optional but recommended)
  • Rule Expression
  • Actions based on the rule expression
Rule Expression A rule expression is created within the greater action rule, giving specific instructions for the action rule to follow
Action An action tells the action rule what to do with the emails that it finds based on the rule expression

In the example shown in the screenshot below, you can see what makes up the body of a VIPRE IES Action Rule. 

  1. Name of the action rule
  2. Description of the action rule
  3. Rule Expression: any(analysis.detections, .engine == "Vipre Spam" && .severity != "CRITICAL") This shows that this particular action applies to emails that are detected by the VIPRE AntiSpam engine with a Critical severity
  4. Actions: Quarantine, Notify Recipient
  5. Option to stop evaluating other action rules on match is checked
  6. Option to enable this action rule is checked
  7. Edit: Make changes to your action rule
  8. Trash: Delete your action rule

Default Action Rule

There is one action rule included in VIPRE IES by default. 

  • Quarantine Malicious Email: This action rule includes a rule expression that will quarantine all emails that are deemed to be malicious and will send an email notification to the end-user or recipient of the email; applies to Inline Mode only

To verify that the existing action rule will meet the needs of your organization:

  1. From within the VIPRE IES web console, navigate to Settings > Action Rules
  2. On the Action Rules screen, you'll see the Quarantine Malicious Email action rule; using the example above as a reference guide, determine if this existing rule meets the needs or your organization

 

Does the existing default action rule meet the needs of your organization?

Yes, the default action rule meet our needs as-is. No changes are needed.

 

No, the default action rule won't work for us. We'll need to create new action rules. 

 
 

Your experience with Link Isolation is dependent on the options you choose here. Review all of the options below carefully to determine the best action plan for your organization before implementation.

  1. From your VIPRE IES admin portal, click on Settings > Link Isolation in the left-side menu
  2. You will see the following options available to you: URL Filter Configuration, Allowed IPs/Domains, Denied IPs/Domains, and Templates
    1. Select a tab below to learn more about each option

 

URL Filter Configuration

  1. On the URL Filter Configuration tab, select from the following options:
    • Click-time Protection
      • Enable Deeplink: This option allows Link Isolation to perform deep, cloud-based scanning to analyze malicious URLs and obtain more information; also enables URL categorization and screenshots/previews of malicious URLs
      • Click-Through > Block: Blocks all potentially malicious URLs that have been clicked in the email; unable to proceed
      • Click-Through > Warn and allow override: Displays a warning when potentially malicious URLs have been clicked in the email; gives the option to ignore the warning and proceed to the website
    • URL Rewriting
      • Rewrite displayed URLs and underlying links: Visible links shown as URLs will be rewritten; this may alter the appearance of the email as rewritten URLs can be quite long
      • Rewrite URLs in text mode email: Rewrites URLs both in HTML and text mode; this may alter the appearance of the email as rewritten URLs can be quite long
      • Rewrite URLs in released/replayed emails: Rewrites URLs when replaying quarantined emails
  2. Click Save

 

 
 

Allowed IPs/Domains

  1. On the Allowed IPs/Domains tab, click +Add New Allowed IP/Domain
  2. Type the IP address or domain in the text box and include a reason why you want to allow it - when adding multiples, supported separators are commas, semicolons, and space
    • Any trusted IP address or domain can be added to this list as Link Isolation does not rewrite IP addresses or Domains on this list
    • VIPRE recommends only adding trusted domains, like domains associated with your organization, to the Allowed IPs/Domains list
  3. Click Save

To search for a previously allowed IP address or domain:

  • Type the IP address or domain in the search box and press Enter

To delete a previously allowed IP address or domain:

  • Locate the desired IP address or domain and click the trash icon on the right side of the screen

 

 

 
 

Denied IPs/Domains

To add an IP address or domain that you want to deny:

  1. On the Denied IPs/Domains tab, click +Add New Denied IP/Domain
  2. Type the IP address or domain in the text box and include a reason why you want to deny it - when adding multiples, supported separators are commas, semicolons, and space
    • Any untrusted IP address or domain can be added to this list
  3. Click Save

To search for a previously denied IP address or domain:

  • Type the IP address or domain in the search box and press Enter

To delete a previously denied IP address or domain:

  • Locate the desired IP address or domain and click the trash icon on the right side of the screen 
 
 

Templates

  1. This allows you to customize the message that your users see:
    1. When they click on the malicious URL based on whether you chose to Warn and Allow or Block Page under URL Filter Configuration
    2. When attempting to access an IP address or domain that has been denied
  2. Click Save

 See End User: What to Expect above for screenshots of what these templates look like.

 
 

Once you've gone through the configuration options detailed in the tabs above, you're ready to enable Link Isolation. 

  1. Scroll to the top of the screen and click the toggle next to Enable Link Isolation

Link Isolation is now configured and enabled. 

Verify that IES is working

 
 

Congrats! VIPRE Integrated Email Security has been successfully configured. 

You can verify that you configured IES correctly by going back to Settings > Email Configuration. It may take a little bit for emails to start populating IES, however, you can view the status here:

If you need assistance, please contact VIPRE Support.

 
 

If the default action rule does not meet your needs, you can disable or delete it and configure a new one. 

To create your own customized action rule, navigate to Settings > Action Rules and follow the steps below:

  1. Click Add Action Rule in the top right corner of the screen
    1. Name: Give your action rule a descriptive name so you can easily identify it
      • This name is used to identify the action rule in the Message Logs screen
    2. Description:  (Optional) Add more details about the action rule's purpose
    3. Rule: Define the conditions for your action rule here, using the autocomplete feature; click Validate to confirm that your rule is set up correctly
      1. See How to Build a Rule Expression below for additional guidance
    4. Actions > Select an action: Choose the actions to be taken when the rule conditions are met (e.g., quarantine the email, send a notification, etc.)
    5. Check whether or not you want the action rule to stop checking any other configured action rules when the conditions of this one match
    6. Check whether or not you want to enable this action rule
  2. Click Save

 

Tips for Creating Effective Action Rules

Things to keep in mind when creating an action rule:

  • Action Rule Order
    • All action rules are executed in the order in which they appear
    • After you create your rules, make sure to verify that they are in the appropriate order
  • Rule Expression Editor
    • The rule expression editor uses a free-form text field that utilizes autocomplete
      • Click See Documentation to find examples and rule templates that can be inserted directly into the rule editor
    • Click the Validate button to verify that your rule is correctly formatted
  • Actions
    • There can be more than one action for a policy
    • After adding the desired actions, click the check mark to add it to the policy

How to Build a Rule Expression

Rule Expressions are like instructions that tell VIPRE Integrated Email Security what to look for when analyzing your emails. We create these instructions using the following way to write conditions:

Basic Examples

  • Checking for suspicious emails: analysis.verdict == "SUSPICIOUS"
    • This rule checks if our system has flagged the email as suspicious
  • Checking for emails with high severity: analysis.severity == "HIGH"
    • This rule checks if the email has been flagged as high severity

Building Blocks

Here are some of the "Rule Expression building blocks" you can use:

  • analysis.severity: This allows you to check for the severity of the email.
    • Values include: CRITICAL, HIGH, MEDIUM, LOW, INFO
  • analysis.verdict: This allows you to check for the verdict of the email.
    • Values include: MALICIOUS, SUSPICIOUS, WHITELISTED, CLEAN
  • analysis.detections: This allows you to check what the scan engines found.
    • analysis.detections.severity: Values include: CRITICAL, HIGH, MEDIUM, LOW, INFO
    • analysis.detections.verdict: Values include: MALICIOUS, SUSPICIOUS, WHITELISTED, CLEAN
    • analysis.detections.engine: Values include: VIPRE AV, VIPRE AntiSpam, VIPRE URL Scan, BEC, etc.
  • source_context.mode:This allows you to check for messages based on email source mode
    • Values include: MONITORING, INLINE
  • source_context.type: This allows you to check for messages based on email source type
    • Values include: O365, IMAP

The autocomplete feature within the VIPRE IES rule expression editor will help you build these rule expressions, and the Validate button will verify that the syntax of your rule expression is correct.

 

Checking for Multiple Conditions within an Email’s Analysis

Sometimes you need to check for more than one thing. For example, to check if an email is suspicious and was flagged by the "BEC" engine, you can use:

analysis.verdict == "SUSPICIOUS" and any(analysis.detections, {.engine == "BEC"})

  • any(): This part of the rule checks if at least one of the scan engines found something
    • In the example above, it's checking if the "BEC" engine has detected something

I have successfully created new action rules for my organization.

 

I need help with the VIPRE IES Action Rule Editor.

 
 

Your experience with Link Isolation is dependent on the options you choose here. Review all of the options below carefully to determine the best action plan for your organization before implementation.

  1. From your VIPRE IES admin portal, click on Settings > Link Isolation in the left-side menu
  2. You will see the following options available to you: URL Filter Configuration, Allowed IPs/Domains, Denied IPs/Domains, and Templates
    1. Select a tab below to learn more about each option

 

URL Filter Configuration

  1. On the URL Filter Configuration tab, select from the following options:
    • Click-time Protection
      • Enable Deeplink: This option allows Link Isolation to perform deep, cloud-based scanning to analyze malicious URLs and obtain more information; also enables URL categorization and screenshots/previews of malicious URLs
      • Click-Through > Block: Blocks all potentially malicious URLs that have been clicked in the email; unable to proceed
      • Click-Through > Warn and allow override: Displays a warning when potentially malicious URLs have been clicked in the email; gives the option to ignore the warning and proceed to the website
    • URL Rewriting
      • Rewrite displayed URLs and underlying links: Visible links shown as URLs will be rewritten; this may alter the appearance of the email as rewritten URLs can be quite long
      • Rewrite URLs in text mode email: Rewrites URLs both in HTML and text mode; this may alter the appearance of the email as rewritten URLs can be quite long
      • Rewrite URLs in released/replayed emails: Rewrites URLs when replaying quarantined emails
  2. Click Save

 

 
 

Allowed IPs/Domains

  1. On the Allowed IPs/Domains tab, click +Add New Allowed IP/Domain
  2. Type the IP address or domain in the text box and include a reason why you want to allow it - when adding multiples, supported separators are commas, semicolons, and space
    • Any trusted IP address or domain can be added to this list as Link Isolation does not rewrite IP addresses or Domains on this list
    • VIPRE recommends only adding trusted domains, like domains associated with your organization, to the Allowed IPs/Domains list
  3. Click Save

To search for a previously allowed IP address or domain:

  • Type the IP address or domain in the search box and press Enter

To delete a previously allowed IP address or domain:

  • Locate the desired IP address or domain and click the trash icon on the right side of the screen

 

 

 
 

Denied IPs/Domains

To add an IP address or domain that you want to deny:

  1. On the Denied IPs/Domains tab, click +Add New Denied IP/Domain
  2. Type the IP address or domain in the text box and include a reason why you want to deny it - when adding multiples, supported separators are commas, semicolons, and space
    • Any untrusted IP address or domain can be added to this list
  3. Click Save

To search for a previously denied IP address or domain:

  • Type the IP address or domain in the search box and press Enter

To delete a previously denied IP address or domain:

  • Locate the desired IP address or domain and click the trash icon on the right side of the screen 
 
 

Templates

  1. This allows you to customize the message that your users see:
    1. When they click on the malicious URL based on whether you chose to Warn and Allow or Block Page under URL Filter Configuration
    2. When attempting to access an IP address or domain that has been denied
  2. Click Save

 See End User: What to Expect above for screenshots of what these templates look like.

 
 

Once you've gone through the configuration options detailed in the tabs above, you're ready to enable Link Isolation. 

  1. Scroll to the top of the screen and click the toggle next to Enable Link Isolation

Link Isolation is now configured and enabled. 

Verify that IES is working

 
 

Congrats! VIPRE Integrated Email Security has been successfully configured. 

You can verify that you configured IES correctly by going back to Settings > Email Configuration. It may take a little bit for emails to start populating IES, however, you can view the status here:

If you need assistance, please contact VIPRE Support.

 
 

Struggling with the action rule editor or writing rule expressions? We're here to help! If you need assistance, please submit a request to our Support team. A Support Technician will contact you promptly.

In the meantime, let us move on to the next step:

Your experience with Link Isolation is dependent on the options you choose here. Review all of the options below carefully to determine the best action plan for your organization before implementation.

  1. From your VIPRE IES admin portal, click on Settings > Link Isolation in the left-side menu
  2. You will see the following options available to you: URL Filter Configuration, Allowed IPs/Domains, Denied IPs/Domains, and Templates
    1. Select a tab below to learn more about each option

URL Filter Configuration

  1. On the URL Filter Configuration tab, select from the following options:
    • Click-time Protection
      • Enable Deeplink: This option allows Link Isolation to perform deep, cloud-based scanning to analyze malicious URLs and obtain more information; also enables URL categorization and screenshots/previews of malicious URLs
      • Click-Through > Block: Blocks all potentially malicious URLs that have been clicked in the email; unable to proceed
      • Click-Through > Warn and allow override: Displays a warning when potentially malicious URLs have been clicked in the email; gives the option to ignore the warning and proceed to the website
    • URL Rewriting
      • Rewrite displayed URLs and underlying links: Visible links shown as URLs will be rewritten; this may alter the appearance of the email as rewritten URLs can be quite long
      • Rewrite URLs in text mode email: Rewrites URLs both in HTML and text mode; this may alter the appearance of the email as rewritten URLs can be quite long
      • Rewrite URLs in released/replayed emails: Rewrites URLs when replaying quarantined emails
  2. Click Save

 

 
 

Allowed IPs/Domains

  1. On the Allowed IPs/Domains tab, click +Add New Allowed IP/Domain
  2. Type the IP address or domain in the text box and include a reason why you want to allow it - when adding multiples, supported separators are commas, semicolons, and space
    • Any trusted IP address or domain can be added to this list as Link Isolation does not rewrite IP addresses or Domains on this list
    • VIPRE recommends only adding trusted domains, like domains associated with your organization, to the Allowed IPs/Domains list
  3. Click Save

To search for a previously allowed IP address or domain:

  • Type the IP address or domain in the search box and press Enter

To delete a previously allowed IP address or domain:

  • Locate the desired IP address or domain and click the trash icon on the right side of the screen

 

 

 
 

Denied IPs/Domains

To add an IP address or domain that you want to deny:

  1. On the Denied IPs/Domains tab, click +Add New Denied IP/Domain
  2. Type the IP address or domain in the text box and include a reason why you want to deny it - when adding multiples, supported separators are commas, semicolons, and space
    • Any untrusted IP address or domain can be added to this list
  3. Click Save

To search for a previously denied IP address or domain:

  • Type the IP address or domain in the search box and press Enter

To delete a previously denied IP address or domain:

  • Locate the desired IP address or domain and click the trash icon on the right side of the screen 
 
 

Templates

  1. This allows you to customize the message that your users see:
    1. When they click on the malicious URL based on whether you chose to Warn and Allow or Block Page under URL Filter Configuration
    2. When attempting to access an IP address or domain that has been denied
  2. Click Save

 See End User: What to Expect above for screenshots of what these templates look like.

 
 

Once you've gone through the configuration options detailed in the tabs above, you're ready to enable Link Isolation. 

  1. Scroll to the top of the screen and click the toggle next to Enable Link Isolation

Link Isolation is now configured and enabled. 

Verify that IES is working

 
 

Congrats! VIPRE Integrated Email Security has been successfully configured. 

You can verify that you configured IES correctly by going back to Settings > Email Configuration. It may take a little bit for emails to start populating IES, however, you can view the status here:

If you need assistance, please contact VIPRE Support.