VIPRE Integrated Email Security (IES) is a cutting-edge cloud email security solution designed to protect organizations from modern email threats and seamlessly enhance Microsoft 365 environments. Leveraging AI-driven threat detection and non-disruptive API integration, VIPRE IES provides comprehensive, real-time protection for both external and internal emails. This robust solution effectively combats sophisticated attacks like Business Email Compromise (BEC) and social engineering, ensuring your organization remains secure.
Once you have received the VIPRE IES welcome email (sent from noreply@threatsecure.com) and set your password, follow the steps below to configure. If you have purchased VIPRE Integrated Email Security and have not yet received this email, please reach out to your Account Executive or Onboarding Manager.
Step 1: Configure an Email Source
VIPRE Integrated Email Security integrates with your organization's Microsoft 365 tenant to provide total protection by catching anything that might get through. The first step is to configure an email source within VIPRE Integrated Email Security.
Important
While VIPRE IES does work with IMAP sources, IMAP configuration is intended for testing purposes only and is not recommended for use in VIPRE IES otherwise.
This product works best when integrated with your organization's Microsoft 365 tenent account and the instructions below are for a Microsoft 365 configuration. Compatibility with other email sources, like Google Workspace, are on the roadmap and coming soon! Watch the release notes space for updates.
Before getting started, you will need the administrator login credentials for your organization's Microsoft 365 tenant account.
Follow these steps from within the VIPRE IES web console:
- Navigate to Settings > Email Configuration
- On the Email Configuration screen, select Add M365 at the top
-
Name your Microsoft 365 source
- This name is used in various places throughout IES, including Message Logs
- Select your Integration Mode
- Inline: All mail will be delivered to VIPRE IES via mail flow rules prior to arrival at the end user's Inbox
- Monitoring: A copy of all email will be delivered to VIPRE IES via journaling rules
- Click Continue

You will then be prompted to sign in to your Microsoft 365 tenant account. You will be presented with a list of APIs that VIPRE is requesting permissions to.
For additional details on how to manage email sources, visit IES Email Sources. The next step in our guided setup is setting up an action rule.
Step 2: Set up Action Rules
VIPRE Integrated Email Security (IES)'s Action Rules under the Settings menu allow you to enable powerful and customizable rules for your email.
The Anatomy of an Action Rule
Before we discuss how to configure an action rule, let's first examine its different parts.
Action Rule |
An action rule has multiple parts including:
|
Rule Expression | A rule expression is created within the greater action rule, giving specific instructions for the action rule to follow |
Action | An action tells the action rule what to do with the emails that it finds based on the rule expression |
In the example shown in the screenshot below, you can see what makes up the body of a VIPRE IES Action Rule.

- Name of the action rule
- Description of the action rule
- Rule Expression: any(analysis.detections, .engine == "Vipre Spam" && .severity != "CRITICAL") This shows that this particular action applies to emails that are detected by the VIPRE AntiSpam engine with a Critical severity
- Actions: Quarantine, Notify Recipient
- Option to stop evaluating other action rules on match is checked
- Option to enable this action rule is checked
- Edit: Make changes to your action rule
- Trash: Delete your action rule
Default Action Rule
There is one action rule included in VIPRE IES by default.
- Quarantine Malicious Email: This action rule includes a rule expression that will quarantine all emails that are deemed to be malicious and will send an email notification to the end-user or recipient of the email; applies to Inline Mode only
To verify that the existing action rule will meet the needs of your organization:
- From within the VIPRE IES web console, navigate to Settings > Action Rules
- On the Action Rules screen, you'll see the Quarantine Malicious Email action rule; using the example above as a reference guide, determine if this existing rule meets the needs or your organization

Does the existing default action rule meet the needs of your organization?
Step 3. Configure Link Isolation
VIPRE Email Security Link Isolation is like URL sandboxing for your email. When a user clicks on a URL within an email, the email is then scanned again and Link Isolation analyzes the URL. Rescanning the link at the time the user clicks on it, even if it happens days or months after receiving the email, provides stronger protection against zero-day threats.
Your experience with Link Isolation is dependent on the options you choose here. Review all of the options below carefully to determine the best action plan for your organization before implementation.
- From your VIPRE IES admin portal, click on Settings > Link Isolation in the left-side menu
- You will see the following options available to you: URL Filter Configuration, Allowed IPs/Domains, Denied IPs/Domains, and Templates
- Select a tab below to learn more about each option
URL Filter Configuration
- On the URL Filter Configuration tab, select from the following options:
- Click-time Protection
- Enable Deeplink: This option allows Link Isolation to perform deep, cloud-based scanning to analyze malicious URLs and obtain more information; also enables URL categorization and screenshots/previews of malicious URLs
- Click-Through > Block: Blocks all potentially malicious URLs that have been clicked in the email; unable to proceed
- Click-Through > Warn and allow override: Displays a warning when potentially malicious URLs have been clicked in the email; gives the option to ignore the warning and proceed to the website
- URL Rewriting
- Rewrite displayed URLs and underlying links: Visible links shown as URLs will be rewritten; this may alter the appearance of the email as rewritten URLs can be quite long
- Rewrite URLs in text mode email: Rewrites URLs both in HTML and text mode; this may alter the appearance of the email as rewritten URLs can be quite long
- Rewrite URLs in released/replayed emails: Rewrites URLs when replaying quarantined emails
- Click-time Protection
- Click Save

Allowed IPs/Domains
- On the Allowed IPs/Domains tab, click +Add New Allowed IP/Domain
- Type the IP address or domain in the text box and include a reason why you want to allow it - when adding multiples, supported separators are commas, semicolons, and space
- Any trusted IP address or domain can be added to this list as Link Isolation does not rewrite IP addresses or Domains on this list
- VIPRE recommends only adding trusted domains, like domains associated with your organization, to the Allowed IPs/Domains list
- Click Save
To search for a previously allowed IP address or domain:
- Type the IP address or domain in the search box and press Enter
To delete a previously allowed IP address or domain:
- Locate the desired IP address or domain and click the trash icon on the right side of the screen
Denied IPs/Domains
To add an IP address or domain that you want to deny:
- On the Denied IPs/Domains tab, click +Add New Denied IP/Domain
- Type the IP address or domain in the text box and include a reason why you want to deny it - when adding multiples, supported separators are commas, semicolons, and space
- Any untrusted IP address or domain can be added to this list
- Click Save
To search for a previously denied IP address or domain:
- Type the IP address or domain in the search box and press Enter
To delete a previously denied IP address or domain:
- Locate the desired IP address or domain and click the trash icon on the right side of the screen
Templates
- This allows you to customize the message that your users see:
- When they click on the malicious URL based on whether you chose to Warn and Allow or Block Page under URL Filter Configuration
- When attempting to access an IP address or domain that has been denied
- Click Save
See End User: What to Expect above for screenshots of what these templates look like.
Enable Link Isolation
Once you've gone through the configuration options detailed in the tabs above, you're ready to enable Link Isolation.
- Scroll to the top of the screen and click the toggle next to Enable Link Isolation

Link Isolation is now configured and enabled.
Congrats! VIPRE Integrated Email Security has been successfully configured.
You can verify that you configured IES correctly by going back to Settings > Email Configuration. It may take a little bit for emails to start populating IES, however, you can view the status here:

- If in the future you find the default action rules aren't working for you, please visit IES Action Rules for details on how to manage action rules and configure new ones.
- For release notes, visit IES What's New.
- To find all product documentation for VIPRE IES, visit VIPRE Integrated Email Security on the VIPRE Success Center.
If you need assistance, please contact VIPRE Support.
If the default action rule does not meet your needs, you can disable or delete it and configure a new one.
To create your own customized action rule, navigate to Settings > Action Rules and follow the steps below:
- Click Add Action Rule in the top right corner of the screen
-
Name: Give your action rule a descriptive name so you can easily identify it
- This name is used to identify the action rule in the Message Logs screen
- Description: (Optional) Add more details about the action rule's purpose
-
Rule: Define the conditions for your action rule here, using the autocomplete feature; click Validate to confirm that your rule is set up correctly
- See How to Build a Rule Expression below for additional guidance
- Actions > Select an action: Choose the actions to be taken when the rule conditions are met (e.g., quarantine the email, send a notification, etc.)
- Check whether or not you want the action rule to stop checking any other configured action rules when the conditions of this one match
- Check whether or not you want to enable this action rule
-
Name: Give your action rule a descriptive name so you can easily identify it
- Click Save

Tips for Creating Effective Action Rules
Things to keep in mind when creating an action rule:
-
Action Rule Order
- All action rules are executed in the order in which they appear
- After you create your rules, make sure to verify that they are in the appropriate order

-
Rule Expression Editor
- The rule expression editor uses a free-form text field that utilizes autocomplete
- Click See Documentation to find examples and rule templates that can be inserted directly into the rule editor
- Click the Validate button to verify that your rule is correctly formatted
- The rule expression editor uses a free-form text field that utilizes autocomplete

-
Actions
- There can be more than one action for a policy
- After adding the desired actions, click the check mark to add it to the policy

How to Build a Rule Expression
Rule Expressions are like instructions that tell VIPRE Integrated Email Security what to look for when analyzing your emails. We create these instructions using the following way to write conditions:
Basic Examples
-
Checking for suspicious emails:
analysis.verdict == "SUSPICIOUS"
- This rule checks if our system has flagged the email as suspicious
-
Checking for emails with high severity:
analysis.severity == "HIGH"
- This rule checks if the email has been flagged as high severity
Building Blocks
Here are some of the "Rule Expression building blocks" you can use:
-
analysis.severity
: This allows you to check for the severity of the email.- Values include: CRITICAL, HIGH, MEDIUM, LOW, INFO
-
analysis.verdict
: This allows you to check for the verdict of the email.- Values include: MALICIOUS, SUSPICIOUS, WHITELISTED, CLEAN
-
analysis.detections
: This allows you to check what the scan engines found.-
analysis.detections.severity
: Values include: CRITICAL, HIGH, MEDIUM, LOW, INFO -
analysis.detections.verdict
: Values include: MALICIOUS, SUSPICIOUS, WHITELISTED, CLEAN -
analysis.detections.engine
: Values include: VIPRE AV, VIPRE AntiSpam, VIPRE URL Scan, BEC, etc.
-
-
source_context.mode
:This allows you to check for messages based on email source mode- Values include: MONITORING, INLINE
-
source_context.type
: This allows you to check for messages based on email source type- Values include: O365, IMAP
The autocomplete feature within the VIPRE IES rule expression editor will help you build these rule expressions, and the Validate button will verify that the syntax of your rule expression is correct.
Checking for Multiple Conditions within an Email’s Analysis
Sometimes you need to check for more than one thing. For example, to check if an email is suspicious and was flagged by the "BEC" engine, you can use:
analysis.verdict == "SUSPICIOUS" and any(analysis.detections, {.engine == "BEC"})
-
any()
: This part of the rule checks if at least one of the scan engines found something- In the example above, it's checking if the "BEC" engine has detected something
Step 3. Configure Link Isolation
VIPRE Email Security Link Isolation is like URL sandboxing for your email. When a user clicks on a URL within an email, the email is then scanned again and Link Isolation analyzes the URL. Rescanning the link at the time the user clicks on it, even if it happens days or months after receiving the email, provides stronger protection against zero-day threats.
Your experience with Link Isolation is dependent on the options you choose here. Review all of the options below carefully to determine the best action plan for your organization before implementation.
- From your VIPRE IES admin portal, click on Settings > Link Isolation in the left-side menu
- You will see the following options available to you: URL Filter Configuration, Allowed IPs/Domains, Denied IPs/Domains, and Templates
- Select a tab below to learn more about each option
URL Filter Configuration
- On the URL Filter Configuration tab, select from the following options:
- Click-time Protection
- Enable Deeplink: This option allows Link Isolation to perform deep, cloud-based scanning to analyze malicious URLs and obtain more information; also enables URL categorization and screenshots/previews of malicious URLs
- Click-Through > Block: Blocks all potentially malicious URLs that have been clicked in the email; unable to proceed
- Click-Through > Warn and allow override: Displays a warning when potentially malicious URLs have been clicked in the email; gives the option to ignore the warning and proceed to the website
- URL Rewriting
- Rewrite displayed URLs and underlying links: Visible links shown as URLs will be rewritten; this may alter the appearance of the email as rewritten URLs can be quite long
- Rewrite URLs in text mode email: Rewrites URLs both in HTML and text mode; this may alter the appearance of the email as rewritten URLs can be quite long
- Rewrite URLs in released/replayed emails: Rewrites URLs when replaying quarantined emails
- Click-time Protection
- Click Save

Allowed IPs/Domains
- On the Allowed IPs/Domains tab, click +Add New Allowed IP/Domain
- Type the IP address or domain in the text box and include a reason why you want to allow it - when adding multiples, supported separators are commas, semicolons, and space
- Any trusted IP address or domain can be added to this list as Link Isolation does not rewrite IP addresses or Domains on this list
- VIPRE recommends only adding trusted domains, like domains associated with your organization, to the Allowed IPs/Domains list
- Click Save
To search for a previously allowed IP address or domain:
- Type the IP address or domain in the search box and press Enter
To delete a previously allowed IP address or domain:
- Locate the desired IP address or domain and click the trash icon on the right side of the screen
Denied IPs/Domains
To add an IP address or domain that you want to deny:
- On the Denied IPs/Domains tab, click +Add New Denied IP/Domain
- Type the IP address or domain in the text box and include a reason why you want to deny it - when adding multiples, supported separators are commas, semicolons, and space
- Any untrusted IP address or domain can be added to this list
- Click Save
To search for a previously denied IP address or domain:
- Type the IP address or domain in the search box and press Enter
To delete a previously denied IP address or domain:
- Locate the desired IP address or domain and click the trash icon on the right side of the screen
Templates
- This allows you to customize the message that your users see:
- When they click on the malicious URL based on whether you chose to Warn and Allow or Block Page under URL Filter Configuration
- When attempting to access an IP address or domain that has been denied
- Click Save
See End User: What to Expect above for screenshots of what these templates look like.
Enable Link Isolation
Once you've gone through the configuration options detailed in the tabs above, you're ready to enable Link Isolation.
- Scroll to the top of the screen and click the toggle next to Enable Link Isolation

Link Isolation is now configured and enabled.
Congrats! VIPRE Integrated Email Security has been successfully configured.
You can verify that you configured IES correctly by going back to Settings > Email Configuration. It may take a little bit for emails to start populating IES, however, you can view the status here:

- If in the future you find the default action rules aren't working for you, please visit IES Action Rules for details on how to manage action rules and configure new ones.
- For release notes, visit IES What's New.
- To find all product documentation for VIPRE IES, visit VIPRE Integrated Email Security on the VIPRE Success Center.
If you need assistance, please contact VIPRE Support.
Struggling with the action rule editor or writing rule expressions? We're here to help! If you need assistance, please submit a request to our Support team. A Support Technician will contact you promptly.
In the meantime, let us move on to the next step:
Step 3. Configure Link Isolation
VIPRE Email Security Link Isolation is like URL sandboxing for your email. When a user clicks on a URL within an email, the email is then scanned again and Link Isolation analyzes the URL. Rescanning the link at the time the user clicks on it, even if it happens days or months after receiving the email, provides stronger protection against zero-day threats.
Your experience with Link Isolation is dependent on the options you choose here. Review all of the options below carefully to determine the best action plan for your organization before implementation.
- From your VIPRE IES admin portal, click on Settings > Link Isolation in the left-side menu
- You will see the following options available to you: URL Filter Configuration, Allowed IPs/Domains, Denied IPs/Domains, and Templates
- Select a tab below to learn more about each option
URL Filter Configuration
- On the URL Filter Configuration tab, select from the following options:
- Click-time Protection
- Enable Deeplink: This option allows Link Isolation to perform deep, cloud-based scanning to analyze malicious URLs and obtain more information; also enables URL categorization and screenshots/previews of malicious URLs
- Click-Through > Block: Blocks all potentially malicious URLs that have been clicked in the email; unable to proceed
- Click-Through > Warn and allow override: Displays a warning when potentially malicious URLs have been clicked in the email; gives the option to ignore the warning and proceed to the website
- URL Rewriting
- Rewrite displayed URLs and underlying links: Visible links shown as URLs will be rewritten; this may alter the appearance of the email as rewritten URLs can be quite long
- Rewrite URLs in text mode email: Rewrites URLs both in HTML and text mode; this may alter the appearance of the email as rewritten URLs can be quite long
- Rewrite URLs in released/replayed emails: Rewrites URLs when replaying quarantined emails
- Click-time Protection
- Click Save

Allowed IPs/Domains
- On the Allowed IPs/Domains tab, click +Add New Allowed IP/Domain
- Type the IP address or domain in the text box and include a reason why you want to allow it - when adding multiples, supported separators are commas, semicolons, and space
- Any trusted IP address or domain can be added to this list as Link Isolation does not rewrite IP addresses or Domains on this list
- VIPRE recommends only adding trusted domains, like domains associated with your organization, to the Allowed IPs/Domains list
- Click Save
To search for a previously allowed IP address or domain:
- Type the IP address or domain in the search box and press Enter
To delete a previously allowed IP address or domain:
- Locate the desired IP address or domain and click the trash icon on the right side of the screen
Denied IPs/Domains
To add an IP address or domain that you want to deny:
- On the Denied IPs/Domains tab, click +Add New Denied IP/Domain
- Type the IP address or domain in the text box and include a reason why you want to deny it - when adding multiples, supported separators are commas, semicolons, and space
- Any untrusted IP address or domain can be added to this list
- Click Save
To search for a previously denied IP address or domain:
- Type the IP address or domain in the search box and press Enter
To delete a previously denied IP address or domain:
- Locate the desired IP address or domain and click the trash icon on the right side of the screen
Templates
- This allows you to customize the message that your users see:
- When they click on the malicious URL based on whether you chose to Warn and Allow or Block Page under URL Filter Configuration
- When attempting to access an IP address or domain that has been denied
- Click Save
See End User: What to Expect above for screenshots of what these templates look like.
Enable Link Isolation
Once you've gone through the configuration options detailed in the tabs above, you're ready to enable Link Isolation.
- Scroll to the top of the screen and click the toggle next to Enable Link Isolation

Link Isolation is now configured and enabled.
Congrats! VIPRE Integrated Email Security has been successfully configured.
You can verify that you configured IES correctly by going back to Settings > Email Configuration. It may take a little bit for emails to start populating IES, however, you can view the status here:

- If in the future you find the default action rules aren't working for you, please visit IES Action Rules for details on how to manage action rules and configure new ones.
- For release notes, visit IES What's New.
- To find all product documentation for VIPRE IES, visit VIPRE Integrated Email Security on the VIPRE Success Center.
If you need assistance, please contact VIPRE Support.