Quick-start guide: Onboarding a new email domain

This guide includes the steps for onboarding a new email domain and configuring settings specific to the email domain.

Adding and activating an organization

You indicate the email domains you want protected by adding organizations in Graphus. Graphus protects an email domain under the constructs of an organization. When creating an organization in Graphus, you should use your main/root domain. Graphus will automatically protect all the subdomains under the main domain.

IMPORTANT Make sure you select the correct email domain because you won't be able to change the domain after you create the organization.

After you create an organization, you must provide Graphus with the API permissions required to access your email domain. This is done by activating the organization. The steps to activate an organization are different for Microsoft and Google domains. For both types of domains, you will need admin or super-admin credentials.

After you provide Graphus with the needed API access, the Graphus AI will analyze all historical data in your email domain, which might take 24 to 48 hours. After this step is completed, Graphus will start protecting your email.

The Subscription card on the Organizations page enables you to track your license usage. The License Used field indicates the number of consumed licenses (first number) and the total number of licenses purchased (second number).

IMPORTANT You won't be able to activate an organization if you don't have enough licenses available.

The Inboxes Protected field displays the total number of inboxes protected by Graphus. The number include inboxes Graphus is protecting for free, if any.

How to...

Configuring settings for a new email domain

Once a new organization has been activated, you can enable settings that apply to this organization only.

IMPORTANT Keep in mind that the settings you configured and saved as the default on the MSP Administration page have already been applied to the new organization.

Organization Settings – descriptions

Investigation Functionalities: Here you can configure investigation tools used in the Investigate modal. Options include determining how users view email content, whether they can download attachments, or if they can use a sandbox.
Phish911 Configuration: This setting allows email recipients to report suspicious emails that look like phishing attempts but were not quarantined or did not include a banner.

When an email is reported, Graphus will immediately quarantine the email for all recipients of this email. Graphus will also send an acknowledgment email to the reporter and create an alert within Graphus. Then, an admin can analyze the reported email and decide if it should remain quarantined or be released.

You configure the method by which recipients can report these emails. It is important that you create a dedicated inbox in your email domain that is only used for this feature. Every email sent to this inbox will trigger the Graphus Phish911 process. The configuration methods (types) available are:
- Graphus: Recipient forwards suspicious emails to the dedicated Phish911 inbox.
- Phishing Awareness Training: Recipient clicks the Phish Alert Report button (plugin from your phishing training solution) in the email.
- Microsoft 365 Report Phishing: Recipient clicks the Microsoft Outlook Report Message button in the email.
  For more information, see the guideSetting up Phish911 to report phishing.
Executive Spoofing Prevention: Graphus will immediately quarantine any emails that appear to be impersonating the names of executives you enter here. It is strongly recommended you enter an executive’s full name to prevent unwanted quarantines.
Impersonation Protection for Internal Senders: Graphus will utilize email authentication parameters such as SPF, DKIM and DMARC to block emails sent to your organization that are impersonating the internal domain. Make sure your email authentication is set up properly before activating this feature. If it is not set up or set up incorrectly, activating this feature might cause legitimate internal emails to be falsely quarantined.
EmployeeShield® Banner with Mail Filtering: The EmployeeShield Banner feature can be enabled at the organization level when it's not enabled globally. When enabled globally, organization level settings have priority over global settings. Additional EmployeeShield Banner settings, such as enabling the banner for specific users, are available at the organization level. We encourage you to activate and set up all the banner features that are marked as recommended in the Graphus portal.

You can enable personal mail filtering at the organization level only. This will allow a recipient to mark an
email as junk via a link in the banner. Future emails from a marked junk sender will be blocked for this particular recipient only.
For information, see the article Setting up the Personal Spam Filter for graymail filtering.

IMPORTANT The Graphus Feedback app must be configured for each organization for which you enable the EmployeeShield banner. If you don't configure the feedback app the email recipient will be asked to provide admin consent when providing feedback via the EmployeeShield banner for the first time. For configuration information, see the article Setting up the EmployeeShield® banner.

Quarantine Folder Configuration: Select the folder for which quarantined emails will be moved. The Personal Spam Filter will always move email to the deleted folder.
Email Notification for Graphus Alerts: For the categories you enable, every time Graphus creates an alert, it will send an email notification to the recipients you specify. For example, if Quarantine is enabled, an email notification will be sent to recipients whenever an email is quarantined. For the other categories, an email will be sent when a banner is applied to an email (EmployeeShield enabled) or when a user reports an email via Phish911 (Phish911 enabled).
SIEM/Ticketing Integration: Graphus will publish an event to the configured SIEM or ticketing system when it generates an alert for the categories you enable.
Whitelisting: Graphus will skip processing any inbound email with attributes that match the whitelisted parameters. No quarantine or EmployeeShield functionalities in Graphus will be applied to such emails. See the article Graphus whitelisting options and best practices.
Organization Mail Filter: Upload a list of junk mail senders that will be blocked for the whole organization.
For information, see the article Setting up the Personal Spam Filter for graymail filtering.
Group Protection: Graphus will only protect the users within the group identified by the email address you enter. The group must already exist in M365 or Google. If you are using Phish911, you must add the email address of the dedicated Phish911 inbox to the protected group. Otherwise, Phish911 will not work.

We recommend you configure the following settings at a minimum for each organization:

Investigation Functionalities
Phish911
Executive Spoofing Prevention
Impersonation Protection for Internal Senders
EmployeeShield Banner
Email Notification for Graphus Alerts or SIEM/Ticketing Integration (especially Phish911)

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.