Outlook Integration

Govern Microsoft 365 email with policy enforcement.

Overview

The Outlook integration connects Aguardic to your Microsoft 365 email via Microsoft Graph OAuth. Aguardic monitors email activity, evaluating message content and attachments against your policies and enforcing actions through folder-based quarantine.

Setup

Connect via OAuth

Go to Integrations > Add Integration > Outlook in the Aguardic dashboard and click Connect. You'll be redirected to Microsoft to authorize Aguardic with the required Graph API permissions for mail access.

Bind policies

After connecting, go to Policy Bindings and map your policies to the Outlook integration. You can create separate policies for inbound and outbound email.

Configure enforcement

Choose how Aguardic enforces policy results on Outlook:

BLOCKMoves the email to the "Aguardic Quarantine" folder, removing it from the inbox

WARNMoves the email to the "Aguardic Warning" folder, flagging it for review

MONITOR_ONLYNo visible action in Outlook, violations logged in Aguardic only

How It Works

Email sent or received

An email is sent or received

Change notification

Microsoft Graph sends a change notification to Aguardic

Fetch email data

Aguardic fetches the email content, metadata, and attachments

Policy evaluation

The governance engine evaluates against bound policies

Enforce policies

The email is moved to the appropriate folder based on the enforcement mode

Aguardic automatically creates the "Aguardic Quarantine" and "Aguardic Warning" folders in your Outlook mailbox when the first violation is detected.

What Gets Evaluated

Email subjectCheck for sensitive keywords or naming patterns

Email bodyScan content for PII, confidential data, or policy violations

AttachmentsFile names, types, and content of attached files

Sender and recipientsEmail addresses of all parties

DirectionWhether the email is inbound or outbound

Example Policies

Compliance Keyword Detection

Flag emails containing regulatory compliance keywords:

Field: body
Operator: CONTAINS
Value: material non-public information|insider trading|MNPI
Severity: CRITICAL

Unauthorized Recipient Warning

Warn when emails are sent to personal email domains:

Field: recipients
Operator: MATCHES
Value: @(gmail|yahoo|hotmail|outlook)\.(com|co\.uk)$
Severity: MEDIUM

Large Attachment Detection

Flag emails with unusually large attachments that may indicate data exfiltration:

Field: attachment_size
Operator: GT
Value: 25000000 (25 MB)
Severity: HIGH

Next Steps

Gmail Integration — Similar setup for Google Workspace email
Your First Policy — Deep dive into policy creation

Gmail Google Drive