Aguardic logoAguardic/Docs

Search documentation

Search all documentation pages

Get Started

Outlook Integration

Govern Microsoft 365 email with policy enforcement.

Overview

The Outlook integration connects Aguardic to your Microsoft 365 email via Microsoft Graph OAuth. Aguardic monitors email activity, evaluating message content and attachments against your policies and enforcing actions through folder-based quarantine.

Setup

1. Connect via OAuth

Go to Integrations > Add Integration > Outlook in the Aguardic dashboard and click Connect. You'll be redirected to Microsoft to authorize Aguardic with the required Graph API permissions for mail access.

2. Bind Policies

After connecting, go to Policy Bindings and map your policies to the Outlook integration. You can create separate policies for inbound and outbound email.

3. Configure Enforcement

Choose how Aguardic enforces policy results on Outlook:

  • BLOCK — Moves the email to the "Aguardic Quarantine" folder, removing it from the inbox
  • WARN — Moves the email to the "Aguardic Warning" folder, flagging it for review
  • MONITOR_ONLY — No visible action in Outlook, violations logged in Aguardic only

How It Works

  1. An email is sent or received
  2. Microsoft Graph sends a change notification to Aguardic
  3. Aguardic fetches the email content, metadata, and attachments
  4. The governance engine evaluates against bound policies
  5. The email is moved to the appropriate folder based on the enforcement mode

Aguardic automatically creates the "Aguardic Quarantine" and "Aguardic Warning" folders in your Outlook mailbox when the first violation is detected.

What Gets Evaluated

  • Email subject — Check for sensitive keywords or naming patterns
  • Email body — Scan content for PII, confidential data, or policy violations
  • Attachments — File names, types, and content of attached files
  • Sender and recipients — Email addresses of all parties
  • Direction — Whether the email is inbound or outbound

Example Policies

Compliance Keyword Detection

Flag emails containing regulatory compliance keywords:

  • Field: body
  • Operator: CONTAINS
  • Value: material non-public information|insider trading|MNPI
  • Severity: CRITICAL

Unauthorized Recipient Warning

Warn when emails are sent to personal email domains:

  • Field: recipients
  • Operator: MATCHES
  • Value: @(gmail|yahoo|hotmail|outlook)\.(com|co\.uk)$
  • Severity: MEDIUM

Large Attachment Detection

Flag emails with unusually large attachments that may indicate data exfiltration:

  • Field: attachment_size
  • Operator: GT
  • Value: 25000000 (25 MB)
  • Severity: HIGH

Next Steps

GmailGoogle Drive