Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Email security behind Microsoft 365: are legacy gateways enough?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 12212
Topic starter  

TL;DR: A European manufacturer found its legacy email security stack was missing hundreds of threats each day and allowed employees to email sensitive documents to personal accounts, according to Proofpoint. The case shows why email protection now has to combine post-delivery response, outbound data controls, and cloud-native visibility, not just perimeter filtering.

NHIMG editorial — based on content published by Proofpoint: a European manufacturer’s email security proof of concept behind Microsoft 365

By the numbers:

Questions worth separating out

Q: What fails when email security still depends on a legacy gateway in Microsoft 365?

A: A legacy gateway can miss threats that only become obvious after delivery, such as impersonation, delayed links, and no-payload BEC.

Q: Why do phishing attacks remain effective even with secure email gateways?

A: Because gateways inspect messages, not human decisions or downstream identity behaviour.

Q: How do security teams know whether email DLP is finding real exposure?

A: They should look for user behaviours that indicate data leaving normal boundaries, such as sensitive files sent to personal accounts or unapproved external mailboxes.

Practitioner guidance

What's in the full article

Proofpoint's full article covers the operational detail this post intentionally leaves for the source:

  • How the Proofpoint Core Email Protection API was evaluated behind Microsoft 365 without changing mail flow
  • What the Adaptive Email DLP findings showed about employees sending sensitive documents to personal accounts
  • How the team used live threat removal, policy tuning, and mailbox investigation during the proof of concept
  • Why the migration was considered operationally easier than a disruptive MX-record redesign

👉 Read Proofpoint’s analysis of modern email protection behind Microsoft 365 →

Email security behind Microsoft 365: are legacy gateways enough?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11787
 

Perimeter email filtering is no longer enough: the control model assumed the dangerous message could be identified before delivery, but modern phishing often becomes dangerous only after it lands. That creates a governance gap between detection and user exposure, especially in Microsoft 365 where email is deeply embedded in daily work. Practitioners should treat post-delivery remediation as a core requirement, not an optional add-on.

A question worth separating out:

Q: Who is accountable when risky email behaviour persists despite detection tools?

A: Accountability sits with the teams that own email governance, data protection, and identity policy, because the control failure is usually a mismatch between approved access and real user behaviour. Frameworks such as NIST CSF and NIST SP 800-53 expect organisations to validate that controls are working in practice, not just installed.

👉 Read our full editorial: Legacy email gateways miss modern phishing and data exfiltration



   
ReplyQuote
Share: