Email Retro Scan
Email Retro Scan allows you to scan up to 14 days of old messages in your Office 365 (O365) inboxes and check if your current email security solution missed any threats. Contact your account manager to enable this feature.
Scan for threats
To scan for threats in your Office 365 inbox:
- Log in to the Cloudflare dashboard, and select your account and domain.
- Go to Area 1 > Retro Scan.
- Select Generate report.
- Cloudflare needs authorization to access your O365 messages. Select Authenticate with Microsoft, and give Cloudflare the required permissions.
- Back to Cloudflare dashboard, select Grant mail access. Then, select your account and give Cloudflare the required permissions.
- Select Grant directory sync access.
- Select your account and give Cloudflare the required permissions.
- Select Continue.
- In Configure your report, choose one or more domains to scan.
- Under Scan date range, select the date range to perform the scan from the drop-down menu.
- Choose your current email security system, from Current email security system.
- Select Continue.
- Select Done. Cloudflare will begin the task of analyzing all your emails for the chosen domains. This might take some time depending on the size of the inbox and number of domains chosen. You do not need to wait for the scan to complete. Cloudflare will send you an email alert when the scan is complete. If you decide to wait, select View report when the scan finishes.
Analyze results
- Log in to the Cloudflare dashboard, and select your account and domain.
- Go to Area 1 > Retro Scan.
- Select Scan report. This tab shows the total number of emails scanned, a breakdown of the threat types found within the domains selected, the top targeted employees, and the most common places where threats originate from.
- To create an offline copy of the threat report, select Download Report.
- Select View detections to inspect emails found by Retro Scan. You can filter emails by threat type (for example, malicious).