Cloudflare Docs
Cloud Email Security (formerly Area 1)
Edit this page
Report an issue with this page
Log into the Cloudflare dashboard
Set theme to dark (⇧+D)

Channel and Alliance Partners

Cloud Email Security Channel and Alliance partners have the option to set up accounts for themselves and their customers.

​​ Create accounts

Start by creating parent and child accounts.

​​ Create a parent account

Parent accounts are treated as containers with no services provisioned. User accounts created at the parent level will allow them to access any child account.

  1. Log in to the Cloud Email Security dashboard.
  2. Go to Settings (the gear icon).
  3. In Delegated Accounts > Accounts, select Create new customer.
  4. Enter their information, and make sure you select Parent in Account Type.
  5. Select Save.

Your newly created account should show up in the list. If not, refresh the page.

​​ Create a child account

  1. Log in to the Cloud Email Security dashboard.
  2. Go to Settings (the gear icon).
  3. In Delegated Accounts > Accounts, select the parent account where you want to create a child account.
  4. Select Create New customer.
  5. Enter their information, and make sure you select Advantage in Account Type.
  6. Scroll down to the Email Traffic Related Information section, and enter the information related to your email provider. The number to enter in Loopback Hops will depend on your email configuration and where Cloud Email Security is in the chain of events. Refer to Inline deployment and API deployment for more information.
  7. For Daily Email Volume and Number of Email Users make sure you enter the appropriate values for your organization.
  8. Select Save.

​​ Create users and assign permissions

You can create users at both the parent and child account level. Users created at parent level will have access to all its child accounts. Users created at child level will only have access to the assigned child account.

Child accounts can limit or disable the level of access allowed from their parent account.

If you modify the Delegated Access controls, make sure you create an administrator account in the child first.

To create an account at parent level or child level:

  1. Log in to the Cloud Email Security dashboard with a parent account or child account depending on what you are trying to create.
  2. Go to Settings (the gear icon).
  3. Go to Users and Actions.
  4. Select Add User.
  5. Enter their information, as well as their Permission level.
  6. Select Send Invitation.

​​ Escalation contacts

You should add escalation contacts so Cloud Email Security can send notifications regarding detection events and critical service related issues. Cloud Email Security highly recommends that these contacts have both phone and email contacts.

Refer to Escalation contacts for more information.

​​ Status alerts

Subscribe to incident status alerts from Cloud Email Security.

​​ Domains setup (inline/API)

Refer to the setup options for Cloud Email Security to learn about the best way of deploying Cloud Email Security in your organization. You can choose between two main setup architectures:

  • Inline deployment
  • API deployment

With an inline deployment, Cloud Email Security evaluates email messages before they reach a user’s inbox. When you choose an API deployment, email messages only reach Cloud Email Security after they have already reached a user’s inbox.

​​ Classification actions

Cloud Email Security recommends that you quarantine MALICIOUS and SPAM dispositions. You can configure this directly in Office 365 and Gsuite, as well as Cloud Email Security.

​​ Message retraction

You can configure message retraction to take post-delivery actions against suspicious email messages. You can retract messages manually or automatically. Refer to Retract settings for more information.

​​ TLS enforcement for domains

To add additional TLS requirements for emails coming from certain domains, you can enforce higher levels of SSL/TLS inspection. Refer to Partner Domains TLS for more information.

​​ Reports

You can subscribe to daily and weekly email reports, as well as SIEM events. For SIEM events, you will need to configure your SIEM tool into Cloud Email Security first.

​​ Whitelisting and blocklisting senders

If you need to whitelist of blocklist senders, refer to Allow and block lists.

​​ Submitting false positives and false negatives

There are several ways of dealing with missed phish or messages flagged as such that are not. Refer to Phish submissions to learn more.

​​ Best practices

Refer to the following pages to learn more:

  1. Business Email compromise (BEC)
  2. Text add-ons
  3. Search and reports