Email scanning SHALL be capable of reviewing emails after delivery.

Why This Matters

Without post-delivery email scanning, malicious content such as phishing links or malware payloads can reach users before detection. If an email is initially allowed but later found to be harmful, the absence of retrospective scanning means the threat remains in user mailboxes. Enabling after-delivery review ensures that administrators can identify and remediate dangerous emails that bypassed initial filters.

What Aether365 Checks

Aether365 verifies that your Microsoft 365 environment is configured to scan emails after delivery. This check appears in the Aether365 dashboard under the microsoft-365 section and aligns with the CIS framework control CISA.MS.EXO.10.3.