What's new

•File clawback—Following the success of the email clawback feature, we have extended remote remediation to cloud-stored files. When a suspicious file is identified in your log, whether it was uploaded via OneDrive, Google Drive, Microsoft Teams or SharePoint Online, you can remotely quarantine it for immediate inspection. This helps ensure potentially malicious files are neutralized across collaboration platforms as quickly as in email.

•Easier spam reporting—To support improvement of the detection systems, we have simplified the spam reporting process for your end users. When enabled in your tenant settings, a dedicated folder is automatically created in every mailbox. Users can simply move unsolicited emails to this folder, where they are forwarded to the Anti-Spam team for analysis. To keep inboxes organized, reported emails are automatically moved to the Trash folder five minutes after successful submission.

•GeoIP information—Context is essential for robust security, which is why we have integrated GeoIP metadata directly into your workflow. You can now view the sender's country of origin in email details and include this data in your syslog exports. Furthermore, we have added a new condition to Email rules that allows you to automate actions, such as quarantining messages, based on the specific country from which an email was sent.

•Domain age information—Based on your feedback, domain age information is now available in email details and Email rules. While parsing the creation date across all TLDs is not always possible, we provide a reliable fallback by displaying the date when the domain was first observed by ESET’s infrastructure. This allows you to determine whether a sending domain is newly created or well‑established and to build custom rules based on this metadata.

•Rule action to prepend or append HTML—You can now create rules to automatically prepend or append custom HTML content to incoming HTML emails. This is particularly useful for adding organization-wide legal disclaimers, security warning banners, or internal branding to specific message types.

•Other smaller improvements—This release includes several smaller but impactful improvements to enhance your granular control, such as a new Rules applied column in Scan logs, a Spam reason condition for more specific Email rules, and the ability to enable or disable individual detection sources within your Anti-Spam policy. We have also added a State Field to the Email details and expanded the available optional fields for Syslog integration to provide more comprehensive reporting.

•Access control—Introducing RBAC (Role-Based Access Control). Create and assign roles to individual ESET Cloud Office Security users and manage custom permission sets. The access control works similarly to ESET PROTECT, and is available only to users with a valid ESET PROTECT Hub account.

•Email rules templates with variables—Added variables within the email rule engine to provide more flexibility when you create custom rules. For inspiration and easier deployment and customization, ESET PROTECT provides more than 20 pre-defined ready-to-use templates. Review each template carefully before enabling it, and test on a smaller subset, such as a group, before applying it to your entire tenant.

•Use your own Syslog certificate—You can upload your own certificate chain for use with syslog. This gives you another option to export logs from ESET Cloud Office Security using your certificate instead of a public SSL certificate. Choose based on your preferred certificate trust requirements.

•Email body preview in Mail quarantine reports—When enabled, you and mailbox owners can preview the first 250 characters by hovering over the envelope icon in the Mail quarantine report. This provides for a quick assessment of whether an email is legitimate or not—without logging into the console.

•Quick filters in email Scan logs—Added quick filters to the context menu in email scan logs, enabling you to quickly locate and review related emails. When you click a specific email, these filters help you efficiently find similar or identical email messages across mailboxes by From, To, Message ID, or Subject, saving time and improving investigation accuracy.

•Suspend and Unsuspend Users in Microsoft 365 and Google Workspace—You can now suspend users directly from within the platform during an investigation. This immediately signs the user out of all active sessions and blocks login access—even when using a third-party identity provider. This feature helps you respond more quickly to potential incidents involving compromised credentials.

•New Quarantine Option: Hidden Folder—One of the most requested features is now available—email release directly into users' inboxes. The new quarantine option uses a hidden folder, so emails can be delivered safely and discreetly. This setting can be enabled per tenant. Additionally, when this hidden folder quarantine is enabled, all quarantined items are stored in the user's own account. This ensures data residency compliance, as the emails remain within the same data center as your Microsoft 365 or Google Workspace accounts.

•Grouped Logs for Cleaner Interface—Instead of listing each individual scan, the logs are now grouped by email, giving you a clearer and more user-friendly overview. Detailed scan information for each email remains accessible through the email details view.

•Updated Email Detail Page Layout—The Email Details page has been redesigned to use screen space more effectively and display more comprehensive information. It now offers additional context and actionable options in a more intuitive layout.

•Manual Email Recheck—You can now manually re-scan clean emails directly from the Email Details page for added peace of mind.

•QR Code Phishing (Quishing) Detection—As QR codes become more common, so do the risks. ESET Cloud Office Security now scans QR codes found in images and checks for embedded phishing links, enhancing your protection against modern attack methods.

•Quick Link to Generate Updated Mail Quarantine Reports—A small but powerful enhancement: Mail quarantine reports now include a link to request an updated version. Simply click the link in the previous report to instantly generate a new one and check for any new quarantined emails.

•Phishing Link Detection in Calendar Invites—Adversaries are increasingly using calendar invites to deliver phishing links, which are often automatically added to users' calendars without traditional email filtering. This update introduces automatic scanning of calendar event links, with malicious links being removed immediately.

•Email previews in quarantine—View email content directly within the quarantine. This feature eliminates the need to download messages for assessment. All preview actions are recorded in the Audit logs.

•Quarantine report improvements—You can now receive a full quarantine report for all users within a tenant, with actionable links that allow quarantined emails to be released directly from the report by the user.

•Customizable email banners—Email rules now include a new Add body banner action that enables you to add customizable banners to emails. You can define alert titles, explanatory text, colors, and placement within the email. Messages are tagged with banners based on specific conditions to help deliver important information to recipients.

•Exclusions from manual and auto-protection—You can exclude certain user accounts from both auto-protection and manual protection. It is especially useful for the auto-protection mode if you need to make exceptions. User accounts on the exclusion list cannot be manually protected. You can cancel the exclusion using the Allow protection from the context menu and then manually protect a user. If you use auto-protection, the user gets automatically protected after clicking Allow protection.

•Additional details in Exchange Online and Gmail reports—Email reports now include a list of unprotected accounts and high-level subscription details, providing improved visibility into your security environment.

•Configurable columns on all screens with tables - click the gear icon and Edit columns to customize the table on your current screen. The column configuration is saved and also applied when exporting data to a PDF file.

•Added the option to Export/Import policies.

•Added Sender to Approved Senders List from the Sample Submission Dialog.

•Bulk Email Clawback—You can now move multiple suspicious emails to quarantine at once, eliminating the need to do this manually one by one.

•New actions for email rules—Move to Junk folder, Notify owner and Notify admins.

•Improved malware detection exclusion workflow—You can add exclusions directly from the Detections page.

•Introduced a new format, ECS (Elastic Common Schema) v8.17, into Syslogs. Also, new Optional fields were added for scan logs: Reply-To and Cc email details, SPF, DKIM, and DMARC.

•Added email rules into policies with customization of conditions and actions for received email messages. Use conditions containing authentication methods (DKIM, DMARC and SPF) to define your custom sender verification and anti-spoofing rules.

•Added an option to export users into a CSV file. The list of users is exported directly from the Users page and includes each user protection status.

•Added new field From Name to email detail and Syslogs.

•Customize the Dashboard using the Edit mode to change its layout by adding or removing widgets, adjusting the widget's size and order to fine-tune how you see the statistics information. Add custom tabs and rearrange the order of the tabs if it suits you better.

•Added Syslogs fields: Mailbox and User Principal Name.

•Added Email clawback enables you to manually quarantine any email message, including emails with a clean scan result or when only the attachment was quarantined previously. You can do this from Scan logs and Detections. This feature is useful for advanced spear phishing attacks that are usually difficult to detect. Moving a suspicious email from a user's inbox into quarantine prevents the user from opening it and enables you to inspect it manually.

•Added a new option to add Detection exclusions to policies. While you were able to add sender exclusions for SPAM before, you can now also exclude malware files intended for training purposes such as cybersecurity campaigns.

•You can now submit false positives and false negatives (missed Spam, Phishing or Malware) directly from the Scan logs. Additionally, you can block the sender's domain, IP address, or email address from the same screen. Ensure you have the Log Clean Objects enabled in Policies to see clean emails in the Scan logs.

•Added the option to send audit logs via Syslogs.

•Sender columns and filter for email logs Detections, Quarantine and Scan logs screens.

•ESET Connect API is now available for ESET Cloud Office Security Quarantine and Detections.

•Homoglyphs are now being evaluated during phishing detection.

•The Dashboard now has updated UI components, refreshing the overall look of the console.

•Added Syslogs export—automatically send encrypted syslogs to your desired syslog server.

•Automatic Email Re-scans—further improves spam catch rate of email messages with a lower confidence score. Such emails may be re-scanned after a few seconds or minutes once ESET internal systems can make a confident conclusion about the email.

•A Sender field was added to the email details page, eliminating the need to search through email headers. The Sender is the "From" value extracted from the headers. Having the Sender available in the details makes it easier to identify the actual sender, for example, when you suspect the sender is spoofed.

•Added warning for Google Workspace tenant when the ESET Cloud Office Security app consent is revoked (for example, the ESET Cloud Office Security app is uninstalled).

•Other bug fixes and back-end improvements.

•Added Google Workspace Integration.

•Platform navigator to quickly access ESET Business Account (more consoles to follow in coming months).

•Other bug fixes and back-end improvements.

•Added Google Workspace Admin Account Verification.

•Added User Type Column.

•Other bug fixes and back-end improvements.

•Added Google Workspace (Gmail and Google Drive protection) – access the Preview Features from the Quick Links.

•Added Dark mode theme.

•Added Platform navigator for ESET HUB Early Access Users.

•Other bug fixes and back-end improvements.

•Added Tenant Association to ESET Business Account (EBA) sites. This change ensures compatibility with the future customer portal ESET PROTECT HUB, which will replace ESET MSP Administrator (EMA) and ESET Business Account (EBA). It affects only a handful of customers using subscriptions from multiple sites to protect a single tenant. If this is your case, you will be prompted to associate your tenants with EBA sites.

•Other minor improvements and bug fixes.

•Improvements in lazy loading of screens to better support tenants with tens of thousands of users.

•Changes to the add tenant wizard.

•Updates on the About page.

•Terms of Use and Privacy Policy updates (Limitations and Data Retention Policy).