Over 90% of cyberattacks begin with email. Phishing, business email compromise (BEC), malicious attachments, and credential harvesting links remain the primary entry point for ransomware, data theft, and financial fraud — and they’re getting harder to detect. AI-generated phishing emails are now grammatically flawless, contextually personalised, and virtually indistinguishable from legitimate messages. Traditional spam filters that scan for known malicious signatures catch perhaps 60–70% of threats. The remaining 30–40% — the targeted, AI-crafted attacks — sail through.
AI-powered email security flips the detection model. Instead of matching emails against a database of known threats, it learns the normal communication patterns within your organisation and flags anything that deviates. An email “from” your CEO requesting an urgent wire transfer to an unfamiliar bank? The AI knows your CEO has never emailed that person, never used that bank, and never made urgent payment requests by email — and blocks it before anyone clicks.
This guide walks through setting up AI email security from tool selection to ongoing optimisation, regardless of whether you run Microsoft 365 or Google Workspace.
What You’ll Need
Before starting, ensure you have:
- Admin access to your email platform — Global Administrator or Exchange Administrator for Microsoft 365; Super Admin for Google Workspace. You’ll need these permissions to connect the security tool and modify mail flow rules.
- A current email platform — Microsoft 365 (Business Basic or higher) or Google Workspace (any tier). These are the two platforms all major AI email security tools integrate with.
- A chosen email security tool — see Step 1 for recommendations based on your budget and organisation size.
- A list of VIP/high-risk users — executives, finance team, anyone with wire transfer authority, IT administrators. These accounts need enhanced protection from day one.
- 30–60 minutes for initial setup, then 15 minutes per week for ongoing monitoring during the first month.
Step 1: Choose Your Email Security Tool
Your choice depends on whether you want to enhance your existing email platform’s built-in security or add a dedicated third-party layer.
Enhance what you already have (lowest cost, fastest deployment):
Microsoft Defender for Office 365 is included with Microsoft 365 Business Premium (£18/user/month) and M365 E5 (£47/user/month). If you’re already on one of these plans, you have AI-powered email security available — you just need to configure it properly. Defender for Office 365 provides Safe Attachments (detonates suspicious files in a sandbox before delivery), Safe Links (checks URLs at time of click, not just time of delivery), anti-phishing policies with impersonation detection, and automated investigation and response for detected threats.
Google Workspace includes built-in AI-powered spam and phishing protection that’s strong by default. For most small businesses on Google Workspace, the built-in protections are adequate for baseline security. Enhanced controls are available through Google Workspace security settings and can be supplemented with third-party tools if needed.
Add a dedicated third-party layer (strongest protection):
Abnormal Security is the gold standard for BEC and social engineering detection. Unlike content-based filters, Abnormal analyses behavioural patterns — who normally communicates with whom, what requests are typical, and what deviates from established patterns. This approach catches the AI-generated, personalised attacks that content-based tools miss. Enterprise pricing; best suited for organisations with 200+ employees.
Barracuda Email Protection provides comprehensive email security including AI-powered impersonation detection, link protection, and automated incident response at mid-market pricing (approximately £2–4/user/month). A strong option for organisations wanting dedicated email security without enterprise-tier pricing.
Avanan (Check Point Harmony Email) installs via API directly inside M365 or Google Workspace — scanning emails after they pass through native filters but before they reach the inbox. This “inline” approach catches threats that native filters miss without disrupting mail flow. Mid-market pricing.
Our recommendation: For most SMBs, properly configured Microsoft Defender for Office 365 (included in Business Premium) provides strong AI email security at no additional cost. For organisations handling sensitive financial transactions, intellectual property, or high-value targets, adding Barracuda or Avanan as a supplementary layer provides meaningful additional protection. Abnormal Security is the right choice for large enterprises where BEC is a primary threat.
Step 2: Integrate With Your Email Provider
The integration process differs by platform and tool. Here are the two most common paths:
Configuring Microsoft Defender for Office 365 (M365 Business Premium/E5):
Sign in to the Microsoft 365 Defender portal (security.microsoft.com) with your Global Administrator account. Navigate to Email & Collaboration, then Policies & Rules, then Threat Policies. You’ll find pre-configured policies for anti-phishing, anti-malware, anti-spam, Safe Attachments, and Safe Links. The default policies provide baseline protection, but the real value comes from customising them for your organisation.
Enable Safe Attachments in “Dynamic Delivery” mode — this delivers the email body immediately while attachments are scanned in a sandbox. If the attachment is clean, it’s released; if malicious, it’s blocked. This approach provides security without the delivery delays that “Block” mode causes.
Enable Safe Links with “Track user clicks” and “Do not allow users to click through to original URL” — this ensures that even if a legitimate-looking URL redirects to a malicious site hours after delivery, the click is blocked in real time.
Configure anti-phishing policies with impersonation protection: add your VIP users (executives, finance team) as protected senders, and add your critical business partners and vendors as protected domains. The AI will flag any email that appears to impersonate these individuals or domains.
Configuring a third-party tool with M365 or Google Workspace:
API-based tools (Avanan, Abnormal Security) connect via your email platform’s API rather than changing mail flow. In M365, this typically involves authorising the tool as an application in Azure Active Directory (Entra ID) and granting it read access to email data. The setup takes 15–30 minutes and requires no changes to MX records or mail routing.
Gateway-based tools (Barracuda, Proofpoint) sit in front of your email platform, filtering messages before they reach M365 or Google. This requires updating your MX records to point to the security vendor’s servers rather than directly to Microsoft or Google. The change takes 24–48 hours to propagate fully. During this window, ensure the vendor’s servers are authorised in your SPF record to prevent delivery failures.
For either approach, allow 24–72 hours after initial setup for the AI to begin learning your organisation’s communication patterns. Protection is active immediately against known threats, but the behavioural AI becomes more effective over the first 1–4 weeks as it establishes baseline patterns.
Step 3: Configure Detection Policies
Default policies provide baseline protection. Custom policies tailored to your organisation’s specific risk profile provide substantially better detection with fewer false positives.
Priority 1: Impersonation protection. Configure your tool to flag emails that impersonate your executives, finance team, or key vendors. In Microsoft Defender, add protected users (by name and email address) and protected domains (your critical suppliers and partners). Set the action to “Quarantine the message” rather than just adding a warning tip — users who see warnings often ignore them.
Priority 2: New sender and domain alerts. Configure alerts for emails from senders or domains that have never previously communicated with your organisation. First-contact emails are statistically the highest-risk category. This doesn’t mean blocking them — it means flagging them with a visual indicator (a banner in the email) that alerts the recipient to exercise caution.
Priority 3: Financial request validation. Create a policy that specifically flags emails containing wire transfer requests, bank account changes, payment instructions, or invoice attachments from external senders. These are the payloads of business email compromise attacks. Route these to quarantine for manual review, or at minimum add a prominent warning banner.
Priority 4: Attachment and link policies. Configure Safe Attachments to scan all attachments in a sandbox environment. Configure Safe Links to rewrite and check URLs at click time. Block file types that have no legitimate business use as email attachments (executable files, scripts, macro-enabled documents unless specifically needed).
Priority 5: Internal email protection. Don’t assume internal-to-internal emails are safe. If an employee’s account is compromised, the attacker sends phishing emails from a trusted internal address. Configure your tool to scan internal emails with the same rigour as external ones — particularly for unusual attachment types, links to unfamiliar domains, and requests that deviate from normal internal communication patterns.
Step 4: Train Your Team
AI catches most threats. Humans need to catch the rest — and humans need to avoid undermining the AI by overriding its decisions.
What the AI catches: Known phishing signatures, malicious attachments, dangerous URLs, impersonation attempts, anomalous sender behaviour, BEC patterns, and bulk phishing campaigns. Your team doesn’t need to worry about these — the AI handles them before they reach the inbox (or flags them prominently if configured in alert-only mode).
What humans still need to spot: Highly targeted spear phishing from compromised legitimate accounts (the AI is learning patterns but may miss a compromised partner’s first malicious email). Social engineering delivered via phone, text, or social media rather than email. Physical security threats (USB drives, shoulder surfing). And AI-generated deepfake voice calls impersonating executives — an emerging threat that email security tools can’t address.
Essential training topics: Never override quarantine decisions without checking with IT. Never approve wire transfers or account changes based solely on email — verify via a separate communication channel (phone call to a known number, in-person confirmation). Report suspicious emails using the built-in reporting button (Microsoft and Google both provide one-click reporting that feeds back into the AI’s detection models). Understand that the warning banners on emails exist for a reason — they’re the AI telling you to pause and think.
Simulated phishing campaigns. Tools like KnowBe4 (from ~£20/month for small teams) send fake phishing emails to your staff and track who clicks. This isn’t about catching and punishing employees — it’s about identifying who needs additional training and measuring whether your training programme is working. Run simulations monthly for the first quarter, then quarterly thereafter. Focus additional training on the individuals and departments that click most frequently.
Step 5: Monitor and Tune
The first month after deployment requires active monitoring to calibrate the AI and reduce false positives to a manageable level.
Review quarantine daily for the first two weeks. Check what the AI is catching: are there legitimate emails being blocked (false positives) or suspicious emails getting through (false negatives)? Release legitimate emails from quarantine and report them as “not junk” — this feedback trains the AI to improve its accuracy. Similarly, report any threats that reached the inbox — the AI learns from these corrections.
Tune impersonation thresholds. If the AI is flagging too many legitimate emails from partners who share similar names with your executives, adjust the impersonation detection sensitivity or add those specific senders to the allowed list. The goal is zero false negatives (no threats getting through) with minimal false positives (few legitimate emails blocked). In practice, expect 1–2 weeks of active tuning before false positives drop to acceptable levels.
Monitor the threat dashboard weekly. Your email security tool provides a dashboard showing threat volume, types detected, users targeted, and trends. Review this weekly to understand your organisation’s threat profile. If one executive is receiving 10x more phishing attempts than others, they need enhanced protection and awareness. If a specific vendor’s domain is being spoofed frequently, add it to your impersonation protection list.
Establish an ongoing review cadence. After the initial tuning period, settle into a weekly 15-minute review of the threat dashboard and quarantine. Monthly, review and update your protected users and domains list (new hires, departed staff, new vendors, terminated partnerships). Quarterly, review your detection policies against the current threat landscape and adjust thresholds.
Frequently Asked Questions
How long before the AI email security is fully effective?
Protection against known threats is immediate upon deployment. Behavioural AI that detects novel attacks based on your organisation’s communication patterns takes 1–4 weeks to establish baseline models, with accuracy improving continuously over the first 3 months. The most significant accuracy improvement happens during the first two weeks, when the AI is rapidly learning normal patterns from your historical email data.
Will AI email security block legitimate emails?
Some false positives are inevitable during the first 1–2 weeks, particularly for emails from new senders, unusual-looking attachments, and messages that happen to match phishing patterns (urgent requests, unfamiliar links). Active quarantine review and feedback during this period trains the AI to distinguish between your organisation’s legitimate communication and genuine threats. After tuning, false positive rates typically drop below 0.1% of total email volume.
Do I still need employee security training if I have AI email security?
Yes — AI email security is a critical layer but not a complete defence. Employees still encounter threats through channels the AI doesn’t monitor (phone calls, text messages, social media, physical social engineering). They also need to understand how to interact with the AI’s warnings and quarantine decisions rather than undermining them. Think of AI as your primary filter and trained employees as your secondary filter — both are necessary.
Also in this series