Overview
Ocean can operate in two permission modes: Read-Only for threat monitoring and reporting, or Read/Write for active threat protection. This guide explains how to upgrade from read-only to read/write mode, enabling Ocean to automatically remediate detected threats by moving or quarantining malicious emails.A Microsoft 365 Global Admin account is required to grant the additional permissions.
What Changes with Read/Write Mode
Read-Only Mode
- Ocean analyzes and reports on threats
- No emails are moved, deleted, or quarantined
- Full visibility into threat landscape
- Your team manually handles remediation
Read/Write Mode
- Automatic threat remediation based on configured policies
- Malicious emails can be quarantined or moved to trash/spam
- Users can be notified of threats
- Quarantined emails can be released by administrators
Remediation Actions
With read/write permissions, Ocean can perform the following actions based on your configured policies:| Action | Description |
|---|---|
| Quarantine | Removes the email from the user’s mailbox and stores it securely for admin review |
| Move to Trash | Moves the email to the user’s Deleted Items folder |
| Move to Spam | Moves the email to the user’s Junk Email folder |
| Do Nothing | Logs the threat but takes no action (useful for monitoring) |
Remediation actions are configurable per threat type (malicious, spam) and can be customized to match your organization’s security policies.
Upgrade Steps
Access Integration Settings
Navigate to Integrations in the Ocean portal. Locate your Microsoft 365 integration and click Edit.
Select Read & Write Permissions
In the integration wizard, change the permission level from Read to Read & Write.
Save Changes
Click Save to initiate the permission upgrade. You will be redirected to Microsoft 365 to authorize the additional permissions.
Authorize Additional Permissions
- Log in to Microsoft 365 with a Global Admin account
- Review the additional permissions being requested
- Click Accept to grant the permissions
Additional Permissions Required
When upgrading to Read/Write mode, Ocean requests the following additional Microsoft Graph API permissions:Mail Management
Read and write mail in all mailboxes
Read and write mail in all mailboxes
Scope:
Mail.ReadWriteWhat it does: Enables the app to create, read, update, and delete mail in all mailboxes without a signed-in user.Why it’s needed: Allows Ocean to move or delete malicious emails from user mailboxes as part of automated remediation.Read and write all user mailbox settings
Read and write all user mailbox settings
Scope:
MailboxSettings.ReadWriteWhat it does: Enables the app to create, read, update, and delete all user’s mailbox settings.Why it’s needed: Allows Ocean to manage mailbox rules and settings as part of threat remediation workflows.Mailbox Folder Management
Read and write all mailbox folders
Read and write all mailbox folders
Scope:
MailboxFolder.ReadWrite.AllWhat it does: Enables the app to create, read, update, and delete mail folders in all mailboxes.Why it’s needed: Allows Ocean to create quarantine folders and manage email organization during remediation.Import and export mailbox items
Import and export mailbox items
Scope:
MailboxItem.ImportExport.AllWhat it does: Enables the app to import and export items in all mailboxes.Why it’s needed: Allows Ocean to restore quarantined emails back to user mailboxes when released by administrators.Full access to user mail
Full access to user mail
Scope:
User-Mail.ReadWrite.AllWhat it does: Enables the app to read, update, create and delete all user mail.Why it’s needed: Provides comprehensive access for threat remediation actions across all protected mailboxes.External User Management
Manage external user profiles
Manage external user profiles
Scopes:
ExternalUserProfile.ReadWrite.All, PendingExternalUserProfile.ReadWrite.AllWhat it does: Enables the app to read and write external user profile information.Why it’s needed: Allows Ocean to manage external sender information as part of threat intelligence and remediation.Complete API Permissions Summary
Below is the complete list of Microsoft Graph API permissions for Read/Write mode (includes all read-only permissions plus the additional write permissions):Read Permissions (base permissions)
Additional Write Permissions
Configuring Remediation Policies
After upgrading to Read/Write mode, you can configure remediation policies in the Ocean portal:- Navigate to Settings → Policies
- Configure actions for each threat category:
- Malicious emails: Recommended action is Quarantine
- Spam emails: Recommended action is Move to Trash
- Save your policy configuration
Frequently Asked Questions
Will existing emails be affected when I upgrade?
Will existing emails be affected when I upgrade?
No, the upgrade only affects how Ocean handles new threats going forward. Existing emails in user mailboxes are not modified during the upgrade process.
How quickly does remediation happen after upgrade?
How quickly does remediation happen after upgrade?
Once upgraded and configured, Ocean remediates threats in near real-time as they are detected. Most malicious emails are quarantined within seconds of detection.
Can users retrieve quarantined emails?
Can users retrieve quarantined emails?
Quarantined emails can only be released by administrators through the Ocean portal. Users cannot access quarantined emails directly, ensuring malicious content remains isolated.
What happens if Ocean is unavailable?
What happens if Ocean is unavailable?
Will Ocean interfere with existing email security tools?
Will Ocean interfere with existing email security tools?
Ocean is designed to complement existing email security infrastructure. It operates as an additional layer of protection and does not interfere with other security tools like Microsoft Defender or third-party email gateways.