With the introduction of real-time scanning to FortiMail 6.4.0, there is still the inherent risk that user's may open potentially dangerous emails in Microsoft 365 before the FortiMail unit has had the opportunity to scan the email, especially if the email contains large attachments.
To mitigate this risk, enable
hide-email-on-arrival to automatically move email to a hidden folder on arrival for it to be subjected to real-time scanning. Only after the email is scanned and deemed safe is it then removed from the hidden folder and placed into the user's mailbox.
This feature (disabled by default) can only be enabled using the CLI Console.
To enable this feature, open the CLI Console and enter the following:
config ms365 setting
set hide-email-on-arrival enable