Barracuda Essentials

Foundation - ESS01

Student Guide

Official training material for Barracuda certified trainings and

Autorized Training Centers.
Edition 2018 | Revision 1.0

campus.barracuda.com | [email protected]
© Barracuda Networks Inc., June 14, 2018 2:38 PM. The information contained within this document is confidential
and proprietary to Barracuda Networks Inc. No portion of this document may be copied, distributed, publicized
or used for other than internal documentary purposes without the written consent of an official representative of
Barracuda Networks Inc. All specifications are subject to change without notice. Barracuda Networks Inc. assumes
no responsibility for any inaccuracies in this document. Barracuda Networks Inc. reserves the right to change,
modify, transfer, or otherwise revise this publication without notice.
 Table of Contents

Introduction

1.1 Introduction to Essentials 11

1.1.1 Barracuda Email Security 11

1.1.2 Advanced Threat Protection 11

1.1.3 Barracuda Cloud Archiving Service 11

1.1.4 Barracuda Cloud-to-Cloud Backup 12

1.1.5 Where to Start 12

1.2 Barracuda Email Security Service Features 15

1.2.1 Inbound Email Protection 15

1.2.2 Outbound Email Protection 17

1.2.3 Sender Authentication 22

1.2.4 Email Continuity 24

1.3 Advanced Threat Protection Features 27

1.3.1 Options 27

1.3.2 Advanced Threat Protection Exemptions 29

1.3.3 Administrator Notification 29

1.3.4 ATP Exemptions 30

1.3.5 Message Log 30

1.3.6 View ATP Statistics 30

1.3.7 Deferred Delivery 30

1.4 Barracuda Cloud Archiving Service Features 33

1.4.1 Exchange Integration 33

1.4.2 PST File Import 34

1.4.3 Barracuda PST Enterprise 34

1.4.4 Archive Skype for Business Conversations 34

1.4.5 Retention Policies 34

1.4.6 Audit Log Filtering 35

1.4.7 User Accounts 35

1.4.8 Search Options 36

1.4.9 End-User Search Tools 37

1.5 Barracuda Cloud-to-Cloud Backup Service Features 39

1.5.1 Backup Schedules 39

1.5.2 Retention Policies 39

1.5.3 Restore Data 40

1.5.4 Reports 40

1.5.5 Users 40

1.5.6 Email Notifications 41

Administration

2.1 Activate, Manage, and Access via Barracuda Cloud Control 45

2.2 Initial Deployment 47

2.2.1 Office 365 Admin Credentials 47

2.2.2 PowerShell Requirements 47

2.2.3 Determine Your Deployment 48

2.2.4 Configure Permissions 49

Barracuda Email Security Service

3.1 Introduction to Barracuda Email Security Service 53

3.1.1 Connection Management Layers 53

3.1.2 Mail Scanning Layers 54

3.1.3 Barracuda Antivirus Supercomputing Grid 54

3.1.4 Advanced Spam Detection 55

3.1.5 Predictive Sender Profiling 55

3.1.6 Monitored Outbound Email Volume 56

3.1.7 Encryption 56

3.2 Barracuda Email Security Service Deployment 59

3.2.1 Step 1. Add Users 59

3.2.2 Step 2. Add Additional Email Domains (Optional) 62

3.2.3 Step 3. Create Transport Rule 63

3.2.4 Step 4. Restrict Inbound Mail to the Barracuda Email Security Service IP Range (Optional) 65

3.2.5 Step 5. Configure Outbound Mail 66

3.2.6 Step 6. Configure Sender Policy Framework for Outbound Mail 69

3.3 Inbound Filtering Policy 71

3.3.1 IP Analysis 71

3.3.2 Content Analysis 72

3.3.3 Bulk Email Detection 74

3.3.4 Rate Control 74

3.4 Outbound Filtering Policy 77

3.4.1 DLP and Outbound Mail Encryption 77

3.4.2 Content Analysis 80

3.4.3 Abuse Monitoring and Notifications 81

3.4.4 Outbound Quarantine 82

3.4.5 Outbound Rate Control 82

3.5 Advanced Configuration 85
3.5.1 Secured Message Transmission 85

3.5.2 Sender Authentication 85

3.5.3 Directory Services 87

3.6 Administration 89
3.6.1 User Accounts 89

3.6.2 User Authentication 90

3.6.3 Reports, Logs, and Notifications 92

3.6.4 Quarantine 95

3.7 Outbound Spam Protection 97

3.8 Advanced Threat Protection 99

3.8.1 Advanced Threat Protection Options 99

3.8.2 Advanced Threat Protection Exemptions 101

3.8.3 Administrator Notification 101

3.8.4 ATP Exemptions 102

3.8.5 Message Log 102

3.8.6 View ATP Statistics 102

3.8.7 Deferred Delivery 102

3.9 Email Continuity 103

3.9.1 Notifications and Status 104

3.9.2 Actions 104

3.10 Barracuda Email Security Service Outlook Add-In 105

Barracuda Cloud Archiving Service

4.1 Introduction to the Barracuda Cloud Archiving Service 111

4.1.1 Understanding Compliance 111

4.1.2 Litigation Support 111

4.1.3 Storage Management 112

4.1.4 Knowledge Management 112

4.1.5 Compliance 112

4.1.6 Data Retention 112

4.1.7 Litigation Holds 113

4.1.8 Datacenters by Region 113

4.2 Barracuda Cloud Archiving Service Deployment 115

4.2.1 Step 1. Add Users to Your Barracuda Cloud Control Account 115

4.2.2 Step 2. Add Email Domains 118

4.3 PST Import 119
4.3.1 PST File Import 119

4.3.2 Barracuda PST Enterprise 120

4.4 User Roles 121

4.4.1 User Roles 121

4.4.2 User Accounts 121

4.4.3 Local Accounts 121

4.4.4 LDAP Accounts 123

4.5 End-User Access 125

4.5.1 Barracuda Cloud Archiving Web Interface 125

4.5.2 Barracuda Outlook Add-In 125

4.5.3 Barracuda Stand-Alone Search Utility 127

4.5.4 Barracuda Mobile Companion App 127

4.6 Tools and Add-Ins 129

4.6.1 Barracuda Outlook Add-In 129

4.6.2 Stand-Alone Search Utility 129

4.6.3 Mobile Companion App 130

4.7 Exchange Integration 131

4.7.1 Exchange Operations 131

4.7.2 Email Import 132

4.7.3 Configure Office 365 Exchange Online Service Account and Import Historical Data 132

4.7.4 Archive Non-Email Items 136

4.7.5 Synchronize Folders 136

4.8 Search Options 139

4.8.1 Message Actions 139

4.8.2 Search as User 140

4.8.3 Select Messages 140

4.8.4 Resend to Me 140

4.8.5 Export Messages 140

4.8.6 Forward Messages 141

4.8.7 Tag Messages 141

4.8.8 Search As User 142

4.8.9 Available Actions 142

4.8.10 Build Search Queries 142

4.8.11 Advanced Search Parameters  143

4.8.12 Search Strings 143

4.8.13 Keyword Expressions 144

4.8.14 Wildcards 144

4.8.15 Domain-Based Search Strings 144

4.8.16 Compound Search Strings 144

4.8.17 Stop Words 145

4.8.18 Punctuation in Search Strings 145

4.8.19 Encrypted Email 146

4.9 Retention Policies 147

4.9.1 Global Retention Policy 147

4.9.2 Saved-Search Retention Policy 147

4.10 Litigation Holds 149

4.11 Audit Logs 151

4.11.1 Audit Log Tools and Options 151

Barracuda Cloud-to-Cloud Backup

5.1 Introduction to Barracuda Cloud Backup 155

5.2 Configure Impersonation for Exchange Online 157

5.2.1 Configure Impersonation 157

5.3 Configure an Exchange Online Data Source 161

5.4 Configure Impersonation for OneDrive for Business 165

5.4.1 Configure Impersonation 165

5.5 Configure OneDrive for Business Data Source 171

5.6 Configure SharePoint Online Primary Site Collection Admin 175

5.7 Configure SharePoint Online Data Source 177

5.8 Configure Backup Schedules 181

5.9 Restore Backup 183

5.10 Backup Reports 191

5.10.1 Backup Report 191

5.10.2 Restore Report 191

5.10.3 Audit Log Reports 191

 Introduction

1.1 Introduction to Essentials 11

1.1.1 Barracuda Email Security 11

1.1.2 Advanced Threat Protection 11

1.1.3 Barracuda Cloud Archiving Service 11

1.1.4 Barracuda Cloud-to-Cloud Backup 12

1.1.5 Where to Start 12

1.2 Barracuda Email Security Service Features 15

1.2.1 Inbound Email Protection 15

1.2.2 Outbound Email Protection 17

1.2.3 Sender Authentication 22

1.2.4 Email Continuity 24

1.3 Advanced Threat Protection Features 27

1.3.1 Options 27

1.3.2 Advanced Threat Protection Exemptions 29

1.3.3 Administrator Notification 29

1.3.4 ATP Exemptions 30

1.3.5 Message Log 30

1.3.6 View ATP Statistics 30

1.3.7 Deferred Delivery 30

1.4 Barracuda Cloud Archiving Service Features 33

1.4.1 Exchange Integration 33
1.4.2 PST File Import 34

1.4.3 Barracuda PST Enterprise 34

1.4.4 Archive Skype for Business Conversations 34

1.4.5 Retention Policies 34

1.4.6 Audit Log Filtering 35

1.4.7 User Accounts 35

1.4.8 Search Options 36

1.4.9 End-User Search Tools 37

1.5 Barracuda Cloud-to-Cloud Backup Service Features 39

1.5.1 Backup Schedules 39

1.5.2 Retention Policies 39

1.5.3 Restore Data 40

1.5.4 Reports 40

1.5.5 Users 40

1.5.6 Email Notifications 41

Student Guide | Barracuda Essentials Foundation Introduction to Essentials | 11

1.1 Introduction to Essentials

For pricing, feature lists, and datasheets, refer to the Barracuda Essentials product page on the Barracuda website.

Barracuda Essentials provides the most complete, simple, and affordable solution for protecting business emails and data

in Office 365, Microsoft Exchange, and G Suite. It combines award-winning email security, as well as a tamper-proof email

archive to ensure compliance and simplify litigation searches. For Office 365, Barracuda also offers full cloud-to-cloud

backup and recovery of your emails and files.

1.1.1 Barracuda Email Security

The Barracuda Email Security Service provides additional security features. It has a rich and granular series of filters and

malware management components, allowing greater flexibility and stronger threat protection. The Barracuda Email

Security Service is a comprehensive and affordable cloud-based email security service that protects both inbound and

outbound email against the latest spam, viruses, worms, phishing, and denial of service attacks. Whether you manage

your own mail server or use a hosted service, spam and viruses are blocked in the cloud prior to delivery to your network,

saving network bandwidth and providing additional Denial of Service (DoS) protection.

1.1.2 Advanced Threat Protection

The Advanced Threat Protection (ATP) service analyzes inbound email attachments with most MIME types and publicly

accessible direct download links in a separate, secured cloud sandbox, detecting new threats and determining whether

to block such messages. ATP offers protection against advanced malware, zero-day exploits, and targeted attacks not

detected by the Barracuda Email Security Service virus scanning features. ATP is included with all Essentials bundles.

The standalone Email Security option is available for purchase only through the Barracuda Self-Service

Gateway or Barracuda MSP.

1.1.3 Barracuda Cloud Archiving Service

It is important to guarantee that mail, once archived, cannot be modified, otherwise the archive becomes an unreliable

source of historical and auditing information. Furthermore, archived email is stored alongside working data, exposing it to

damage should something happen to the mail server or hosted service.

Retention policies are a critical element of email archiving. They allow you to decide how long a message is kept

before it is deleted.

The Barracuda Cloud Archiving integrates with your mail server or hosted mail service to create a cloud-based indexed

archive, storing mail in a secure, separate repository for as long as needed without risk of deletion.
12 | Introduction to Essentials Barracuda Essentials Foundation | Student Guide

The Barracuda Cloud Archiving Service provides advanced archiving functionality. Messages stored in the Barracuda Cloud

Archiving Service archive are immutable – they cannot be changed after archiving, ensuring that the archive is an accurate

record of messages received.

1.1.4 Barracuda Cloud-to-Cloud Backup

Barracuda Cloud-to-Cloud Backup protects Exchange Online, OneDrive for Business, and SharePoint Online data by

backing it up directly to Barracuda Cloud Storage. For Exchange Online, Barracuda Cloud-to-Cloud Backup protects all

email messages, including all attachments, as well as the complete folder structure of each user’s mailbox. In OneDrive

for Business, all files under the Documents Library, including the entire folder structure, are protected. Easily locate and

restore folders, individual items, or entire mailboxes. Barracuda Cloud-to-Cloud Backup provides complete protection

of SharePoint Online. With item-level recovery options, items can be restored directly into SharePoint Online from the

backups of Document Libraries, Site Page Libraries, and Picture Libraries in Team Site, Publishing Site, and Wiki Site

1.1.5 Where to Start

Barracuda Essentials is available in the following configurations:

Complete Edition (Available for Office 365 Only)

Cloud-based, multi-layer email security, archiving, and cloud-to-cloud backup for Office 365 mailboxes, OneDrive for

Business, and SharePoint Online, which includes:

• Barracuda Email Security – Security service protecting both inbound and outbound email against the latest spam,

viruses, worms, phishing and DoS attacks.

• Advanced Threat Protection – ATP protects against advanced malware, zero-day exploits, and targeted attacks.

• Barracuda Cloud Archiving Service – Journal mail directly from Office 365 to the Barracuda Cloud to optimize email

storage, meet regulatory compliance and e-discovery requirements, and provide anytime/anywhere access to old emails.

• Barracuda Cloud-to-Cloud Backup – Protects Exchange Online, OneDrive for Business, and SharePoint Online data by

backing it up directly to Barracuda Cloud Storage. For Exchange Online, Barracuda Cloud-to-Cloud Backup protects all

email messages, including all attachments, as well as the complete folder structure of each user’s mailbox. In OneDrive

for Business, all files under the Documents Library, including the entire folder structure, are protected. Easily locate and

restore folders, individual items, or entire mailboxes. For SharePoint Online, all files and folders in Document Libraries, Site

Assets, Picture Libraries, and Form Templates in Team Sites and Public Sites are backed up.

Compliance Edition

Cloud-based spam prevention, email security, ATP, and archiving, which includes:

• Barracuda Email Security – Security service protecting both inbound and outbound email against the latest spam,

viruses, worms, phishing and DoS attacks.

Student Guide | Barracuda Essentials Foundation Introduction to Essentials | 13

• Advanced Threat Protection – ATP protects against advanced malware, zero-day exploits, and targeted attacks.

• Barracuda Cloud Archiving Service – Journal mail directly from your mail server or hosted service to the Barracuda

Cloud to optimize email storage, meet regulatory compliance and e-discovery requirements, and provide anytime/

anywhere access to old emails.

Security Edition

Cloud-based spam prevention, email security, and ATP, which includes:

• Barracuda Email Security – Security service protecting both inbound and outbound email against the latest spam,

viruses, worms, phishing and DoS attacks.

• Advanced Threat Protection – ATP protects against advanced malware, zero-day exploits, and targeted attacks.

Standalone Email Security

Cloud-based spam prevention and email security.

 The standalone Barracuda Essentials Email Security option is available only through the Barracuda Self-
Service Gateway or Barracuda MSP.

• Barracuda Email Security – Security service protecting both inbound and outbound email against the latest spam,

viruses, worms, phishing and denial of service attacks.

Student Guide | Barracuda Essentials Foundation Barracuda Email Security Service Features | 15

1.2 Barracuda Email Security Service Features

1.2.1 Inbound Email Protection

Inbound filtering includes:

• IP Analysis

• Content Analysis

• Regional Policies

• Bulk Email Detection

• Rate Control

• Sender and Recipient Analysis

• Advanced Threat Protection (available with most deployment options)

IP Analysis
Once the true sender of an email message is identified, the reputation and intent of that sender should be determined

before accepting the message as valid, or “not spam”. The best way to address both issues is to know the IP addresses

of trusted email senders and forwarders and define those as exempt from scanning by adding them to a list

of known good senders.

You can create a list of Trusted Forwarders by specifying one or more IP addresses of machines that you have set up to

forward email to the Barracuda Email Security Service from outside sources. The Barracuda Email Security Service exempts

any IP address in this list from Rate Control, Sender Policy Framework (SPF) checks, and IP Reputation. In the Received

headers, the Barracuda Email Security Service continues looking beyond a Trusted Forwarder IP address until it encounters

the first non-trusted IP address. At this point, Rate Control, SPF checks, and IP Reputation checks are applied. Configure on

the Inbound Settings > IP Address Policies page.

Inbound Content Analysis

Set custom content filters for inbound messages based on message content and attachment file name or MIME type on

the Inbound Settings > Content Policies page.

• Attachment Filtering – Select whether to Block, Ignore, or Quarantine attachments based on File Name or MIME type.

Additionally, you can select to Block, Ignore, or Quarantine attached archive files that require a password to unpack.

Message Content Filtering – Base message content filtering on any combination of Subject, Headers, Body,

Attachments, Sender, or Recipient, and select whether to Block, Ignore, or Quarantine messages that meet the entered

criteria. Use regular expressions as well as the following special characters: . [ ] \ * ? $ ( ) | ^ @

16 | Barracuda Email Security Service Features Barracuda Essentials Foundation | Student Guide

Note that you must escape special characters with a backslash (“\”). See Regular Expressions in the Campus

Reference section for advanced filtering text patterns. HTML comments and tags between characters in the HTML

source of a message are filtered out so that content filtering applies to the actual words as they appear when

viewed in a web browser.

Regional Policies
You can select to Block or Quarantine messages based on country of origin or language on the Inbound Settings >

Regional Policies page, allowing you to reduce unwanted Inbound emails.

Bulk Email Detection

Many users subscribe to websites and lists and later forget that they subscribed, or subscribed unknowingly. Email

messages containing anything that looks like an unsubscribe link or instruction may or may not be considered

spam by the recipient. To provide users the opportunity to decide, you can quarantine bulk email messages that

contain unsubscribe links or instructions, or you can choose to block them all, thereby reducing the load on your

mail server. Configure Bulk Email Detection on the Inbound Settings > Anti-Spam/Antivirus page. If this feature is

set to Block or Quarantine, email messages/domains that are exempted by users or the administrator override this

setting and are allowed.

Inbound Rate Control

This feature protects your organization from spammers or spam-programs (also known as “spam-bots”) that send large

amounts of email to the server in a small amount of time. Rate Control for inbound mail is configured on the Inbound

Settings > Rate Control page. The Rate Control mechanism counts the number recipients for a domain from a sender

(a single IP address) over a half-hour timeframe and compares that number to the Maximum Recipients per Sender IP

Address per 30 minutes threshold you set on the page. If the number of inbound recipients for a domain from a sender (a

single IP address) exceeds this threshold within a half hour period, the Barracuda Email Security Service defers any further

connection attempts from that particular IP address until the next half hour time frame and logs each attempt as deferred

in the Message Log with a reason of Rate Control.

 Exemptions from Rate Control

You can exempt trusted IP addresses from Rate Control by adding a trusted IP address to the Rate
Control Exemption list. Organizations that relay email through known servers or communicate frequently
with known partners can and should add the IP addresses of those trusted relays and good mail
servers to this list.
Student Guide | Barracuda Essentials Foundation Barracuda Email Security Service Features | 17

Sender and Recipient Analysis

Use the Inbound Settings > Sender Policies page to exempt, quarantine, or block messages based on username, domain,

or email address. The Barracuda Email Security Service applies header scanning to both the Header and the Envelope From

fields. In the Header field, only the email address portion is checked. Note that wildcards, for example, asterisk (*) or the @

sign are not supported. For example: *@customer.com is recognized as customer.com

Use the Inbound Settings > Recipient Policies page to specify whether to always Scan or always Exempt (whitelist) a

recipient email address. Exempt (whitelisted) recipients bypass spam scoring (see Enable Cloudscan on the Inbound

Settings > Anti-Spam/Anti-Virus page) as well as all other blocklists. Virus scanning still applies.

Advanced Threat Protection

This service analyzes inbound email attachments with most MIME types in a separate, secured cloud environment,

detecting new threats and determining whether to block such messages. ATP offers protection against advanced malware,

zero-day exploits, and targeted attacks not detected by the Barracuda Email Security Service virus scanning features.

1.2.2 Outbound Email Protection

Outbound filtering includes:

• Outbound Mail Data Leak Prevention (DLP) and Encryption

• Content Analysis

• Abuse Monitoring and Notifications

• Outbound Quarantine

• Outbound Rate Control

Outbound Mail Data Leak Prevention and Encryption

For health care providers, governmental agencies, and other entities who need to protect private, sensitive and

valuable information communicated via email, the Barracuda Email Security Service provides Data Leak Prevention

(DLP) features using email encryption. DLP enables your organization to satisfy email compliance filtering for corporate

policies and government regulations such as HIPAA and Sarbanes-Oxley (SOX). Advanced content scanning is applied

for keywords inside commonly used text attachments, as well as email encryption. You can configure email encryption

policies per domain.

• Outbound Mail Encryption – Encryption is performed by the Barracuda Email Encryption Service, which also provides a

web interface, the Barracuda Message Center, for recipients to retrieve encrypted messages.
18 | Barracuda Email Security Service Features Barracuda Essentials Foundation | Student Guide

Figure 1: Mail Flow for Encrypted messages sent through the Barracuda Email Security Service.

 When the Barracuda Email Encryption Service encrypts the contents of a message, the message body
does not display in the Message Log. Only the sender of the encrypted message(s) and the recipient
can view the body of an encrypted message. For more information about privacy, see the Barracuda
Networks Privacy Policy.

• Secure Sensitive Message Transmission – TLS provides secure transmission of email content over an encrypted channel

using the Secure Sockets Layer (SSL) - also known as TLS. For DLP, you should require mail to be sent outbound from the

Barracuda Email Security Service over a TLS connection. To do so, enable Force TLS for each domain on the Outbound

Settings > DLP/Encryption page. Mail sent to these domains must be transmitted across a TLS connection. If a TLS

connection cannot be established, then the mail will not be delivered.

• Define when to Encrypt Messages – Use the Outbound Settings > Content Policies page to create policies for

outbound message encryption in one or both sections:

• Message Content Filters – You can select the Encrypt action for outbound email based on characteristics of the

message’s subject, header or body. You can specify simple words or phrases, or use Regular Expressions. Content

filtering is case sensitive.

• Predefined Filters – You can select the Encrypt action for outbound email messages that contain matches to pre-

made patterns in the subject line, message body, or attachment. Use the pre-defined data leakage patterns (specific to

U.S.) to meet HIPAA and other email security regulations:

• Credit Cards – Messages sent through the Barracuda Email Security Service containing recognizable Master Card,

Visa, American Express, Diners Club or Discover card numbers will be subject to the action you choose.

• Social Security – Messages sent with valid social security numbers will be subject to the action you choose. U.S.

Social Security Numbers (SSN) must be entered in the format nnn-nn-nnnn.

• Privacy – Messages will be subject to the action you choose if they contain two or more of the following data types,

using common U.S. data patterns only: credit cards (including Japanese Credit Bureau), expiration date, date of birth,

Social Security number, driver’s license number, street address, or phone number.
Student Guide | Barracuda Essentials Foundation Barracuda Email Security Service Features | 19

• HIPAA – Messages will be subject to the action you choose if they contain TWO of the types of items as described in

Privacy above and ONE medical term, or ONE Privacy item, ONE Address and ONE medical term. A street address can

take the place of Privacy patterns. So, for example, a U.S. Social Security Number (SSN), an address, and one medical

term is enough to trigger the HIPAA filter.

The format of this data varies depending on the country, and these filters are more commonly
used in the United States; they do not apply to other locales. Because of the millions of ways that
any of the above information can be formatted, a determined person will likely be able to find a
way to defeat the patterns used. These filter options are no match for educating employees about
what is and is not permissible to transmit via unencrypted email.

• Send/Receive Encrypted Messages – The Barracuda Message Center is a web-based email client for receiving and

managing encrypted email sent by the Barracuda Email Security Service. The email client looks and behaves much like

any web-based email program.

Outbound Content Analysis

• Custom Content Filters – Customize content filtering based on any combination of subject, headers, body,

attachments, sender, or recipient, and apply to outbound mail. Filter actions for outbound mail include Block, Allow,

Quarantine, and Encrypt. Messages that meet the Quarantine criteria are sent to the Outbound Quarantine for the

administrator to evaluate. Messages can then be viewed, delivered, rejected, deleted, or exported from the Overview >

Outbound Quarantine page.

• Attachment Content Filters – All outbound messages, including those from exempt senders, go through attachment

filtering. On the Outbound Settings > Content Policies page, you can select to filter text matching the entered pattern

based on File Name or MIME type, and select whether to Block, Ignore, or Quarantine outbound messages. Additionally,

you can select to Block, Ignore, or Quarantine attached archive files that require a password to unpack.

• Message Content Filters – Enter filter patterns and select to Block, Allow, Quarantine, or Encrypt for Subject, Headers,

Body, Attachments, Sender, or Recipient. Note that Header filters are applied to both the header name and content of

any header, while the Subject filters only scan the contents of the Subject header. Use regular expressions as well as the

following special characters: . [ ] \ * ? $ ( ) | ^ @

When using these special characters, you must escape each character with a backslach (“\”).

• Predefined Filters – Select a predefined data leakage patterns (specific to the United States) for Subject, Headers, Body,

or Attachments. Select whether to Block, Quarantine, or Encrypt outbound messages based on the filter. Add

exemptions to predefined HIPAA or Privacy content filters to prevent outbound emails that include phone number or

street address items from being blocked, quarantined, or encrypted.

20 | Barracuda Email Security Service Features Barracuda Essentials Foundation | Student Guide

• Image Analysis – Image analysis techniques protect against new image variants. Image analysis is automatically

configured in the Barracuda Email Security Service.

Abuse Monitoring and Notifications

Outbound email traffic is automatically monitored for Rate Control by the Barracuda Email Security Service. If the volume

of outbound mail messages from the service exceeds normal levels during a 30 minute time frame, the Rate Control

feature will take effect and outbound mail will be deferred until the end of the 30 minute time frame. IP addresses of

senders of outbound mail who consistently trigger Rate Control is logged on the Outbound Settings > Abuse Monitor

page in the IP Addresses With Recent Abuse.

An abuse notification email may be sent to the administrator of your Barracuda Email Security Service for various reasons.

These include but are not limited to:

• Sending mail to more recipients per 30 minute period then allowed by the Barracuda Email Security Service.

• Sending out mail to more invalid recipients than allowed by the Barracuda Email Security Service.

• Sending out mail that has been classified by the Barracuda Email Security Service as spam or as containing a virus.

If your network sends out a large email blast, this may trigger an abuse notice from the Barracuda Email Security Service.

This notice informs you that you are sending out mail to more recipients per 30 minute period then the Barracuda Email

Security Service allows. This is not a block of your mail, but rather delays the delivery of the messages. The mail will

eventually go out, but at a much slower rate over a longer period of time.

To prevent generation of an abuse notice, it is recommended that you spread out the delivery of email blasts over a longer

period of time or to smaller groups of recipients, and to make sure that the addresses you are sending to are legitimate.

The limits set by the Barracuda Email Security Service on the number of recipients that can be sent mail per 30 minutes

protects against an outbound spam attack from a customer’s network.

• IP Addresses With Recent Abuse – The owner of an IP address that appears in this table on the Outbound Settings >

Abuse Monitor page for consistently exceeding Rate Controls may use the Request Increased Limit button to request

Barracuda Networks to allow a higher volume of outbound mail so that Rate Control does not take effect.

• Suspended IP Addresses – IP addresses that send very high volumes of email, consistently triggering Rate Controls, may

be suspended from sending outbound mail through the Barracuda Email Security Service. Contact Barracuda Networks

Technical Support if your IP address appears in this list.

Outbound Quarantine
Configure policies on the Outbound Settings pages to quarantine outgoing messages that meet certain criteria.

The administrator can view all quarantined outbound messages from senders within the organization and select to delete,

reject, deliver, or export those messages from the Overview > Outbound Quarantine page.
Student Guide | Barracuda Essentials Foundation Barracuda Email Security Service Features | 21

 Rejected Messages
When enabled by the administrator, the sender receives a non-delivery report (NDR) indicating that their
message will not be sent to the recipient.

When a message ends up in the outbound quarantine, the sender receives an NDR email when Quarantine Sender
Notification is enabled on the Outbound Settings > Notifications page. The email template is configurable.

Configure Sender Quarantine Notification

Use the following steps to configure sender quarantine notifications:

1. On the Outbound Settings > Notifications page, in the Sender Quarantine Notification section, select Yes to send a

notification to the sender of a quarantined outbound message.

2. Enter the Quarantine Notification Address.

3. Enter the subject of the NDR in the Quarantine Notification Subject field.

4. Configure the body of the NDR email using the Quarantine Notification Template.

5. Click Save Changes.

If the administrator rejects an email in the outbound quarantine, an NDR is sent to the email sender. The email

template is configurable.

Configure Rejected Message Sender Notification

Use the following steps to configure sender quarantine notifications:

1. On the Outbound Settings > Notifications page, enter the following details in the Notification to Sender of

Rejected Message section:

a. Reject Notification Address – Enter the NDR ‘from’ address that the sender receives.

b. Reject Notification Subject – Enter the NDR subject that the sender receives.

c. Reject Notification Template – Configure the body of the NDR.

2. Click Save Changes.

Outbound Rate Control

The Barracuda Email Security Service outbound rate limit is the number of messages an individual user on the account

can send out per day. By default, the Barracuda Email Security Service outbound rate limit is set to 150 recipients per 30

minutes per sender, or 7200 recipients per day. If users are hitting this rate limit, then they are sending mail to more than

150 recipients per 30 minute period.

22 | Barracuda Email Security Service Features Barracuda Essentials Foundation | Student Guide

 Note that rate limit is not a block of their mail, but a deferral. The mail server retries this mail until
it is all delivered. Per-user rate control only affects users listed in the Users > Users List; the rate
limit for users not in this page get the per-domain rate limit, normally 250 per 30 minute period.
Anyone sending outbound mail through the Barracuda Email Security Service should be listed in
the Users > Users List page.

A sender may hit rate control limits due to your mail server configuration. For example, if a user sends out a mass mailing

to 1000 people, they will hit their rate control limit. Based on 150 recipients per 30 minute period, it will take at least 4

hours for all of the mail to be delivered. If your mail server retries this deferred mail every few minutes this can cause the

sender to remain rate limited for a very long time. Barracuda recommends that you configure your mail server to retry

deferred connections every 30 minutes to avoid this issue.

If you have mail that must go out immediately, Barracuda recommends either:

• Bypassing the Barracuda Email Security Service and sending it directly to the Internet, or

• Use a mass mailing service designed for this purpose.

 If you are using a mass mail program that does not retry deferred mail, Barracuda recommends that you
configure the system to deliver the mail directly to the Internet or have it relay the mail through a fully
functional mail server that can correctly handle deferred mail.

Exceeding rate control limits displays in your outbound abuse report page, however, if there is a problem with your

account resulting in your outbound IP address being blocked or a blocked user email address, Barracuda will contact you

via email or phone explaining the problem requiring attention.

1.2.3 Sender Authentication

Sender Authentication mechanisms enable the Barracuda Email Security Service to protect your network and users from

spammers who might “spoof” a domain or otherwise hide the identity of the true sender. Sender authentication includes:

• How to Configure Sender Policy Framework

• Content Analysis - Outbound

Sender Policy Framework

SPF is an open standard specifying a method to prevent sender address forgery. The current version of SPF protects the

envelope sender address, which is used for message delivery. SPF works by having domains publish reverse MX records

to display which machines are designated as mail sending machines for that domain. When receiving a message from a

domain, the recipient can check those records to verify mail is coming from a designated sending machine. If the message

fails the SPF check, it is assumed to be spam.

Student Guide | Barracuda Essentials Foundation Barracuda Email Security Service Features | 23

Select whether to enable SPF for checking inbound mail on the Inbound Settings > Sender Authentication page. When

enabled, Messages that fail SPF check are blocked and logged as such.

If you have SPF checking enabled on your mail server or network, it is critical when using the Barracuda
Email Security Service that you either disable SPF checking in the service or add the Barracuda Email
Security Service IP ranges 64.235.144.0/20 and 209.222.80.0/21 to your SPF exemptions. Otherwise, your
SPF checker blocks mail from domains with an SPF record set to Block because the mail is coming from
a Barracuda Email Security Service IP address not in the sender’s SPF record. For more information, see
the Sender Policy Framework Project Overview.
You can optionally enable Sender Rewriting Scheme (SRS) for a specific domain from the Domains >
Domain Manager > Domain Settings page. When enabled, the IP address of the sending mail server is
visible to the SPF verification agent on the recipient’s end. The recipient’s SPF agent checks the reverse
MX records for your domain and verifies your IP address as an authorized sender to ensure message
delivery to the recipient.

Configure SPF for Inbound Mail

1. Log in to your Barracuda Cloud Control account, and click Email Security in the left pane.

2. Go to the Inbound Settings > Sender Authentication page, and select from the available options in the Use Sender

Policy Framework section:

a. Block FAIL – The SPF FAIL (also referred to as Hard FAIL) response indicates that the IP address of the message

sender does not match the IP address or range of IP addresses specified in the sending domain name’s SPF

record, and that the real owner of the domain has specifically indicated that such messages should be rejected

(blocked) as spoofed.

b. Block FAIL, SOFTFAIL – The SPF SOFTFAIL response indicates that the message sender’s IP address does not match

the IP address or range of IP addresses specified in the sending domain name’s SPF record. A SOFTFAIL means that

the domain owner did not specify how such messages should be handled.

c. Off – When set to Off, the Barracuda Email Security Service does not query DNS for an SPF record for the sending

domain to verify whether the sender is the true owner of that domain. If you are concerned about domain

spoofing, enable one of the SPF options.

 You can optionally enable Sender Rewriting Scheme (SRS) for a specific domain on the
Domains > Domain Settings page. When enabled, the sending mail server IP address is visible to
the SPF verification agent on the recipient’s end. The recipient’s SPF agent checks the reverse MX
records for your domain and verifies your IP address as an authorized sender to ensure message
delivery to the recipient.

3. Click Save Changes.

24 | Barracuda Email Security Service Features Barracuda Essentials Foundation | Student Guide

You can exempt mail relay servers and other machines from SPF checks that are set up specifically to forward mail to the

Barracuda Email Security Service from outside sources. Mail from these IP addresses is still scanned for spam.

Exempt Trusted IP Addresses from SPF Checks

1. Log in to your Barracuda Cloud Control account, and click Email Security in the left pane.

2. Go to the Inbound Settings > Sender Authentication page, and in the Use Sender Policy Framework section, enter

the IP Address and Netmask and optional Comment.

3. Click Add in the Actions column, and click Save Changes.

To assure outbound mail from your Barracuda Email Security Service that Barracuda Networks is the authorized sending

mail service, add the following to the SPF record INCLUDE line for each domain sending outbound mail based on your

Barracuda Email Security Service instance. For example, type:

include:spf.ess.barracudanetworks.com -all

1.2.4 Email Continuity

Email Continuity allows end-users to send, receive, compose, and forward emails when designated mail servers are

unavailable. Note that Email Continuity is automatically disabled after 96 hours. Messages in the Email Continuity are

viewable in the Message list for 30 days, after which they expire.

Enable Email Continuity for all users on all domains on the account to comply with business continuity regulations.

When Email Continuity and spooling are enabled, the Barracuda Email Security Service continually checks designated

mail server connections. When the service determines a mail server is offline, spooling begins immediately and Email

Continuity begins 10 minutes later. The Barracuda Email Security Service then continues to check designated mail server

availability until the connection is restored. Once the service determines spooling has stopped and email is flowing, Email

Continuity remains active for up to an hour after spooling has stopped and email is flowing.

Figure 1. Designated Mail Servers are Available, Mail is Flowing.

Student Guide | Barracuda Essentials Foundation Barracuda Email Security Service Features | 25

Figure 2. Designated Mail Servers are Unavailable, Email Continuity is Enabled.

Note the following:

• The original mail headers and timestamp sent/received during an outage are synchronized to the primary mail server to

minimize end-user confusion.

• Message for the primary and alias email are delivered to the primary account.

• When replying to a message or forwarding a message from Email Continuity, the sender is the primary email address.

• Outbound messages sent via Email Continuity are subject to the configured outbound policies.

• When Email Continuity is enabled, if the administrator logs in as a user, that user’s message log is view-only.

• Messages cannot be deleted from the Email Continuity Service.

• You cannot access or send messages via quarantine notification email when Email Continuity is in effect.

When Email Continuity is activated, users can continue to view their messages in the Message Log. In addition to the

standard message actions in the Message Log view, users can compose a new message, and forward or reply to a

message. Spooled messages display in the account admin, domain admin, recipient, and sender Message Logs when

Email Continuity is running.

Enable spooling for each domain where you want to enable Email Continuity, and then enable Email Continuity on the

Users > Email Continuity page.

Student Guide | Barracuda Essentials Foundation Advanced Threat Protection Features | 27

1.3 Advanced Threat Protection Features

The Advanced Threat Protection (ATP) service analyzes inbound email attachments with most MIME types and publicly

accessible direct download links in a separate, secured cloud sandbox, detecting new threats and determining whether

to block such messages. ATP offers protection against advanced malware, zero-day exploits, and targeted attacks not

detected by the Barracuda Email Security Service virus scanning features. Enable ATP on the ATP Settings page.

 When ATP determines an attachment or publicly accessible direct download link contains a threat
and blocks the message, review the ATP Report before determining whether to deliver the message.
See Advanced Threat Protection Reports and Understanding Advanced Threat Protection Reports
for more information.

1.3.1 Options
Configure policies on the Inbound Settings > Content Policies page, and specify how and when attachments are

scanned on the ATP Settings page.

Deliver First, then Scan

When selected, the ATP service attempts to scan the mail in real time. If the ATP scan completes in real time and a virus

is detected, the message is blocked and is not delivered. If the ATP scan does not complete in real time, the message is

delivered; if the ATP service determines the attachment to be suspicious or virus-infected upon completion, the recipient

is notified, and if Notify Admin is set to Yes, an email alert is sent to the specified admin address.

Figure 1. Scan is Complete in Real Time, No Threat Detected.

28 | Advanced Threat Protection Features Barracuda Essentials Foundation | Student Guide

Figure 2. Mail is Delivered Before Scan Complete; Threat Detected.

 This option does not delay email processing, however, the email recipient can potentially open an
infected attachment.

Scan First, then Deliver

When selected, the ATP service scans new messages with attachments before delivery. If a virus is detected

in an attachment, or the attachment is a known threat, the message is blocked, otherwise, the message is

delivered to the recipient.

 This option provides more security and prevents the email recipient from opening infected attachments.
These messages appear in the Message log and Pending Scan displays in the Reason column. The mail
server retries until the scan is complete and no virus is detected in the attachment, at which point the
message is delivered. Note that messages with attachments may be temporarily deferred while queued
for scanning. If the message status is deferred for more than four hours, the message is quarantined.

Figure 3. Attachment is Recognized as a Known Threat.

Student Guide | Barracuda Essentials Foundation Advanced Threat Protection Features | 29

Figure 4. Attachment is Scanned and Determined to be Suspicious.

Figure 5. No Threat Detected in Attachment.

Advanced Threat Protection Disabled

When set to No, ATP is disabled.

1.3.2 Advanced Threat Protection Exemptions

When ATP is set to either Deliver First, then Scan or Scan First, then Deliver, you can exempt sender email addresses,

sender domains, recipient email addresses, recipient domains, or sender IP addresses from ATP scanning in the ATP

Exemptions section on the ATP Settings page.

 Attachments from exempted entries are not sent to the ATP cloud. Note that these exemptions apply
to ATP scanning only and do not apply to Barracuda Email Security Service virus scanning.

1.3.3 Administrator Notification

When Deliver First, then Scan is selected, select Yes for Notify Admin to notify the administrator when a virus is detected

by the ATP service in a scanned attachment. The email notification includes the sender, recipient, attachment type, and

detected virus. Enter the admin email address in the ATP Notification Email field address. Infected attachments are

listed in the ATP Log.

30 | Advanced Threat Protection Features Barracuda Essentials Foundation | Student Guide

1.3.4 ATP Exemptions

When ATP is set to either Deliver First, then Scan or Scan First, then Deliver, you can exempt sender email addresses,

sender domains, recipient email addresses, recipient domains, or sender IP addresses from ATP scanning. Attachments

from exempted entries are not sent to the ATP cloud. Note that these exemptions apply to ATP scanning only and do not

apply to Barracuda Email Security Service virus scanning.

1.3.5 Message Log

Messages blocked or deferred by the ATP service are listed in the Message Log with the following codes listed

in the Reason column:

• Advanced Threat Protection – Message is blocked by the ATP service due to an infected attachment.

• Pending Scan (Scan First, then Deliver enabled) – Message is deferred while the attachment is scanned. The mail server

retries until the scan is complete. Once complete, if no virus is detected, the message is delivered.

• ATP Service Unavailable – Message is deferred because the ATP service is temporarily unavailable. The message is retried

and, when the scan is complete and if no virus is detected, the message is delivered.

1.3.6 View ATP Statistics

The Dashboard page displays statistics of scanned attachments determined to be infected by the ATP service.

1.3.7 Deferred Delivery

If a message scanned by ATP is quarantined or blocked (for example, ATP determines the message attachment is

suspicious), the admin can select to deliver the message.

Determine Whether to Deliver Message

1. Log in to Barracuda Email Security Service as the administrator, and go to Overview > Message Log.

2. Set message filters and search criteria as needed, and click Search.

3. Messages blocked by ATP display as Not Delivered.

4. Click on the message, and in the reading pane, click ATP Reports.

5. The Email Delivery Warning dialog box displays a list of attachments, one or more of which is suspected

of being Infected. If you want to deliver the email and the associated attachments, first review the report

for each attachment.

6. Click View Report for the suspicious attachment, and review the report details.

7. Repeat step 6 for each attachment.

8. Once you review all attachments, and if you determine you want to deliver the email and the associated attachments,

review and accept the disclaimer, and click Deliver in the Email Delivery Warning dialog box.
Student Guide | Barracuda Essentials Foundation Advanced Threat Protection Features | 31

9. If the message is delivered successfully, the Delivery Status changes to Delivered. If the mail cannot be delivered, this

is reflected as a notice in your browser window and the Delivery Status does not change.
Student Guide | Barracuda Essentials Foundation Barracuda Cloud Archiving Service Features | 33

1.4 Barracuda Cloud Archiving Service Features

The Barracuda Cloud Archiving Service is a Software as a Service (SaaS) solution hosted in the Barracuda Cloud. The

Barracuda Cloud Archiving Service integrates with Microsoft Office 365, Exchange Server, and G Suite to create a cloud-

based indexed archive. This approach ensures email is stored securely in a separate repository for as long as needed

without risk of deletion.

1.4.1 Exchange Integration

Configure actions that the Barracuda Cloud Archiving Service is to execute on Microsoft Office 365 Exchange Online or

Exchange Server on the Mail Sources > Exchange Integration page in the web interface. Define the following operations:

• Email Import – Import email into your Barracuda Cloud Archiving Service that meets the specified criteria. See the

following Barracuda Campus articles for configuration details:

• How to Configure an Office 365 Exchange Online Service Account and Import Historical Data

• Microsoft Exchange Server 2013 and Newer Operations

• Microsoft Exchange Server 2007 and 2010 Operations

 Importing is a one-time event and can only be scheduled for immediate execution. An additional
date parameter is required when importing messages, where the date is defined to be either the
date that the message was created on Exchange, or the date that appears in the Date field in the
message, whichever produces more results.
This option imports all Exchange items along with the folder information. If you want to update all
folder information only and none of the contents, use the Folder Sync option.

• Non-Email Sync – In addition to emails that are automatically sent to the Barracuda Cloud Archiving Service for storage,

you can configure non-email items such as Appointments, Contacts, Notes, and Tasks for archive. This enables you to

get a more complete picture of all items that are or have been stored on your mail server or hosted mail service, and

eliminates the need to keep .pst files around solely for the purposes of retaining this information.

• Folder Sync – Import the complete folder structure of the selected Item Sources, including custom folders and sub-

folders. The nightly folder synchronization process scans the specified mailboxes, and imports the user’s folder structure,

including custom folders and sub-folders, into the Barracuda Cloud Archiving Service. Note that a Folder Sync job does

not import emails to the Barracuda Cloud Archiving Service, it only imports the folder structure. Email messages are sent

to the Barracuda Cloud Archiving Service via real-time journaling.

34 | Barracuda Cloud Archiving Service Features Barracuda Essentials Foundation | Student Guide

1.4.2 PST File Import

A .pst file is an MS Personal Storage Table, and contains email messages exported from Microsoft Outlook. Some .pst files

also contain additional Microsoft Outlook items such as Appointments and Contacts. Password-protected .pst files are

accepted as well as non-password-protected files. To allow users to import their own PST files directly from the Mail

Sources > PST Import page, set Allow PST File Uploads to Yes.

1.4.3 Barracuda PST Enterprise

With Barracuda PST Enterprise, IT administrators can control email data stored by end-users in individual PST files and

those scattered across the organization, eliminating the risks associated with PST files, as well as reducing ongoing costs

and supporting IT requirements for Compliance and eDiscovery.

1.4.4 Archive Skype for Business Conversations

An Office 365 Exchange Online service account provides Exchange Server directory permissions to grant the Barracuda

Cloud Archiving Service read access to all mailboxes. For configuration details, see How to Archive Skype for Business

Conversations in Barracuda Campus.

1.4.5 Retention Policies

Data retention policies allow you to specify message retention policies and Saved Search retention policies on the

Policy > Retention page. Retention policies are the only way to purge messages; data cannot be directly deleted by a

user. By default, automated archived message purging on the Barracuda Cloud Archiving Service is disabled. If you enable

this ability, the Global Retention Policy and any Saved Search retention policies are run against all the archived messages

weekly on Friday night.

If the age of any message exceeds the maximum age allowed by all Saved Search retention policies that
apply to the message, that message is permanently deleted from the Service. The Global Retention Policy
setting does not apply to any messages that match a Saved Search retention policy.

To enable or disable the automatic message expiration capability:

• On the Policy > Retention page, specify whether to Allow automatic message deletion.

Global Retention Policy

The Global Retention Policy applies to all archived messages. When retention policies are run against the archived

messages weekly on Friday night, any messages stored on the Barracuda Cloud Archiving Service that are older than this

age are deleted unless they match an existing Saved Search policy.
Student Guide | Barracuda Essentials Foundation Barracuda Cloud Archiving Service Features | 35

Saved Search Retention Policy

A Saved Search retention policy enables you to automatically expire messages that match a particular set of content

criteria defined in the Basic > Search page. Use this feature to create exceptions to the global Retention Policy. Saved

searches containing tags cannot be used in a Saved Search retention policy and do not appear in the list of

available Saved Searches.

If a message matches more than one Saved Search-based policy, then the message is kept according to

the longest policy length. If it matches a Saved Search-based policy as well as the global policy, then the Saved Search

policy takes precedence.

Litigation Holds
Litigation Holds are created by auditors to prevent messages that meet the criteria for a specific Saved Search from being

removed from the Barracuda Cloud Archiving Service. The system administrator must first Enable Litigation Holds before

auditors are given the option to create Litigation Holds from the Saved Searches tab on the Basic > Search page.

The following information about active Litigation Holds displays here, visible only to the system administrator:

• Auditor – The account name of the Auditor who created the Litigation Hold

• Saved Search – The name of the Saved Search associated with this Litigation Hold

• Hold End Date – The date and time when this Litigation Hold expires

To delete a litigation hold you must have system administrator rights; click the trash can icon following the Litigation

Hold you want to delete.

1.4.6 Audit Log Filtering

The Advanced > Audit Log page displays a list of all activities, including search-related activities initiated by the system. In

this view you can browse through the list, or perform a search to filter on a subset of activities. You can filter by start/end

dates, user name, and item type. Click on an activity to display the activity details in the Details pane.

1.4.7 User Accounts

There are two types of accounts on the Barracuda Cloud Archiving Service:

• Local Accounts – These accounts reside only on the Barracuda Cloud Archiving Service and are created from the Users >

User Add/Update page in the administration interface.

• LDAP Accounts – These accounts reside in your LDAP directory. Once LDAP is configured on the Barracuda Cloud

Archiving Service, users can log in using their regular network credentials to view and create flags for messages in

their personal archive.

36 | Barracuda Cloud Archiving Service Features Barracuda Essentials Foundation | Student Guide

User Roles
Local accounts are created with one of the following roles:

• User – Able only to view messages accessible to the account, either because the username for the account is

also that of the sender or recipient of a message, or because it has been given explicit access to view an email

address via Alias Linking.

• Auditor – Able to create and activate policies, and view, search, and export any messages to/from the domains to which

they have access. Additionally, Auditors can save and name an Advanced search for re-execution at a later time from

the Saved Searches tab. To create a “Domain Auditor” (an auditor with access to only a subset of the domains on your

Barracuda Cloud Archiving Service), set the role to Auditor and specify at least one domain. If no domains are specified,

then all messages in the entire Barracuda Cloud Archiving Service are accessible. No auditor account has access to any

system or network configuration information on the Barracuda Cloud Archiving Service.

• Admin – Able to view all items from any user, not just those listed for the account. Also able to create and activate

policies, and can make other system or network changes.

The assigned role can be changed at a later date from the Users > Accounts page, but only the last assigned role is active.

1.4.8 Search Options

Searches can only be made over messages that the searcher has read access to, so privacy is always preserved.

• Basic Search – Use the Basic Search mode to perform a quick search across all messages. The Basic Search interface

accepts a word or phrase on which to search, and returns all available messages that contain the specified text in either

the header or message body. This mode is useful when searching for that handful of emails to or from someone on a

specific topic, or when looking for any message that contains a particular phrase. These are one-time searches as these

cannot be saved for later use. All search terms for Basic Search must be in one of the following formats:

Text-based, Multi-Text, Wildcards, or Domain-based

• Advanced Search – Use the Advanced Search mode to perform complex search queries based on selected attributes.

Use the following options to build and save Advanced search queries:

• To add additional search parameters – Click the plus sign (+) to the left of a search criteria line.

• To remove a search parameter – Click the minus sign (-) to the left of the search parameter you want to remove.

• To AND or OR search parameters – Once you have more than one search criteria line, the AND button displays at the

end of each search parameter signifies that it will be logically ANDed to the next specified parameter. If your next

criteria is to be logically ORed, click AND to toggle it to OR and vise versa.

• To save a search query – Click Save Search below the search criteria and enter the name under which the query is to

be saved; if you enter a name that already exists, the new search parameters replace the previous search criteria.
Student Guide | Barracuda Essentials Foundation Barracuda Cloud Archiving Service Features | 37

• To run a previously-saved search – Click the Saved Searches tab, and click Search in the Actions column following the

Saved Search you want to run.

See Understanding Basic and Advanced Search in Barracuda Campus for message actions, search tips, search strings, and

keyword expressions.

1.4.9 End-User Search Tools

In addition to the Barracuda Cloud Archiving Service web interface, end-users can search messages via:

• Barracuda Outlook Add-In – Allows users to perform various functions with messages that are stored through your

organization’s Barracuda Cloud Archiving Service, including:

• Synchronize your archived folders with Outlook;

• Search for archived messages and other Microsoft Outlook data such as Contacts;

• View and interact with (forward, reply to, etc.) all of your archived Outlook items; and

• Archive messages.

• Barracuda Standalone Search Utility – Download and install the utility on your Windows or Mac OS X-based

system to search archives without using Barracuda Archive Search Outlook or logging in to the Barracuda Cloud

Archiving web interface.

• Barracuda Cloud Archiving Service Mobile Applications – The Barracuda Companion mobile application, available

for Android and iOS, allows you to perform various actions with your messages that are stored on your organization’s

Barracuda Cloud Archiving Service including:

• Search for archived messages based on email content, or constrain the search to a date range, a specific sender or

recipient, or subject line content;

• Search deleted messages and emails no longer visible in your mail application;

• View and interact with (reply to, reply all, forward) archived messages;

• Save a search query; and

• Redeliver messages to your mailbox using the Resend to Me option.

Student Guide | Barracuda Essentials Foundation Barracuda Cloud-to-Cloud Backup Service Features | 39

1.5 Barracuda Cloud-to-Cloud

Backup Service Features
The Barracuda Cloud-to-Cloud Backup Service is available for Office 365 only.

Barracuda Cloud-to-Cloud Backup for Office 365 protects Exchange Online, OneDrive for Business, and SharePoint Online

data by backing it up directly to Barracuda Cloud Storage. Barracuda Cloud-to-Cloud Backup for Office 365 can be used

as an add-on to an on-premises Barracuda Backup appliance or as a standalone subscription without an appliance. For

Exchange Online, Barracuda Cloud-to-Cloud Backup protects all email messages, including all attachments, as well as the

complete folder structure of each users’ mailbox. In OneDrive for Business, all files under the Documents Library, including

the entire folder structure, are protected. For SharePoint, protects Online files and folders in Document Libraries, Site

Assets, Site Pages, Picture Libraries, and Form Templates in Team Sites, Public Sites, Wiki Sites, and Publishing Sites.

For an overview of your backup activity and storage details, see the Status page in the web interface.

1.5.1 Backup Schedules

Use the Backup > Schedules page to create backup schedules for selection when setting up your data sources. When

Barracuda Backup identifies new or changed information, each file is analyzed at the bit level, and only the new bit

sequences in the files themselves are copied and transferred, saving both bandwidth and storage space. Define granular

schedules, and select specific sets of data to back up. Configure multiple schedules for each source, each with different

sets of data selected.

1.5.2 Retention Policies

Use retention policies to define the length of time you retain historic data based on daily, forever, or never.

Purging applies to historic file revisions only; your current data is never impacted by a retention policy.

Configure retention policies for data stored in Barracuda Cloud Backup on the Backup > Retention Policies page. Be sure

to configure retention policies for your data. Not doing so means that some unwanted data will be moved across the

Internet and stored.

Historic data is retained according to the retention policy timeline. Data backed up using Barracuda’s cloud treats Sunday

as the end of week in accordance with the ISO date standard.

When you define a retention policy, begin by selecting either a preset template or a previously defined policy as a starting

point. This helps you avoid creating multiple retention policies for the same sets of data. You can create one policy for all of

the data sources on a Barracuda Backup Server, or create different policies that include subsets of the data.
40 | Barracuda Cloud-to-Cloud Backup Service Features Barracuda Essentials Foundation | Student Guide

1.5.3 Restore Data

Use the Restore page to restore data from Barracuda Cloud Storage. You can restore single files or entire systems.

1.5.4 Reports
Use the Reports page to view backup and restore details as well as an audit log of all activities in the Barracuda Cloud

Backup web interface:

• Backup Reports – Barracuda Backup provides a detailed report for each backup that is run. In addition, any backup

process currently running displays. Backup reports include details about the backup such as when the backup started,

duration, size, if there were any errors or warnings, and any new, changed, or removed items. Reports also include links to

each backed up file to view or download the item from the report. Click Details to view recent activity in chart form. You

can also view a list of backed up files including the number of new, changed, and removed files, as well as a list of any

errors encountered during backup. Click Download the report as a .csv file to your local system.

• Restore Reports – You can view restoration details in the Reports > Restore page. To specify how you want to

sort the table, click on a heading, and then click on the up/down arrows to the right of each heading to specify

either an ascending or descending sort. Click Details to view all details for the selected restoration including

any encountered errors.

• Audit Log Reports – The Reports > Audit Log page displays a report of all activities in the Barracuda Cloud Backup web

interface by time and date, by user, and by action. Logged activity includes log on authentication, changes to settings,

changes to account information, and more. Click Details for additional information for a specific activity.

1.5.5 Users
Use the Admin > Users page to administer users that have access to the Barracuda Cloud Backup web interface.

Edit user details from this page by selecting a user and clicking Edit to the right of the user. You can edit the following user

options, all of which are specific to this service:

• Receive emails with Backup reports and error condition alerts.

• Restrict access to the Barracuda Cloud Backup web interface to one or more IP addresses. Enter an IP block in single

192.168.1.100 notation, CIDR net block 192.168.1.0/24 notation, or a range in 192.168.0.0-192.168.0.128 notation to

restrict the IP address for the selected user. Use a comma to separate multiple IP blocks.

• Designate the user’s role:

• An Account Administrator can create new users and manage billing information, and has full access to Barracuda

Cloud Backup and all appliances associated with the account.

Student Guide | Barracuda Essentials Foundation Barracuda Cloud-to-Cloud Backup Service Features | 41

• A Barracuda Backup Server Administrator has full access to specific Barracuda Cloud Backup and all appliances

associated with the account including data restore. A Barracuda Backup Server Administrator cannot edit or view

other user accounts.

• An Operator cannot restore data or edit user accounts; operators are limited to viewing statistics and modifying

backup configuration.

• Helpdesk user access is limited to viewing role status, statistics, and the restore browser and restore reports. User can

restore data and stop running restores.

• Status user access is limited to viewing the Status page for Barracuda Backup appliances to which they have access.

Click Add & Remove Users to add a new user, edit details for an existing user, or delete a user.

1.5.6 Email Notifications

Specify the type of email notification for each user:

• Backup Summary Reports – When selected, an email notification containing a summary of each backup job is sent

• Backup Detailed Reports – When selected, an email notification containing a list of all items backed up is sent

• Alerts – When selected, an email notification is sent if a backup job has errors

• Notices – When selected, if the account includes physical appliances, a notice is sent when the Barracuda

Backup software is updated

 Administration

2.1 Activate, Manage, and Access via Barracuda Cloud Control 45

2.2 Initial Deployment 47

2.2.1 Office 365 Admin Credentials 47

2.2.2 PowerShell Requirements 47

2.2.3 Determine Your Deployment 48

2.2.4 Configure Permissions 49

Student Guide | Barracuda Essentials Foundation Activate, Manage, and Access via Barracuda Cloud Control | 45

2.1 Activate, Manage, and Access via

Barracuda Cloud Control
Barracuda Cloud Control is a service linked to your customer account used to manage and access your Barracuda

Essentials components. Barracuda Cloud Control is a free web-based console available from anywhere in the world with

Internet access using a web browser. Use Cloud Control to configure and manage the Essentials services from a single

screen, regardless of where users are located or how many instances of these services are being used.

Connect to Barracuda Cloud Control

Before you can connect your Barracuda Services to Barracuda Cloud Control, you must first create an account. If you

already have an account, go to https://login.barracudanetworks.com/ and log in. If you do not have an account:

1. Go to https://login.barracudanetworks.com/ and click Create a user.

2. Enter your name, email address, and company name, and specify whether this is a partner account. Click Create User.

3. Follow the instructions emailed to the entered email account to log in and create your Barracuda

Cloud Control account.

4. After submitting your new account information, the Account page displays your account name, associated

privileges, and username.

Configure and centrally manage your Barracuda Essentials services from Barracuda Cloud Control. Once you log in to

https://login.barracudanetworks.com, your services display in the left pane. For example, if you selected Complete

Edition during setup:

• Click Backup to view the Status of your Barracuda Cloud-to-Cloud Backup data sources.

• Click Email Security to view the Barracuda Email Security Service Dashboard which summarizes your email statistics.

• Click Email Security, and click the ATP Settings tab to enable ATP, specify whether to send ATP notifications,

and add ATP exemptions.

• Click Archiver to view the Barracuda Cloud Archiving Service Dashboard which displays information regarding the

current operating status of the service.

Student Guide | Barracuda Essentials Foundation Initial Deployment | 47

2.2 Initial Deployment

• Office 365

• G Suite

• Exchange 2007/2010

• Exchange 2013 and Higher

To complete the configuration wizard, you must have the following:

• Office 365 admin credentials

• Credentials to run a PowerShell script or terminal to manually execute PowerShell scripts

• PowerShell system requirements

2.2.1 Office 365 Admin Credentials

If you are deploying to Office 365, verify you have admin credentials. An Office 365 administrator with the admin

role global admin has complete access and control over the Office 365 suite of products. You can assign admin roles

to an individual user or group of users. For more information, see the Microsoft Office support article Assign admin

roles in Office 365.

2.2.2 PowerShell Requirements

The Essentials Wizard utilizes PowerShell scripts to quickly configure and set up your services. Before getting started, verify

you have the following:

• Windows 8 or 8.1

• Windows Server 2012 or Windows Server 2012 R2

• Windows 7 Service Pack 1 (SP1)

• Windows Server 2008 R2 SP1

• Microsoft .NET Framework 4.5 or 4.5.1 and either the Windows Management Framework 3.0 or the Windows

Management Framework 4.0 available from the Microsoft downloads page

• Verify the service account has a mailbox, and is not hidden in the Global Address listConfigure and centrally

• PowerShell credentials
48 | Initial Deployment Barracuda Essentials Foundation | Student Guide

2.2.3 Determine Your Deployment

• Complete Edition

• Compliance Edition

• Security Edition

• Standalone Email Security

In the examples that follow, we will deploy the Barracuda Essentials Complete Edition for Office 365.

Deploy Barracuda Essentials for Office 365

1. Go to https://login.barracudanetworks.com, and log in with your Barracuda Cloud Control credentials.

2. Open a new browser window, and go https://www.barracuda.com.

3. Go to Products > Essentials for Office 365. Click Editions, and click Free Trial under the plan you want to try or buy.

4. In the Plan Details plan page, enter the Number of users, and select the Subscription Type. Click Continue.

5. The Barracuda Account page displays your Barracuda Cloud Control account information. Click Continue.

6. In the Billing Details (Optional) page, enter your billing information to purchase Essentials for Office 365 or leave the

Billing Information section blank to start your free evaluation. Click Continue.

7. Your order details display. Click Set Up Essentials to launch the Essentials wizard.

Run the Essentials Wizard

1. When the Essentials wizard launches, the Getting Started page displays. Click Continue.

2. The Link Office 365 Account page displays. Click Authorize; the Office 365 login screen displays.

3. Enter your Office 365 admin credentials, and click Sign in. In the Office 365 permissions page, click Accept to connect

Essentials to your Office 365 account.

4. The Route Outbound Email page displays. Use this page to create outbound email connectors for domains on your

Office 365 account. By default, Route outbound email for all domains through Barracuda Essentials is selected and a

list of all domains that will be configured displays. Click Continue; the wizard verifies your domains and replaces your

current MX records with the Barracuda Email Security Service Primary and Backup MX records.

5. Click Continue. The Configure Office 365 page displays. Use this page to configure and set up your services.

Select Allow Barracuda to configure connectors and permissions (recommended) to automatically configure

permissions via PowerShell.

6. When prompted, log in using your Office 365 admin credentials, and click OK. Once configuration is complete and

your Office 365 account authorizes the connection, the Configuration Summary displays. Click OK.

This completes the initial configuration. You can now configure the services included in the selected edition.
Student Guide | Barracuda Essentials Foundation Initial Deployment | 49

2.2.4 Configure Permissions

On the Configure Office 365 page in the Essentials Wizard, you can select to automatically configure permissions,

download and run the PowerShell scripts, or manually configure permissions without using the PowerShell scripts.

Configure via PowerShell

If you select to automatically configure permissions, no further action is required. Once the PowerShell script runs, the

following settings are added to the Barracuda Essentials for Office 365 account:

• Outbound Email routing is set up through Barracuda Email Security Service

• Email Journaling is set up through Barracuda Cloud Archiving Service (if you selected Email Security and Compliance or

Complete Protection and Compliance)

• User impersonation for Exchange Online and all OneDrive for Business sites is configured

Following are the steps to download and run the PowerShell scripts, and manually configure permissions.

Download and Run the Windows PowerShell Script

 Before running the PowerShell script, verify the wizard has completed successfully.

Step 1. Download Microsoft Tools

1. Download and install the SharePoint Online Management Shell from the Microsoft Windows Download Center

2. Download and install the Microsoft Online Services Sign-In Assistant from the Microsoft Windows Download Center

Step 2. Run the PowerShell Script

1. Log in to the Windows Server, and open Windows PowerShell.

2. Run the PowerShell script:

• Click Download PowerShell Script to download the script to your local system, or

• Click View PowerShell Script to display and copy the script

3. When prompted, enter the Office 365 global admin credentials used on the Link Office 365 page in the Wizard.

4. If the wizard is unable to connect to your Office 365 account, click Retry connection.

5. Once authorized, click Finish.

 If you encounter errors when running the PowerShell script, contact Barracuda
Networks Technical Support.
50 | Initial Deployment Barracuda Essentials Foundation | Student Guide

Manually Configure Permissions

If you select to manually configure permissions, you must configure:

• Outbound Email routing through Barracuda Email Security Service

• Email Journaling through Barracuda Cloud Archiving Service

• User impersonation for Exchange Online and all OneDrive for Business sites
 Barracuda Email Security Service

3.1 Introduction to Barracuda Email Security Service 53

3.1.1 Connection Management Layers 53

3.1.2 Mail Scanning Layers 54

3.1.3 Barracuda Antivirus Supercomputing Grid 54

3.1.4 Advanced Spam Detection 55

3.1.5 Predictive Sender Profiling 55

3.1.6 Monitored Outbound Email Volume 56

3.1.7 Encryption 56

3.2 Barracuda Email Security Service Deployment 59

3.2.1 Step 1. Add Users 59

3.2.2 Step 2. Add Additional Email Domains (Optional) 62

3.2.3 Step 3. Create Transport Rule 63

3.2.4 Step 4. Restrict Inbound Mail to the Barracuda Email Security Service IP Range (Optional) 65

3.2.5 Step 5. Configure Outbound Mail 66

3.2.6 Step 6. Configure Sender Policy Framework for Outbound Mail 69

3.3 Inbound Filtering Policy 71

3.3.1 IP Analysis 71

3.3.2 Content Analysis 72

3.3.3 Bulk Email Detection 74

3.3.4 Rate Control 74

3.4 Outbound Filtering Policy 77

3.4.1 DLP and Outbound Mail Encryption 77

3.4.2 Content Analysis 80

3.4.3 Abuse Monitoring and Notifications 81

3.4.4 Outbound Quarantine 82

3.4.5 Outbound Rate Control 82

3.5 Advanced Configuration 85

3.5.1 Secured Message Transmission 85

3.5.2 Sender Authentication 85

3.5.3 Directory Services 87

3.6 Administration 89
3.6.1 User Accounts 89

3.6.2 User Authentication 90

3.6.3 Reports, Logs, and Notifications 92

3.6.4 Quarantine 95

3.7 Outbound Spam Protection 97

3.8 Advanced Threat Protection 99
3.8.1 Advanced Threat Protection Options 99

3.8.2 Advanced Threat Protection Exemptions 101

3.8.3 Administrator Notification 101

3.8.4 ATP Exemptions 102

3.8.5 Message Log 102

3.8.6 View ATP Statistics 102

3.8.7 Deferred Delivery 102

3.9 Email Continuity 103

3.9.1 Notifications and Status 104

3.9.2 Actions 104

3.10 Barracuda Email Security Service Outlook Add-In 105

Student Guide | Barracuda Essentials Foundation Introduction to Barracuda Email Security Service | 53

3.1 Introduction to Barracuda Email Security Service

The Barracuda Email Security Service protects both inbound and outbound email against the latest spam, viruses, worms,

phishing, denial of service attacks, and zero-day threats. The Barracuda Email Security Service acts as a filter in front of

your hosted email service or servers. Spam and viruses are blocked in the cloud prior to delivery to your network, saving

network bandwidth and providing additional Denial of Service protection. The Barracuda Email Security Service is flexible,

allowing in-depth configuration and customization.

The Barracuda Email Security Service is a pass-through service, accepting connections from a mail server, getting the initial

“rcpt to” line and connecting to the destination mail server. The service then monitors the data stream for any spam or

virus content and applies policies you configure in the web interface.

3.1.1 Connection Management Layers

Connection Management layers identify and block unwanted email messages before accepting the message body for

further processing. Connection filtering allows you to block/whitelist:

• Sender IP addresses

• Sender email addresses / domains

• Email messages written in specific languages

• Email messages sent from specific countries / regions

Denial of Service Protection (DoS)

The Barracuda Email Security Service receives inbound email on behalf of the organization, insulating your organization’s

mail server from receiving direct Internet connections and associated threats. This layer does not apply to outbound mail.

Rate Control
Automated spam software can be used to send large amounts of email to a single mail server. To protect the email

infrastructure from these flood-based attacks, the Barracuda Email Security Service counts the number of recipients from

a sender to a domain during a 30 minute interval and defers the connections once a particular threshold is exceeded.

Inbound Rate Control is a threshold for the number of recipients a domain is willing to receive from a sender (a single

IP address) during a 30 minute interval. Inbound Rate Control is configurable while Outbound Rate Control is set

automatically by the Barracuda Email Security Service.

IP Analysis
After applying rate controls based on IP address, the Barracuda Email Security Service performs analysis on the IP address

of email based on Barracuda Reputation, external blocklits, and allowed and blocked IP address lists.
54 | Introduction to Barracuda Email Security Service Barracuda Essentials Foundation | Student Guide

Sender Authentication
Declaring an invalid “from” address is a common practice used by spammers. The Barracuda Email Security Service Sender

Authentication layer uses a number of techniques on inbound mail to both validate the sender of an email message and

apply policy. Sender Policy Framework (SPF) tracks sender authentication by having domains publish reverse MX records

to display which machines are designated as mail sending machines for that domain. The recipient can check those

records to make sure mail is coming from a designated sending machine.

3.1.2 Mail Scanning Layers

The most basic level of mail scanning is virus scanning. The Barracuda Email Security Service utilizes three layers of virus

scanning and automatically decompresses archives for comprehensive protection. By utilizing virus definitions, Barracuda

Email Security Service customers receive the best and most comprehensive virus and malware protection available. The

three layers of virus scanning of inbound and outbound mail include:

• Powerful open source virus definitions from the open source community help monitor and block the latest virus threats.

• Proprietary virus definitions, gathered and maintained by Barracuda Central, our advanced 24/7 security operations

center that works to continuously monitor and block the latest Internet threats.

• Barracuda Real-Time System (BRTS). This feature provides fingerprint analysis, virus protection and intent analysis. When

enabled, any new virus or spam outbreak can be stopped in real-time for industry-leading response times to email-borne

threats. BRTS allows customers to report virus and spam propagation activity at an early stage to Barracuda Central. Virus

Scanning takes precedence over all other mail scanning techniques and is applied even when mail passes through the

Connection Management layers. As such, even email coming from exempt IP addresses, sender domains, sender email

addresses, or recipients are still scanned for viruses and quarantined if a virus is detected.

Additionally, Barracuda offers the subscription-based Advanced Threat Protection (ATP) service, a cloud-based virus service

that applies to inbound messages. ATP analyzes email attachments in a separate secured cloud environment to detect

new threats and determine whether to block such messages.

3.1.3 Barracuda Antivirus Supercomputing Grid

An additional, patent-pending layer of virus protection offered by the Barracuda Email Security Service is the Barracuda

Antivirus Supercomputing Grid, which can protect your network from polymorphic viruses. Not only does it detect

new outbreaks similar to known viruses, it also identifies new threats for which signatures have never existed using

“premonition” technology.
Student Guide | Barracuda Essentials Foundation Introduction to Barracuda Email Security Service | 55

Intent Analysis
All spam messages have an “intent” – to get a user to reply to an email, to visit a website, or to call a phone number. Intent

analysis involves researching email addresses, web links and phone numbers embedded in email messages to determine

whether they are associated with legitimate entities. Frequently, Intent Analysis is the defense layer that catches phishing

attacks. When enabled, the Barracuda Email Security Service applies various forms of Intent Analysis to both inbound

and outbound mail, including real-time and multi-level intent (or ‘content’) analysis. Multi-level intent is the process of

identifying URLs in an email message body that redirect to known spam or malware sites.

3.1.4 Advanced Spam Detection

You can configure spam detection for custom categories by setting a content type score. This score ranges from 0

(definitely not spam) to 10 (definitely spam). Based on this score, the Barracuda Email Security Service blocks messages

that appear to be spam. These messages display in the user’s Message Log with the category responsible for the block.

3.1.5 Predictive Sender Profiling

When spammers try to hide their identities, the Barracuda Email Security Service can use Predictive Sender Profiling to

identify behavior of all senders and reject connections and/or messages from spammers. This involves looking beyond

the reputation of the apparent sender of a message, just like a bank needs to look beyond the reputation of a valid credit

card holder of a card that is lost or stolen and used for fraud. Some examples of spammer behavior that attempts to hide

behind a valid domain, and the Barracuda Email Security Service features that address them, include the following:

• Sending too many emails from a single network address – Automated spam software can be used to send large

amounts of email from a single mail server. Through Rate Control the Barracuda Email Security Service limits the

number of connections made from any IP address within a 30 minute time period. Violations are logged to identify

spammers. Inbound Rate Control is configurable while Outbound rate control is set automatically by the Barracuda

Email Security Service.

• Attempting to send to too many invalid recipients – Many spammers attack email infrastructures by harvesting email

addresses. Recipient Verification on the Barracuda Email Security Service allows the system to automatically reject SMTP

connection attempts from email senders that attempt to send to too many invalid recipients, a behavior indicative of

directory harvest or dictionary attacks.

• Registering new domains for spam campaigns – Because registering new domain names is fast and inexpensive, many

spammers switch domain names used in a campaign and send blast emails on the first day of domain registration.

Realtime Intent Analysis on the Barracuda Email Security Service is typically used for new domain names and involves

performing DNS lookups and comparing DNS configuration of new domains against the DNS configurations of

known spammer domains.

56 | Introduction to Barracuda Email Security Service Barracuda Essentials Foundation | Student Guide

• Using free Internet services to redirect to known spam domains – Use of free websites to redirect to known spammer

websites is a growing practice used by spammers to hide or obfuscate their identity from mail scanning techniques

such as Intent Analysis. With Multi-level Intent Analysis, the Barracuda Email Security Service inspects the results of web

queries to URIs of well-known free websites for redirections to known spammer sites.

Notifications
The Barracuda Email Security Service sends out two kinds of notifications:

• Quarantine Digest – For email recipients listed in the Barracuda Email Security Service database, a notification email

containing a summary of quarantined email is sent to their email address at an interval you specify for users.

• Attachment Blocking for Content – A notification is sent to the message sender when it is blocked due to

attachment content filtering.

3.1.6 Monitored Outbound Email Volume

The Barracuda Email Security Service monitors the volume of outbound email from the system to the Internet. If the

volume exceeds normal thresholds during any given 30 minute interval, the Rate Control function takes effect, causing

all outbound mail to be deferred until the end of the 30 minute time frame. The outbound mail flow then continues

unless the volume is exceeded again in the next 30 minute interval. If so, Rate Control is again triggered and outbound

mail is deferred until the end of the time frame. The allowable volume of outbound mail for an IP address can potentially

be increased if the user clicks Request Increased Limit on the Outbound Settings > Abuse Monitor page. The request

is reviewed by Barracuda Networks to determine whether to increase the limit on the rate of outbound mail. If this

situation occurs frequently for a particular sending IP address, that IP address is listed in the Outbound Settings > Abuse

Monitor page in the IP Addresses With Recent Abuse table.

3.1.7 Encryption
To prevent data leakage and ensure compliance with financial, health care and other federally-regulated agency

information policies, the Barracuda Email Security Service provides several types of encryption for inbound and

outbound message traffic.

Encrypted Channel
TLS provides secure transmission of email content, both inbound and outbound, over an encrypted channel using the

Secure Sockets Layer (SSL) - also known as TLS.

To require mail to be sent outbound from the Barracuda Email Security Service over a TLS connection, enable Force TLS for

each domain on the Outbound Settings > DLP/Encryption page. Mail sent to these domains must be transmitted across

a TLS connection. If a TLS connection cannot be established, mail will not be delivered.
Student Guide | Barracuda Essentials Foundation Introduction to Barracuda Email Security Service | 57

To require mail coming inbound to the Barracuda Email Security Service to use a TLS connection, set SMTP Over

TLS to Required on the Domains > Settings page for each domain. When set to Required, if TLS is available on your

organization’s mail server, inbound mail is sent over a TLS channel. If not, mail is sent in cleartext.

Outbound Mail Encryption

For guaranteed message encryption and ensured outbound message delivery, use the Barracuda Message Center

to encrypt the contents of certain outbound messages. Create policies for when to encrypt outbound messages on

the Outbound Settings > Content Policies page for a domain.

Student Guide | Barracuda Essentials Foundation Barracuda Email Security Service Deployment | 59

3.2 Barracuda Email Security Service Deployment

Once you complete the Essentials setup wizard, the Essentials page displays in Barracuda Cloud Control where you can

complete the configuration of your services. This section uses an Office 365 deployment example. For step-by-step setup

details for Exchange Server and G Suite, refer to Barracuda Campus.

3.2.1 Step 1. Add Users

You can add users manually or use LDAP or Azure AD authentication to automatically synchronize the Barracuda Email

Security Service with your active directory.

Use the following steps to manually add users.

Manually Add Users

1. Log in to https://login.barracudanetworks.com/ using your account credentials, and click Email

Security in the left pane.

2. Go to the Users > Add/Update Users page.

3. In the User Accounts field, enter each user email address for the domain on a separate line, and then select from

the following options:

a. Enable User Quarantine – All emails for the user which meet the configured block policy go to the

user’s quarantine account.

 Depending on how you have configured the quarantine notification interval on the Users >
Quarantine Notification page, the user receives a quarantine digest at a specified time. From the
Users > Quarantine Notification page you can also enable the user to set their own quarantine
notification interval.

b. Notify New Users – When set to Yes, users receive a welcome email once the account is created.

4. Click Save Changes. The users are added to the Users > Users List table where you can select from

the following actions:

a. Edit – Click to specify domains this user can manage.

b. Reset – Click to send the user an email with instructions on how to reset their account password.

c. Log in as this user – Click to view or change the user’s settings (for example, quarantine notifications), view/

manage the domains this user manages, and view/search/manage the user’s Message Log.

d. Delete – Click to remove the user account.

60 | Barracuda Email Security Service Deployment Barracuda Essentials Foundation | Student Guide

Add Users via LDAP

You can synchronize the Barracuda Email Security Service with your existing LDAP server to automatically create accounts

for all users in the domain.

To ensure that the service can connect with your network, allow traffic originating from the range
of network addresses based on your Barracuda Email Security Service instance; see Barracuda Email
Security Service IP Ranges for a list of ranges based on your Barracuda Email Security Service instance.

Use the following steps to add users via LDAP.

Set Up LDAP
1. Log in to https://login.barracudanetworks.com/ using your account credentials, and click Email

Security in the left pane.

2. Go to the Domains page, and click Edit in the Settings column to the right of the domain.

3. In the Domains > Domain Settings page, scroll to the Directory Services section, select LDAP, and click Save

Changes at the top of the page.

4. In the LDAP Configuration section, configure the variables for your LDAP server.

5. In the Test LDAP Configuration Settings section, enter a valid email address in the Testing Email Address field to test

your LDAP settings; if left blank, LDAP settings are only tested for connection.

6. Click Test Settings.

7. Optionally, expand the Advanced LDAP Configuration section, and set the user filter options.

8. In the Directory Options section, specify the following options:

a. Synchronize Automatically – Set to Yes if you are using LDAP and want the Barracuda Email Security Service

to automatically synchronize your LDAP users to its database on a regular basis for recipient verification. With

Microsoft Exchange server, the synchronization is incremental. Select No if you want to synchronize manually in

case your LDAP server is not always available. To synchronize manually, click Synchronize Now.

b. Use LDAP for Authentication – Set to Yes to enable LDAP for user login authentication. You can disable this setting

if your LDAP server is unavailable for a period of time.

c. Authentication Filter – Filter used to look up an email address and determine if it is valid for this domain. The filter

consists of a series of attributes that might contain the email address. If the email address is found in any of those

attributes, then the account is valid and is allowed by the Barracuda Email Security Service.
Student Guide | Barracuda Essentials Foundation Barracuda Email Security Service Deployment | 61

Add Users via Azure AD

Configure recipient verification with Azure Active Directory (AD) to allow end-users to sign in to the Barracuda Email

Security Service using their Azure AD credentials, and optionally, configure Single Sign-On (SSO) for a domain so that

authenticated users can access all or a subset of the restricted resources by authenticating just once using their Azure

AD credentials. SSO is a mechanism where a single set of user credentials is used for authentication and authorization to

access multiple applications across different web servers and platforms, without having to re-authenticate.

Complete the following steps for each domain you want to synchronize with Azure AD.

Azure AD Setup
1. Log in to https://login.barracudanetworks.com/ using your account credentials, and click Email Security.

2. Click Domains, and click Edit in the Settings column for the domain.

3. In the Domains > Domain Settings page, scroll to Directory Services, select Azure AD, and click Save Changes.

4. Scroll down to the Status section, and click Authorize; the Authorize Azure AD dialog box displays. Click Continue.

When prompted, log in to your Microsoft Office 365 account using your administrator credentials.

5. In the Authorization page, click Accept to authorize the Barracuda Email Security Service to connect to

your Azure AD directory.

6. In the Barracuda Email Security Service Domain Settings page, the Status field displays as Active; the Authorized

Account and Authorization Date display below the status:

7. Click Sync Now to add your Azure AD users to the Barracuda Email Security Service. The synchronization progress

displays; allow the process to complete.

8. In the Synchronization Options section, select Synchronize Automatically. When selected, the Barracuda

Email Security Service automatically synchronizes with your Azure AD directory every 15 minutes and

adds/updates your users.

 If you select Manual, you must click Sync Now to synchronize the Barracuda Email Security Service
with your Azure AD directory and add/update users.

9. To use SSO, click Yes for Enable Single Sign On. Once enabled, users are prompted to log in to their Microsoft Office

365 account when accessing their messages in the Barracuda Email Security Service.
62 | Barracuda Email Security Service Deployment Barracuda Essentials Foundation | Student Guide

10. Click Save at the top of the page to save your settings and return to the Domains page.

3.2.2 Step 2. Add Additional Email Domains (Optional)

Optionally, you can manually add additional email domains. You must first obtain the hostname from the Office 365 admin

center, and then enter the hostname in the Barracuda Email Security Service.

Use the following steps to add an additional email domain.

Obtain the Hostname

1. Log in to the Office 365 admin center.

2. In the left pane, click Settings >Domains.

3. In the Domains table, click on your domain.

4. Take note of the hostname. This is the address of your destination mail server, for example,

cudaware-com.mail.protection.outlook.com

Enter the Hostname

 Barracuda recommends using a hostname rather than an IP address so that you can move the
destination mail server and update DNS records without making changes to the Barracuda Email Security
Service configuration. This address indicates where the Barracuda Email Security Service should direct
inbound mail from the Internet to your Office 365 Exchange server. For example, your domain displays to
the Internet as: bess-domain.mail.protection.outlook.com

1. Log in to https://login.barracudanetworks.com/ using your account credentials, and click Email

Security in the left pane.

2. Click Domains, and click Add Domain.

Student Guide | Barracuda Essentials Foundation Barracuda Email Security Service Deployment | 63

3. Enter the domain name and destination mail server hostname obtained from your Office 365

account in the dialog box.

4. Click Add; the Domain Settings page displays where you can complete your configuration.

3.2.3 Step 3. Create Transport Rule

Use the following steps to create a transport rule.

Create Transport Rule

1. Log in to the Office 365 admin center, and go to Admin centers > Exchange.

2. In the left pane, click mail flow, and click rules. Click the + symbol, and click Bypass spam filtering:

3. In the new rule page, enter a Name to represent the rule.

64 | Barracuda Email Security Service Deployment Barracuda Essentials Foundation | Student Guide

4. From the Apply this rule drop-down menu, select The sender > IP address is in any of these

ranges or exactly matches:

5. In the specify IP address ranges page, type the IP address range for the Sender (Barracuda Email Security

Service) based on your Barracuda Email Security Service instance, for example, type: 64.235.144.0/20,

and click the + symbol.

6. Type the next IP address range for the Sender, for example, type 209.222.80.0/21, and click the + symbol:

7. Click OK.

8. Scroll to the Properties of this rule section, and in the Priority field, type: 0

9. Click Save to create the transport rule.

10. Verify the new rule displays at the top of the list of mail flow rules. If the rule is not at the top, click on the rule, and use

the Up arrow to move the rule to the top of the list.

Student Guide | Barracuda Essentials Foundation Barracuda Email Security Service Deployment | 65

3.2.4 Step 4. Restrict Inbound Mail to the Barracuda Email Security

Service IP Range (Optional)

After updating your MX records, allow 24 hours before completing the steps in this section to allow the
records to propagate.

Use the steps in this section to restrict inbound mail to the Barracuda Email Security Service IP address range.

Restrict Inbound Mail

1. Log in to the Office 365 admin center, and go to Admin centers > Exchange.

2. In the left pane, click mail flow, and click rules.

3. Click the + symbol, and click Create a new rule.

4. In the new rule page, enter a Name to represent the rule. For example, type:

Barracuda ESS IP restriction

5. Scroll down to and click Advanced Options.

6. From the Apply this rule if drop-down menu, select The Sender > Is External/Internal > Outside the organization.

7. From the Do the following drop-down menu, select Reject this message with the explanation.

8. Enter the message you want included in the non-delivery report (NDR) that is sent to the sender. For example, enter:

You have attempted to bypass our Email Security Service. Please ensure your

DNS is up-to-date and try sending your message again.

9. Click Add Exception.

10. Select The Sender > Sender’s IP address is in any of these ranges or exactly matches, and enter the Barracuda

Email Security Service IP range based on your Barracuda Email Security Service instance.

11. Enter the Barracuda Email Security Service IP range, for example: 64.235.144.0/20

12. Click the + symbol.

13. Enter the Barracuda Email Security Service IP range, for example: 209.222.80.0/21

14. Click the + symbol.

15. Click OK.

16. Scroll to the Properties of this rule section, and in the Priority field, type: 0

17. In the new rule page, click Stop processing more rules, and click Save to create the rule.

18. Office 365 is now configured to block any email that does not originate from the Barracuda Email Security

Service IP address ranges.

66 | Barracuda Email Security Service Deployment Barracuda Essentials Foundation | Student Guide

19. Verify the new rule displays at the top of the list of mail flow rules. If the rule is not at the top, click on the rule, and use

the Up arrow to move the rule to the top of the list.

 If you complete both Step 3. Create Transport Rule and Step 4. Restrict Inbound Mail to the Barracuda
Email Security Service IP Range, verify the Restrict Inbound Mail from Outside Your Organization to
the Barracuda Email Security Service IP Range rule displays first in the mail flow rules list, and the
Transport Rule rule displays second in the mail flow rule list.

3.2.5 Step 5. Configure Outbound Mail

Use this section to configure outbound mail.

Configure Outbound Mail

1. Log in to https://login.barracudanetworks.com/ using your account credentials, and click Email

Security in the left pane.

2. Click Domains, and click on the domain name to toggle the MX Records configuration; make note of the

Outbound Hostname.

3. Log in to the Office 365 admin center, and go to Admin centers > Exchange.

4. In the left pane, click mail flow, and click connectors.

5. Click the + symbol and use the wizard to create a new connector.

6. From the From drop-down menu, select Office 365, and from the To drop-down menu, select Partner organization:
Student Guide | Barracuda Essentials Foundation Barracuda Email Security Service Deployment | 67

7. Enter a Name and (optional) Description to identify the connector.

8. Click Next. Select Only when email messages are sent to these domains, click the + symbol, and enter an asterisk (*)

in the add domain field:

9. Click OK, and click Next. Select Route email through these smart hosts, and click the + symbol.

10. Go to the Barracuda Email Security Service, click the Domains tab, and click on the domain name to toggle the MX

records configuration. Copy your outbound hostname, and enter it in the add smart host page:
68 | Barracuda Email Security Service Deployment Barracuda Essentials Foundation | Student Guide

11. Click Save, and click Next. Use the default setting, Always use Transport Layer Security (TLS) to secure the

connection (recommended) > Issued by Trusted certificate authority (CA):

12. Click Next. In the confirmation page, verify your settings and click Next. Office 365 runs a test to verify your settings:

13. When the verification page displays, enter a test email address, and click Validate. Once the verification is complete,

your mail flow settings are added.

Student Guide | Barracuda Essentials Foundation Barracuda Email Security Service Deployment | 69

3.2.6 Step 6. Configure Sender Policy Framework for Outbound Mail

To assure outbound mail from your Barracuda Email Security Service that Barracuda Networks is the authorized sending

mail service, add the following to the Sender Policy Framework (SPF) record INCLUDE line for each domain sending

outbound mail based on the region you selected for your Barracuda Email Security Service.

• If you have an SPF record set up for your domain, edit the existing record, and add the following to the INCLUDE

line for each domain sending outbound mail based on your Barracuda Email Security Service instance. For example:

include:spf.ess.barracudanetworks.com -all

• If you do not have an SPF record set up for your domain, use the following value to create a TXT record that creates

a HARDFail SPF for your domain based on your Barracuda Email Security Service instance. For example: v=spf1

include:spf.ess.barracudanetworks.com -all

See Sender Policy Framework for Outbound Mail for INCLUDE values based on your Barracuda Email

Security Service instance.

Student Guide | Barracuda Essentials Foundation Inbound Filtering Policy | 71

3.3 Inbound Filtering Policy

3.3.1 IP Analysis

Once the true sender of an email message is identified, you need to determine the reputation and intent of that

sender before accepting the message as valid, or “not spam”. The best way to address both issues is to know the IP

addresses of trusted email senders and forwarders and define those as exempt from scanning by adding them to a list of

known trusted senders.

Barracuda Networks does not recommend exempting domains because spammers may spoof domain
names. When possible, it is recommended that you exempt by IP address only.

Create a list of Trusted Forwarders by specifying one or more IP addresses of machines that you have set up to forward

email to the Barracuda Email Security Service from outside sources. The Barracuda Email Security Service exempts any IP

address in this list from Rate Control, Sender Policy Framework (SPF) checks, and IP Reputation. In the Received headers,

the Barracuda Email Security Service continues looking beyond a Trusted Forwarder IP address until it encounters the

first non-trusted IP address. At this point, Rate Control, SPF checks, and IP Reputation checks are applied. Configure on

the Inbound Settings > IP Address Policies page.

Barracuda Reputation and Email Categorization

Barracuda Reputation is a database maintained by Barracuda Central and includes a list of IP addresses of known good

senders as well as known spammers, or IP addresses with a “poor” reputation. This data is collected from spam traps and

other systems throughout the Internet. The sending history associated with the IP addresses of all sending mail servers

is analyzed to determine the likelihood of legitimate messages arriving from those addresses. Updates to Barracuda

Reputation are made continuously by Barracuda Central engineering.

External Blocklist Services

Several organizations maintain external blocklists. External blocklists, sometimes called DNSBLs or RBLs, are lists of

IP addresses from which potential spam originates. In conjunction with Barracuda Reputation, the Barracuda Email

Security Service uses these lists to verify the authenticity of the messages you receive. Configure on the Inbound

Settings > Custom RBLs page.

Be aware that blocklists can generate false-positives (legitimate messages that are blocked). Messages blocked due to

external blocklists or the BRBL are the only blocked messages that are not sent to the user’s Message Log.
72 | Inbound Filtering Policy Barracuda Essentials Foundation | Student Guide

Email Categorization
Email Categorization gives administrators more control over what they believe to be spam, even if those messages do not

meet the technical definition of spam. Most users do not realize that newsletters and other subscription-based emails,

while they are considered to be bulk email, are not technically unsolicited - which means that they cannot be blocked by

default as spam. The senders of these emails may have a good reputation, but the user may no longer want to receive, for

example, a mass mailing from a club or vendor membership. The Email Categorization feature assigns this type of email

to categories that display on the Inbound Settings > Anti-Spam/Antivirus page, and the administrator can then create

block, quarantine, or allow policies by category. When set to Off, no categorization scanning is performed.

3.3.2 Content Analysis

Administrators can set custom content filters for inbound messages based on message content and attachment file name

or MIME type on the Inbound Settings > Content Policies page.

• Attachment Filtering – For inbound mail, you can filter attachments based on File Name or MIME Type.

• Password Protected Archive Filtering – For inbound mail, you can select to block, quarantine, or ignore messages

containing archive file attachments.

• Password Protected Microsoft Documents – For inbound mail, you can select to block, quarantine, or ignore messages

containing password protected Microsoft documents.

• Message Content Filters – Base message content filtering on any combination of subject, headers, body, attachments,

sender or recipient filters. You can specify actions to take with messages based on pre-made patterns (regular

expressions) in the subject line, headers, message body, sender or recipient lines. Note that HTML comments and tags

embedded between characters in the HTML source of a message are filtered out so that content filtering applies to the

actual words as they appear when viewed in a web browser.

Anti-Fraud and Anti-Phishing Protection

Phishing scams are typically fraudulent email messages that appear to come from legitimate senders, for example, a

university, an Internet service provider, or a financial institution. These messages usually contain a URL that, when clicked,

directs the user to a spoofed website or otherwise tricks the user to reveal private information such as login, password, or

other sensitive data. This information is then used to commit identity and/or monetary theft.

You can configure the Barracuda Email Security Service to evaluate and rewrite fraudulent URLs so that, when clicked,

the user is safely redirected to a valid domain or to a Barracuda domain warning of the fraud. Configure on the Inbound

Settings > Anti-Phishing page:

• Barracuda Anti-Fraud Intelligence – This Barracuda Networks anti-phishing detection feature uses a special Bayesian

database for detecting Phishing scams.

Student Guide | Barracuda Essentials Foundation Inbound Filtering Policy | 73

• Link Protection – When enabled, the service automatically rewrites a deceptive URL in an email message to a safe

Barracuda URL, and delivers that message to the user.

 Note that when Link Protection is enabled, URLs are not rewritten if the URL is exempt, the URL is
contained in an encrypted or protected message, or the URL is within an attachment.
To minimize false positives and page load delays, Barracuda maintains a list of domains considered
safe. Because of this, some links detected in messages are wrapped while others are not. For example,
Barracuda does not currently wrap google.com, but does wrap googlegroups.com because it provides
user-generated content.

• Typosquatting Protection – Typosquatting is a common trick used by hackers to fool users into thinking they are visiting

a valid domain but the domain name is misspelled. Typosquatting is detected only if the URL is rewritten, that is, if it

is not exempt. When clicked, the user is taken to a different domain that may be spoofing the expected domain. The

Typosquatting Protection feature checks for common typos in the URL domain name and, if found, rewrites the URL to

the correct domain name so that the user visits the intended website.

 Barracuda typosquatting works with tools such as Desvio to determine misspelled domain names. To
protect your misspelled domains, contact providers such as Desvio to add your misspelled domain
name variations to their list.

Attachment Filtering
All messages, except those from exempt senders, go through attachment filtering. Use the Inbound Settings > Content

Policies page to specify actions to take on inbound messages if they contain attachments with certain file name patterns

or MIME types. If email is sent to a recipient on a whitelist, content filtering is bypassed.

Messages that are blocked due to attachment filtering appear in the Message Log with the word Attachment for

the Reason if you click Show Details for the message.

Image Analysis
Image spam represents about one third of all traffic on the Internet. The Barracuda Email Security Service uses Image

Analysis, which includes investigating image dimensions in JPG/JPEG images, to protect against new image variants. In

the Message Log, Image Analysis may sometimes result in one of the following:

• A message is deferred if determined to be suspicious, with a reason of Suspicious

• A message is blocked with a reason of Image Analysis

74 | Inbound Filtering Policy Barracuda Essentials Foundation | Student Guide

Intent Analysis
The intent of spam messages is to get a user to reply to an email, visit a web site, or call a phone number. Intent analysis

involves researching email addresses, web links (URLs), and phone numbers embedded in email messages to determine

whether they are associated with legitimate entities.

Frequently, Intent Analysis is the defense layer that catches phishing attacks. The Barracuda Email Security Service applies

the following forms of Intent Analysis to inbound mail, including real-time and multi-level intent analysis:

• Intent Analysis – Markers of intent, such as URLs, are extracted and compared against a database maintained

by Barracuda Central.

• Real-Time Intent Analysis – For new domain names that may come into use, Real-Time Intent Analysis involves

performing DNS lookups against known URL blocklists.

• Multilevel Intent Analysis – Use of free websites to redirect to known spammer websites is a growing practice used

by spammers to hide or obfuscate their identity from mail scanning techniques such as Intent Analysis. Multilevel

Intent Analysis involves inspecting the results of Web queries to URLs of well-known free websites for redirections to

known spammer sites.

Enable Intent Analysis on the Inbound Settings > Anti-Phishing page. Domains found in the body of email messages can

also be blocked based on or exempt from Intent Analysis on that page.

3.3.3 Bulk Email Detection

Many users subscribe to websites and lists and later forget that they subscribed, or subscribed unknowingly. Email

messages containing anything that looks like an unsubscribe link or instruction may or may not be considered spam

by the recipient. To provide users the opportunity to decide, you can quarantine bulk email messages that contain

unsubscribe links or instructions, or you can choose to block them all, thereby reducing the load on your mail server.

Configure Bulk Email Detection on the Inbound Settings > Anti-Spam/Antivirus page.

 If this feature is set to Block or Quarantine, email messages/domains that are exempted by users or the
administrator override this setting and are allowed.

3.3.4 Rate Control

The Barracuda Email Security Service Rate Control feature protects your organization from spammers or spam-programs

(also known as “spam-bots”) that send large amounts of email to the server in a small amount of time. Configure rate

control on the Inbound Settings > Rate Control page.

Student Guide | Barracuda Essentials Foundation Inbound Filtering Policy | 75

The Rate Control mechanism counts the number of recipients for a domain from a sender (a single IP address) over a half-

hour time frame and compares that number to the Maximum Recipients per Sender IP Address/30 minutes threshold

you set on the page. If the number of inbound recipients for a domain from a sender (a single IP address) exceeds this

threshold within a half hour period, the Barracuda Email Security Service defers any further connection attempts from

that particular IP address until the next half hour time frame and logs each attempt as deferred in the Message Log with a

Reason of Rate Control.

You can exempt trusted IP addresses from Rate Control by adding a trusted IP address to the Rate Control Exemption list.

Organizations that relay email through known servers or communicate frequently with known partners can and should

add the IP addresses of those trusted relays and good mail servers to this list.
Student Guide | Barracuda Essentials Foundation Outbound Filtering Policy | 77

3.4 Outbound Filtering Policy

Outbound filtering options are configured on the Outbound Settings pages of the Barracuda Email Security Service and

are different from those for inbound filtering, including:

• Optional encryption for secure message transmission.

• Data Leak Prevention (DLP) filtering using pre-defined patterns such as credit card number, social security number,

driver’s license or HIPAA medical terms, to block, quarantine, or encrypt outbound messages. Exceptions to DLP block/

quarantine policy can be created for emails containing phone numbers and/or street addresses. See the Outbound

Settings > Content Policies page for details.

• Outbound Quarantine and quarantine notifications, enabling administrators to deliver, reject, delete or export outbound

messages from senders within the organization.

3.4.1 DLP and Outbound Mail Encryption

For health care providers, governmental agencies and other entities who need to protect private, sensitive, and

valuable information communicated via email, the Barracuda Email Security Service provides Data Leak Prevention

(DLP) features using email encryption. DLP enables your organization to satisfy email compliance filtering for corporate

policies and government regulations such as HIPAA and Sarbanes-Oxley (SOX). Advanced content scanning is applied

for keywords inside commonly used text attachments, as well as email encryption. You can configure email encryption

policies per domain.

Outbound Mail Encryption

Encryption is performed by the Barracuda Email Encryption Service, which also provides a web interface, the Barracuda

Message Center, for recipients to retrieve encrypted messages.

Figure 1: Mail Flow for Encrypted messages sent through the Barracuda Email Security Service.
78 | Outbound Filtering Policy Barracuda Essentials Foundation | Student Guide

 When the Barracuda Email Encryption Service encrypts the contents of a message, the message body does
not display in the Message Log. Only the sender of the encrypted message(s) and the recipient can view
the body of an encrypted message.

Secure Sensitive Message Transmission

TLS provides secure transmission of email content, both inbound and outbound, over an encrypted channel using the

Secure Sockets Layer (SSL) - also known as TLS. For DLP, you should require mail to be sent outbound from the Barracuda

Email Security Service over a TLS connection. To do so, enable Force TLS for each domain on the Outbound Settings >

DLP/Encryption page. Mail sent to these domains must be transmitted across a TLS connection. If a TLS connection can

not be established, then the mail will not be delivered.

Create Policies for when to Encrypt Messages

Use the Outbound Settings > Content Policies page to create policies for encryption of outbound message in

one or both sections:

• Message Content Filters – You can select the Encrypt action for outbound email based on characteristics of the

message’s subject, header or body. You can specify simple words or phrases, or use Regular Expressions. Content

filtering is case sensitive.

• Predefined Filters – You can select the Encrypt action for outbound email messages that contain matches to pre-made

patterns in the subject line, message body or attachment. Use the following pre-defined data leakage patterns (specific

to U.S.) to meet HIPAA and other email security regulations:

• Credit Cards – Messages sent through the Barracuda Email Security Service containing recognizable Master Card, Visa,

American Express, Diners Club or Discover card numbers will be subject to the action you choose.

• Social Security – Messages sent with valid social security numbers will be subject to the action you choose. U.S. Social

Security Numbers (SSN) must be entered in the format nnn-nn-nnnn.

• Privacy – Messages will be subject to the action you choose if they contain two or more of the following data types,

using common U.S. data patterns only: credit cards (including Japanese Credit Bureau), expiration date, date of birth,

Social Security number, driver’s license number, street address, or phone number. Phone numbers must be entered in

one of the following formats:

• nnn-nnn-nnnn

• (nnn)nnn-nnnn

• nnn.nnn.nnnn
Student Guide | Barracuda Essentials Foundation Outbound Filtering Policy | 79

• HIPAA – Messages are subject to the action you choose if they contain TWO of the types of items as described in

Privacy above and ONE medical term, or ONE Privacy item, ONE Address and ONE medical term. A street address can

take the place of Privacy patterns. So, for example, a U.S. Social Security Number (SSN), an address, and one medical

term is enough to trigger the HIPAA filter.

The format of this data varies depending on the country, and these filters are more commonly
used in the United States; they do not apply to other locales. Because of the millions of ways that
any of the above information can be formatted, a determined person will likely be able to find a way
to defeat the patterns used. These filter options are no match for educating employees about what is
and is not permissible to transmit via unencrypted email.

Click Help on the Outbound Settings > Content Policies page in the Barracuda Email Security Service web

interface for more details.

Send and Receive Encrypted Messages

The Barracuda Message Center is a web-based email client for receiving and managing encrypted email sent by the

Barracuda Email Security Service. The email client looks and behaves much like any web-based email program

(see Figure 2). The workflow for sending and receiving encrypted messages is as follows:

1. Outbound messages that meet the filtering criteria and policies configured as described above are encrypted and

appear in the Message Log, but the message body does not appear in the log for security purposes.

2. The Barracuda Message Center sends an email notification to the recipient including a link the recipient can click to

view and retrieve the message from the Barracuda Message Center.

3. The first time the recipient clicks this link, the Barracuda Message Center prompts them to create a password.

4. The recipient logs into the Barracuda Message Center and is presented with a list of email messages. All encrypted

messages received appear in this list for a finite retention period or until deleted by the recipient.

Figure 2: Barracuda Message Center web interface

When the recipient replies to the encrypted email message, the response is also encrypted and the sender receives a

notification that includes a link to view and retrieve the message from the Barracuda Message Center.
80 | Outbound Filtering Policy Barracuda Essentials Foundation | Student Guide

3.4.2 Content Analysis

Custom Content Filters

Customize content filtering based on any combination of subject, headers, body, attachments, sender, or recipient, and

apply to outbound mail. See the Outbound Settings > Content Policies page for settings. Filter actions for outbound mail

include Block, Allow, Quarantine, and Encrypt.

Messages that meet the Quarantine criteria are sent to the Outbound Quarantine for the administrator to evaluate.

Messages can then be viewed, delivered, rejected, deleted, or exported from the Overview > Outbound Quarantine page.

Attachment Content Filters

All outbound messages, including those from exempt senders, go through attachment filtering. On the Outbound

Settings > Content Policies page, you can select to filter text matching the entered pattern based on File Name or MIME

type, and select whether to Block, Ignore, or Quarantine outbound messages. Additionally, you can select to Block,

Ignore, or Quarantine attached archive files that require a password to unpack.

Message Content Filters

Enter filter patterns and select to Block, Allow, Quarantine, or Encrypt for Subject, Headers, Body, Attachments, Sender,

or Recipient. Note that Header filters are applied to both the header name and content of any header, while the Subject

filters only scan the contents of the Subject header. Use regular expressions as well as the following special characters:

. [ ] \ * ? $ ( ) | ^ @

When using the above special characters, you must escape each character with a backslach (“\”).

Predefined Filters
Select a predefined data leakage patterns (specific to the United States) for Subject, Headers, Body, or Attachments.

Select whether to Block, Quarantine, or Encrypt outbound messages based on the filter.

Predefined Filter Exceptions

Add exemptions to predefined HIPAA or Privacy content filters to prevent outbound emails that include phone number or

street address items from being blocked, quarantined, or encrypted.

Image Analysis
Image analysis techniques protect against new image variants. Image analysis is automatically configured in the Barracuda

Email Security Service.

Student Guide | Barracuda Essentials Foundation Outbound Filtering Policy | 81

3.4.3 Abuse Monitoring and Notifications

Outbound email traffic is automatically monitored for Rate Control by the Barracuda Email Security Service. If the volume

of outbound mail messages from the service exceeds normal levels during a 30 minute time frame, the Rate Control

feature will take effect and outbound mail will be deferred until the end of the 30 minute time frame. IP addresses of

senders of outbound mail who consistently trigger Rate Control will be logged on the Outbound Settings > Abuse

Monitor page in the IP Addresses With Recent Abuse table.

Abuse Notifications
An abuse notification email may be sent to the administrator of your Barracuda Email Security Service for various reasons.

These include but are not limited to:

• Sending mail to more than 150 recipients per 30 minute period.

• Sending out mail to more invalid recipients than allowed by the Barracuda Email Security Service.

• Sending out mail that has been classified by the Barracuda Email Security Service as spam or as containing a virus.

If your network sends out a large email blast, this may trigger an abuse notice from the Barracuda Email Security Service.

This notice informs you that you are sending out mail to more than 150 recipients per 30 minute period. This is not a block

of your mail, but rather delays the delivery of the messages. The mail will eventually go out, but at a much slower rate over

a longer period of time.

To prevent generation of an abuse notice, it is recommended that you spread out the delivery of email blasts over a longer

period of time or to smaller groups of recipients, and to make sure that the addresses you are sending to are legitimate.

The limits set by the Barracuda Email Security Service on the number of recipients that can be sent mail per 30 minutes

protects against an outbound spam attack from a customer’s network.

IP Addresses with Recent Abuse

The owner of an IP address that appears in this table on the Outbound Settings > Abuse Monitor page for consistently

exceeding Rate Controls can click Request Increased Limit to request Barracuda Networks to allow a higher volume of

outbound mail so that Rate Control does not take effect.

Suspended IP Addresses
IP addresses that send very high volumes of email, consistently triggering Rate Controls, may be suspended from sending

outbound mail through the Barracuda Email Security Service.

82 | Outbound Filtering Policy Barracuda Essentials Foundation | Student Guide

3.4.4 Outbound Quarantine

Configure policies on the Outbound Settings pages to quarantine outgoing messages that meet certain criteria.

The administrator can view all quarantined outbound messages from senders within the organization and select to delete,

reject, deliver, or export those messages from the Overview > Outbound Quarantine page.

 Rejected Messages
When enabled by the administrator, the sender receives a non-delivery report (NDR) indicating that their
message will not be sent to the recipient.

Admin Quarantine Notification

Configure Outbound Quarantine Notifications and NDRs for administrators and senders of quarantined mail on

the Outbound Settings > Notifications page. The domain administrator receives a quarantine summary report at a

specified interval, listing outbound quarantined messages since the last report.

Sender Quarantine Notification

When a message ends up in the outbound quarantine, the sender receives an NDR email when Quarantine Sender

Notification is enabled on the Outbound Settings > Notifications page. The email template is configurable.

Rejected Message Notification

If the administrator rejects an email in the outbound quarantine, an NDR is sent to the email sender. The email

template is configurable.

3.4.5 Outbound Rate Control

The Barracuda Email Security Service outbound rate limit is the number of messages an individual user on the account

can send out per day. By default, the Barracuda Email Security Service outbound rate limit is set to 150 recipients per 30

minutes per sender, or 7200 recipients per day. If users are hitting this rate limit, then they are sending mail to more than

150 recipients per 30 minute period.

 Note that rate limit is not a block of their mail, but a deferral. The mail server retries this mail until
it is all delivered.
Per-user rate control only affects users listed in the Users > Users List; the rate limit for users not in this
page get the per-domain rate limit, normally 250 per 30 minute period. Anyone sending outbound mail
through the Barracuda Email Security Service should be listed in the Users > Users List page.
Student Guide | Barracuda Essentials Foundation Outbound Filtering Policy | 83

A sender may hit rate control limits due to your mail server configuration. For example, if a user sends out a mass mailing

to 1000 people, they will hit their rate control limit. Based on 150 recipients per 30 minute period, it will take at least 4

hours for all of the mail to be delivered. If your mail server retries this deferred mail every few minutes this can cause the

sender to remain rate limited for a very long time. Barracuda recommends that you configure your mail server to retry

deferred connections every 30 minutes to avoid this issue.

If you have mail that must go out immediately, Barracuda recommends either:

• Bypassing the Barracuda Email Security Service and sending it directly to the Internet, or

• Use a mass mailing service designed for this purpose.

 If you are using a mass mail program that does not retry deferred mail, Barracuda recommends that you
configure the system to deliver the mail directly to the Internet or have it relay the mail through a fully
functional mail server that can correctly handle deferred mail.

Exceeding rate control limits displays in your outbound abuse report page, however, if there is a problem with your

account resulting in your outbound IP address being blocked or a blocked user email address, Barracuda will contact you

via email or phone explaining the problem requiring attention.

Student Guide | Barracuda Essentials Foundation Advanced Configuration | 85

3.5 Advanced Configuration

3.5.1 Secured Message Transmission

To prevent data leakage and ensure compliance with financial, health care and other federally-regulated agency

information policies, the Barracuda Email Security Service provides several types of encryption for inbound and

outbound message traffic.

Send Messages Over an Encrypted Channel

TLS provides secure transmission of email content, both inbound and outbound, over an encrypted channel using the

Secure Sockets Layer (SSL).

To require mail to be sent outbound from the Barracuda Email Security Service over a TLS connection, you can

enable Force TLS for each domain on the Outbound Settings > DLP/Encryption page. Mail sent to these domains must

be transmitted across a TLS connection. If a TLS connection can not be established, then the mail will not be delivered.

To require mail coming inbound to the Barracuda Email Security Service to use a TLS connection, use the SMTP Over

TLS setting on the Domains > Settings page for each domain. If you enable SMTP over TLS, then if TLS is available on your

organization’s mail server, inbound mail is sent over a TLS channel. If not, mail is sent in cleartext.

Outbound Mail Encryption

For guaranteed message encryption and ensured delivery of outbound messages, use the Barracuda Message Center to

encrypt the contents of certain outbound messages. You can create policies for when to encrypt outbound messages on

the Outbound Settings > Content Policies page for a domain.

3.5.2 Sender Authentication

Sender Authentication mechanisms enable the Barracuda Email Security Service to protect your network and users from

spammers who might “spoof” a domain or otherwise hide the identity of the true sender.
86 | Advanced Configuration Barracuda Essentials Foundation | Student Guide

Sender Policy Framework

When Sender Policy Framework (SPF) checking is enabled on the mail server or network, it is critical
when using the Barracuda Email Security Service that you either disable SPF checking in the service or
add the Barracuda Email Security Service IP ranges to your SPF exemptions based on your Barracuda
Email Security Service instance; see Barracuda Email Security Service IP Ranges in Barracuda Campus
for a list of IP rages based on your Barracuda Email Security Service instance. If this is not done, the SPF
checker blocks mail from domains with an SPF record set to Block. This is because the mail is coming
from a Barracuda Email Security Service IP address not in the sender’s SPF record.

SPF is an open standard specifying a method to prevent sender address forgery. The current version of SPF protects the

envelope sender address, which is used for message delivery. SPF works by having domains publish reverse MX records

to display which machines are designated as mail sending machines for that domain. When receiving a message from a

domain, the recipient can check those records to verify mail is coming from a designated sending machine. If the message

fails the SPF check, it is assumed to be spam.

Messages that fail SPF check can be blocked and are logged as such. Enable or disable the SPF feature for checking

inbound mail from the Inbound Settings > Sender Authentication page.

Note that if you enable SPF, you can also enable the Sender Rewriting Scheme (SRS). This option is configurable from

the Advanced Configuration section of the Domains > Domain Settings page and, when enabled, the Barracuda Email

Security Service makes the IP address of your sending mail server visible to the agent performing SPF verification on

the recipient’s end.

Blocking No PTR Records

While the A record for a domain points to an IP address, the PTR record resolves the IP address to a domain/hostname; PTR

records are used for reverse DNS lookup. Enabling this feature means that the Barracuda Email Security Service queries

DNS for the SPF record of the sending domain and, if there is no entry for the sending IP address, that is, no PTR record, the

message is blocked. Configure on the Inbound Settings > Sender Authentication page.

Custom Policies and Sender Spoof Protection

Enable Sender Spoof Protection on the Inbound > Sender Authentication page when you do not have an SPF record set

up for your domain. Use Sender Spoof Protection to block “From” addresses that use your domain. Note that Sender Spoof

Protection is for inbound mail only, and does not stop your domain from being spoofed at other mail servers.
Student Guide | Barracuda Essentials Foundation Advanced Configuration | 87

3.5.3 Directory Services

User authentication and recipient verification are a critical part of maintaining security of email flowing into and out of

your organization. By identifying known trusted senders and recipients of email, you can block a large percentage of spam,

viruses, and malware from your network. Configure directory services on the Domain > Domain Settings page.
Student Guide | Barracuda Essentials Foundation Administration | 89

3.6 Administration

3.6.1 User Accounts

Administrators can manage user accounts for all domains configured in the Barracuda Email Security Service from

the Users tab, including:

• Manually add or delete users.

• Set a user as domain administrator to select domains.

• Log in as a user.

• Set notification status for account and domain administrators.

• Set default email scanning policies for managed and unmanaged users.

• Enable user quarantine and quarantine notification interval.

• Set the default time zone for all users.

• Change user account passwords and settings.

Users can view their quarantine inbox (Message Log) and set account preferences. Available settings are dependent upon

administrator settings.

• Modify individual settings for quarantine notification reports.

• Deliver or delete quarantined messages.

• Change password.

• Use the current account as an alias to link accounts. From the Settings > Linked Accounts page, the user can

add additional email addresses they may have in the same domain for which quarantined email should be

forwarded to this account.

• Create exempt and blocklists for email addresses, users, and domains.

See the Barracuda Email Security Service User Guide for more information.

Default User Settings

Configure default scan/block/allow policies for both Managed Users and Unmanaged Users on the Users >

Default Policy page:

• Managed Users – Users configured either manually or by synchronizing with your LDAP server or Azure AD. Managed

Users display in the Users > Users List page.

• Unmanaged Users – All email senders and recipients for the configured domains, but who are not in your users

list for some reason.

90 | Administration Barracuda Essentials Foundation | Student Guide

 If you do not modify the default scan/block/allow policies, all email is scanned rather
than blocked or allowed.

Add or Update Users

From the Users > Add/Update Users page, you can:

• Manually create or update user accounts – When Notify New Users is set to Yes, the Barracuda Email Security Service

sends a welcome email once the account is created. The email states that the user has a new quarantine account and

includes a link to log in to change their password or review account settings. Note that the link will expire in 7 days. Once

the user receives their first quarantined email in their quarantine inbox (Message Log), a second email is generated as

the first quarantine notification. This email is only generated if there is a notification interval set and the recipient has

received at least one message marked with the Action Quarantine.

 The welcome email is only sent to a user when you manually create the account, it is not sent if the
account is created automatically. Accounts can be automatically created by setting the Automatically
Add Users option to Yes on the Domains > Settings page.

• Enable User Quarantine – When set to Yes, the Barracuda Email Security Service sends a notification that the user has

quarantined messages. Set a predefined notification interval or allow users to override this setting and configure their

own notification interval on the Users > Quarantine Notification page.

3.6.2 User Authentication

Sender and recipient verification are a critical part of maintaining security of email flowing into and out of your

organization. By identifying known trusted email senders and recipients, you can block a large percentage of spam, viruses,

and malware from your network.

Azure Active Directory and Single Sign On

Configure recipient verification with Azure Active Directory (AD) to allow end-users to sign in to the Barracuda Email

Security Service using their Azure AD credentials. Once logged in, users can view their quarantine messages.

You can configure Single Sign-On (SSO) for a domain so that authenticated users can access all or a subset of the restricted

resources by authenticating just once using their Azure AD credentials. SSO is a mechanism where a single set of user

credentials is used for authentication and authorization to access multiple applications across different web servers and

platforms, without having to re-authenticate.

The SSO environment protects defined resources (websites and applications) by requiring the following steps

before granting access:

Student Guide | Barracuda Essentials Foundation Administration | 91

• Authentication: Authentication verifies the identity of a user using login credentials.

• Authorization: Authorization applies permissions to determine if this user may access the requested resource.

Complete the Azure AD setup steps for each domain you want to synchronize with your Azure AD directory.

Set Up Azure AD
1. Log in to https://login.barracudanetworks.com/ using your account credentials, and click Email

Security in the left pane.

2. Click Domains, and click Edit in the Settings column for the desired domain.

3. In the Domains > Domain Settings page, scroll to the Directory Services section, and select Azure AD, and click Save

Changes at the top of the page.

4. Scroll down to the Status section, and click Authorize.

5. The Authorize Azure AD dialog box displays. Click Continue.

6. When prompted, log in to your Microsoft Office 365 account using your administrator credentials.

7. In the Authorization page, click Accept to authorize the Barracuda Email Security Service to connect to

your Azure AD directory.

8. In the Barracuda Email Security Service Domain Settings page, the Status field displays as Active; the Authorized

Account and Authorization Date display below the status:

9. Click Sync Now to add your Azure AD users to the Barracuda Email Security Service.

10. The synchronization progress displays; allow the process to complete.

11. In the Synchronization Options section, select Synchronize Automatically. When selected, the Barracuda

Email Security Service automatically synchronizes with your Azure AD directory every 15 minutes and

adds/updates your users.

 If you select Manual, you must click Sync Now to synchronize the Barracuda Email Security Service
with your Azure AD directory and add/update users.

12. To use SSO, click Yes for Enable Single Sign On. Once enabled, users are prompted to log in to their Microsoft Office

365 account when accessing their messages in the Barracuda Email Security Service.

13. Click Save at the top of the page to save your settings and return to the Domains page.
92 | Administration Barracuda Essentials Foundation | Student Guide

LDAP User Authentication

You can synchronize the Barracuda Email Security Service with your existing LDAP server to automatically create accounts

for all users in the domain. LDAP lookup configuration and LDAP authentication of user logins is done by domain on

the Domains > Domain Settings page. On the Domains page, click Edit in the Settings column to the right of the

domain name. Once you configure your LDAP settings on the Domains > Domain Settings page, click Synchronize Now

to create user accounts for all users in your LDAP server.

Complete the LDAP setup steps for each domain you want to synchronize with your LDAP server.

Set Up LDAP
1. Log in to https://login.barracudanetworks.com/ using your account credentials, and click Email

Security in the left pane.

2. Click Domains, and click Edit in the Settings column for the desired domain.

3. In the Domains > Domain Settings page, scroll to the Directory Services section, and select LDAP, and click Save

Changes at the top of the page.

4. Enter your LDAP server settings in the provided fields.

5. Click test Settings to ensure the Barracuda Email Security Service can communicate with the server.

6. In the Synchronization Options section, select Synchronize Automatically. When selected, the Barracuda Email

Security Service automatically synchronizes your LDAP users to its database on a regular basis for recipient verification.

With Microsoft Exchange server, the synchronization is incremental. Select No if you want to synchronize manually in

case your LDAP server is not always available. To synchronize manually, click Synchronize Now.

7. Click Save at the top of the page to save your settings and return to the Domains page.

3.6.3 Reports, Logs, and Notifications

The Barracuda Email Security Service includes numerous reports and logs.

Dashboard
The Dashboard page displays summarized inbound and outbound email statistics for the Barracuda Email Security

Service. You can view statistics for a single domain or all verified domains on your account. From the Dashboard, you can

view the following details:

• Threat Origins – View geographic origins of threats detected in email processed by the Barracuda Email Security Service

for the domains in your account.

• Top Recipient Domains/Top Sender Domains – View total number of messages processed, number of blocked

messages, or number of allowed messages.

Student Guide | Barracuda Essentials Foundation Administration | 93

• Traffic Status – View the data and time of the most recently received and sent messages.

• Subscriptions – View Barracuda Email Security Service account and Advanced Threat Protection (ATP) subscription status.

• Inbound Email Statistics – View a graph of the total inbound messages processed, in the time frame, by number

allowed, blocked, quarantined, and blocked for virus.

• Inbound: Top Recipients/Senders Blocked – View either recipients of inbound blocked messages or senders of

inbound blocked messages.

• Outbound Email Statistics: Overview – View a graph of the total outbound messages processed, in the time frame, by

number sent (allowed), blocked, and quarantined.

• Outbound: Top Recipients/Senders Blocked – View top recipient and senders blocked.

• Total Threats/Viruses: Overview – View viruses detected by the Barracuda Email Security Service virus scanner, as well as

advanced threats detected by ATP including file type.

• Last Blocked: ATP – View filename and file type of attachment determined to be infected by ATP.

Message Log
The Message Log is a window into how the current spam, virus, and policy settings are filtering email coming through the

Barracuda Email Security Service. Use the information in the log to help tune your inbound and outbound policy settings.

Sort messages using the Advanced Search feature to quickly view email by allowed, deferred, quarantined, encrypted

(outbound), or blocked messages by domain, sender, recipient, time range (last 2- 30 days), envelope to, envelope from,

reason, action taken, date or subject. The Message Log reflects all email traffic through the Barracuda Email Security

Service at the global level. If you click on a verified domain on the Domains > Domain Manager page, a tab for the

Message Log for that domain displays. Additionally, you can track end-user quarantine notifications in the Message Log.

Reports
Use the Reports tab to generate reports including:

• Inbound Traffic

• Outbound Traffic

• Top Email Senders/Recipients

• Top Spam Senders/Recipients

• Top Virus Senders/Recipients

• Top Blocked Senders/Recipients

Reports cover global activity across all domains for which you have mail filtered, with up to a maximum history of

30 days of data. Use the calendar controls to set the start date; note that you cannot run a report that covers more

than a seven day period.

94 | Administration Barracuda Essentials Foundation | Student Guide

Advanced Threat Protection

The ATP service analyzes inbound email attachments and publicly accessible direct download links in a separate, secured

cloud environment, detecting new threats and determining whether to block such messages. When ATP is enabled on

the ATP Settings page, inbound email attachments are scanned for threats based on policies configured on the Inbound

Settings > Content Policies page. Discovered attachments display in the Overview > ATP Log page, and messages

blocked by ATP display in the Message Log.

Access ATP reports in the Message Log to determine whether to deliver messages. Repeat the following steps

for each attachment.

View Messages Blocked by ATP

1. Log in to Barracuda Email Security Service as the administrator, and g o to Overview > Message Log.

2. Set message filters and search criteria as needed, and click Search.

3. Messages blocked by ATP display as Not Delivered.

4. Click on the message, and in the reading pane, click ATP Reports.

5. The Email Delivery Warning dialog box displays a list of attachments, one or more of which is suspected

of being Infected. If you want to deliver the email and the associated attachments, first review the report

for each attachment.

6. Click View Report for the suspicious attachment, and r eview the report details.

7. Once you review all attachments, and if you determine you want to deliver the email and the associated attachments,

review and accept the disclaimer, and click Deliver in the Email Delivery Warning dialog box.

8. If the message is delivered successfully, the Delivery Status changes to Delivered. If the mail cannot be delivered, this

is reflected as a notice in your browser window and the Delivery Status does not change.

Abuse Monitoring and Notifications

Outbound email traffic is automatically monitored for Rate Control by the Barracuda Email Security Service. If the volume

of outbound mail messages from the service exceeds normal levels during a 30 minute time frame, the Rate Control takes

effect and outbound mail is deferred until the end of the 30 minute time frame. IP addresses of outbound mail senders

who consistently trigger Rate Control are logged on the Outbound Settings > Abuse Monitor page in the IP Addresses

With Recent Abuse table. IP addresses that send very high volumes of email, consistently triggering Rate Controls, may be

suspended from sending outbound mail through the Barracuda Email Security Service.

An abuse notification email is sent to the administrator of your Barracuda Email Security Service for various reasons,

including but not limited to:

Student Guide | Barracuda Essentials Foundation Administration | 95

• Sending mail to more recipients per 30 minute period than allowed by the Barracuda Email Security Service;

• Sending mail to more invalid recipients than allowed by the Barracuda Email Security Service;

• Sending mail that has been classified by the Barracuda Email Security Service as spam or as containing a virus.

3.6.4 Quarantine
Configure policies on the Outbound Settings > Content Policies pages to quarantine outgoing messages that meet

certain criteria. The administrator can view all quarantined outbound messages from senders within the organization and

select to delete, reject, deliver, or export those messages from the Overview > Outbound Quarantine page.

 Rejected Messages
When enabled by the administrator, the sender receives a non-delivery report (NDR) indicating that their
message will not be sent to the recipient.

Configure Outbound Quarantine Notifications and NDRs for administrators and senders of quarantined mail on

the Outbound Settings > Notifications page.

Admin Quarantine Notification

The domain administrator receives a quarantine summary report at a specified interval, listing outbound quarantined

messages since the last report.

Set Up Notification
1. On the Outbound Settings > Notifications page, in the Admin Quarantine Notification section, select

the Notification Interval:

• Never – When selected, no quarantine summary report is sent.

• Immediately – A quarantine summary is sent to the enter Notification Address once you save changes.

• Scheduled – When selected, the Schedule notification intervals section displays. Click and drag to select the day

and time when you want the notification sent.

2. Enter the email address to which the report is to be sent in the Notification Address field.

3. Click Save Changes.

Sender Quarantine Notification

When a message ends up in the outbound quarantine, the sender receives an NDR email when Quarantine Sender

Notification is enabled on the Outbound Settings > Notifications page. The email template is configurable.
96 | Administration Barracuda Essentials Foundation | Student Guide

Set Up Sender Quarantine Notification

1. On the Outbound Settings > Notifications page, in the Sender Quarantine Notification section, select Yes to send a

notification to the sender of a quarantined outbound message.

2. Enter the Quarantine Notification Address.

3. Enter the subject of the NDR in the Quarantine Notification Subject field.

4. Configure the body of the NDR email using the Quarantine Notification Template.

Notification to Sender of Rejected Message

If the administrator rejects an email in the outbound quarantine, an NDR is sent to the email sender. The email

template is configurable.

Configure NDR
1. On the Outbound Settings > Notifications page, enter the following details in the Notification to Sender of

Rejected Message section:

a. Reject Notification Address – Enter the NDR ‘from’ address that the sender receives.

b. Reject Notification Subject – Enter the NDR subject that the sender receives.

c. Reject Notification Template – Configure the body of the NDR.

2. Click Save Changes.

Student Guide | Barracuda Essentials Foundation Outbound Spam Protection | 97

3.7 Outbound Spam Protection

By scanning all outbound messages, you can ensure that all email leaving your organization is legitimate, virus-free, and

does not leak private or sensitive information from inside the organization.

The following policies are applied by default to all outbound mail by the Barracuda Email Security Service:

• Scanning for viruses and intent

• Scanning and scoring for spam content

• If a virus or spam is discovered in an outbound message, the message is not delivered; however, mail caught for spam

can be manually delivered by the administrator

You cannot bypass outbound mail virus or spam filtering.

Outbound filtering options are configured on the Outbound Settings pages:

• Optional encryption for secure message transmission;

• Data Leak Prevention (DLP) filtering using pre-defined patterns such as credit card number, social security number,

driver’s license, or HIPAA medical terms, to block, quarantine, or encrypt outbound messages;

• Create exceptions to DLP block/quarantine policy for emails containing phone numbers and/or street addresses on

the Outbound Settings > Content Policies page;

• Set Outbound Quarantine and quarantine notifications to allow administrators to deliver, reject, delete, or export

outbound messages from senders within the organization.

Student Guide | Barracuda Essentials Foundation Advanced Threat Protection | 99

3.8 Advanced Threat Protection

The Barracuda Email Security Service subscription-based Advanced Threat Protection (ATP) service analyzes inbound email

attachments with most MIME types in a separate, secured cloud environment, detecting new threats and determining

whether to block such messages. ATP offers protection against advanced malware, zero-day exploits, and targeted attacks

not detected by the Barracuda Email Security Service virus scanning features. Enable ATP on the ATP Settings page.

 When ATP determines an attachment contains a threat and blocks the message, review the ATP Report
before determining whether to deliver the message.

3.8.1 Advanced Threat Protection Options

Configure policies on the Inbound Settings > Content Policies page, and specify how and when attachments are

scanned on the ATP Settings page.

Deliver First, then Scan

When selected, the ATP service attempts to scan the mail in real time. If the ATP scan completes in real time and a virus

is detected, the message is blocked and is not delivered. If the ATP scan does not complete in real time, the message is

delivered; if the ATP service determines the attachment to be suspicious or virus-infected upon completion, the recipient

is notified, and if Notify Admin is set to Yes, an email alert is sent to the specified admin address.

Figure 1. Scan is Complete in Real Time, No Threat Detected.

100 | Advanced Threat Protection Barracuda Essentials Foundation | Student Guide

Figure 2. Mail is Delivered Before Scan Complete; Threat Detected.

 This option does not delay email processing, however, the email recipient can potentially open an
infected attachment.

Scan First, then Deliver

When selected, the ATP service scans new messages with attachments before delivery. If a virus is detected

in an attachment, or the attachment is a known threat, the message is blocked, otherwise, the message is

delivered to the recipient.

 This option provides more security and prevents the email recipient from opening infected attachments.
These messages appear in the Message log and Pending Scan displays in the Reason column. The mail
server retries until the scan is complete and no virus is detected in the attachment, at which point the
message is delivered. Note that messages with attachments may be temporarily deferred while queued
for scanning. If the message status is deferred for more than four hours, the message is quarantined.

Figure 3. Attachment is Recognized as a Known Threat.

Student Guide | Barracuda Essentials Foundation Advanced Threat Protection | 101

Figure 4. Attachment is Scanned and Determined to be Suspicious.

Figure 5. No Threat Detected in Attachment.

Advanced Threat Protection Disabled

When set to No on the ATP Settings page, ATP is disabled.

3.8.2 Advanced Threat Protection Exemptions

When ATP is set to either Deliver First, then Scan or Scan First, then Deliver, you can exempt sender email addresses,

sender domains, recipient email addresses, recipient domains, or sender IP addresses from ATP scanning in the ATP

Exemptions section on the ATP Settings page.

 Attachments from exempted entries are not sent to the ATP cloud. Note that these exemptions apply
to ATP scanning only and do not apply to Barracuda Email Security Service virus scanning.

3.8.3 Administrator Notification

When Deliver First, then Scan is selected, select Yes for Notify Admin to notify the administrator when a virus is detected

by the ATP service in a scanned attachment. The email notification includes the sender, recipient, attachment type, and

detected virus. Enter the admin email address in the ATP Notification Email field address. Infected attachments are

listed in the ATP Log.

102 | Advanced Threat Protection Barracuda Essentials Foundation | Student Guide

3.8.4 ATP Exemptions

When ATP is set to either Deliver First, then Scan or Scan First, then Deliver, you can exempt sender email addresses,

sender domains, recipient email addresses, recipient domains, or sender IP addresses from ATP scanning. Attachments

from exempted entries are not sent to the ATP cloud. Note that these exemptions apply to ATP scanning only and do not

apply to Barracuda Email Security Service virus scanning.

3.8.5 Message Log

Messages blocked or deferred by the ATP service are listed in the Message Log with the following codes listed

in the Reason column:

• Advanced Threat Protection – Message is blocked by the ATP service due to an infected attachment.

• Pending Scan (Scan First, then Deliver enabled) – Message is deferred while the attachment is scanned. The mail server

retries until the scan is complete. Once complete, if no virus is detected, the message is delivered.

• ATP Service Unavailable – Message is deferred because the ATP service is temporarily unavailable. The message is retried

and, when the scan is complete and if no virus is detected, the message is delivered.

3.8.6 View ATP Statistics

The Dashboard page displays statistics of scanned attachments determined to be infected by the ATP service.

3.8.7 Deferred Delivery

If a message scanned by ATP is quarantined or blocked (for example, ATP determines the message attachment is

suspicious), the admin can select to deliver the message.

Student Guide | Barracuda Essentials Foundation Email Continuity | 103

3.9 Email Continuity

Email Continuity allows end-users to send, receive, compose, and forward emails when designated mail servers are

unavailable. Note that Email Continuity is automatically disabled after 96 hours. Messages in the Email Continuity are

viewable in the Message list for 30 days, after which they expire.

Enable Email Continuity for all users on all domains on the account to comply with business continuity regulations. Keep

the following rules in mind:

• The original mail headers and timestamp sent/received during an outage are synchronized to the primary mail server to

minimize end-user confusion.

• Message for the primary and alias email are delivered to the primary account.

• When replying to a message or forwarding a message from Email Continuity, the sender is the primary email address.

• Outbound messages sent via Email Continuity are subject to the configured outbound policies.

• When Email Continuity is enabled, if the administrator logs in as a user, that user’s message log is view-only.

• Messages cannot be deleted from the Email Continuity Service.

• You cannot access or send messages via quarantine notification email when Email Continuity is in effect.

You must enable spooling for each domain where you want to enable Email Continuity.

Enable Spooling
1. Log in to Barracuda Email Security Service as the administrator, and click Domains.

2. For the domain where you want to enable Email Continuity, click Edit in the Settings column.

3. In the Options section, set Spooling to Yes.

4. Click Save Changes.

5. Complete steps 2 through 4 for each domain where you want to enable Email Continuity.

Once you enable spooling, enable Email Continuity.

Enable Email Continuity

1. Go to Users > Email Continuity.

2. Set Email Continuity to Auto-Enable.

3. Click Save Changes.

The Email Continuity status displays the date and time after which it is disabled (after 96 hours).
104 | Email Continuity Barracuda Essentials Foundation | Student Guide

3.9.1 Notifications and Status

When Email Continuity is enabled, the following notifications are available:

• Email Server Offline/Online Status – Once enabled, the administrator is notified when the mail server goes offline and

when it comes back online:

• Via Barracuda Email Security Service dashboard

• Via Barracuda Networks Android Mobile Application

• Via Barracuda Networks iOS Mobile Application

• Email Continuity Status – If spooling or Email Continuity is enabled for more than 96 hours, a warning displays in the

Barracuda Email Security Service dashboard

3.9.2 Actions
When Email Continuity is activated, users can continue to view their messages in the Message Log. In addition to the

standard message actions in the Message Log view, users can compose a new message, and forward or reply to a

message. Spooled messages display in the account admin, domain admin, recipient, and sender Message Logs when

Email Continuity is running.

When you view a message in the log, the following actions are available in the Message View page:

• Click on a message in the email list to view the message body, and take actions:

• Compose a New Message

• Reply to the sender

• Forward a message with Delivery status of Delivered to one or more email addresses; separate multiple addresses

with a comma delimiter.

• You can select to download one or more messages from Email Continuity as a .eml file.
Student Guide | Barracuda Essentials Foundation Barracuda Email Security Service Outlook Add-In | 105

3.10 Barracuda Email Security Service Outlook Add-In

Use the Outlook Add-In to access your messages and send encrypted messages via Outlook 2016 or Outlook Web Access

(OWA). Once the Add-In is installed, you can take the following actions with messages:

• Encrypt and send emails;

• Mark messages as spam and sent to Barracuda Networks.

The Barracuda Outlook Add-In supports Outlook version 2016, and Outlook Web Access (OWA)
running on Windows and Mac OS; the UI may vary depending on the device you are using to access
the Add-In. If the Outlook Reading Panel is disabled, the Barracuda Essentials icon may be grayed out
when you select a message. In this case, double-click to open the message in the reading window
and activate Barracuda Essentials. Note that the Add-In is currently unavailable on mobile devices. The
Barracuda Email Security Outlook Add-In can be deployed automatically to all users in the Exchange
server, or users can manually add the app to their Outlook installation. For details on using the Add-In,
see Barracuda Essentials for Email Security Outlook Add-In User Guide.

Use the following steps to automatically deploy the Add-In to all users in your Exchange server.

Install Outlook Add-In for all Users

Before getting started, download the Outlook Add-In from the Microsoft Office Store.

1. Log in to your Exchange Admin Center as the administrator.

2. In the left pane, click organization, and click apps.

3. Click +, and from the drop-down menu, select Add from Office Store:
106 | Barracuda Email Security Service Outlook Add-In Barracuda Essentials Foundation | Student Guide

4. Search for and select the Outlook Add-In icon, and click Add to add it to your apps:

5. Double-click Barracuda Essentials to open the App Settings dialog box, and select the default user setting:

a. Optional, enabled by default – When selected, the Outlook Add-In is automatically enabled for all users; note that

users can disable from within Outlook

b. Optional, disabled by default – When selected, the Outlook Add-In is disabled for all users; note that you will need

to send users instructions on how to enable the Add-In

c. Mandatory, always enabled. Users can’t disable this app – When selected, the Outlook Add-In is automatically

enabled and the user cannot disable the Add-In

6. Click save.

Once the app is added to your Exchange Server, notify users based on your selection in the App Settings dialog box.
Student Guide | Barracuda Essentials Foundation Barracuda Email Security Service Outlook Add-In | 107

Users can manually add the app to their Outlook or OWA account using the following steps:

Manually Install and Set Up the Outlook Add-In, Windows

1. Log in to Outlook, click the File tab, and click Manage Add Ins; you are redirected to OWA.

2. Click the + button, and select Add from the Office Store option.

3. Search for the Barracuda Outlook Add-In, and click the icon.

4. Click Add, and confirm you want to install the Add-In.

5. Click the File tab, and click Manage Add Ins.

6. If prompted, enter your log in credentials.

7. Verify the Add-In is enabled in the Manage add-ins table.

8. The Barracuda Essentials icon displays in the Microsoft Ribbon.

Manually Install and Set Up the Outlook Add-In, Mac OS X

1. Log in to Outlook, click Home, and click the Store icon in the Microsoft ribbon; you are redirected to OWA.

2. Click the + button, and select Add from the Office Store option.

3. Search for the Barracuda Outlook Add-In, and click the icon.

4. Click Add, and confirm you want to install the Add-In.

5. Click the File tab, and click Manage Add Ins.

6. If prompted, enter your log in credentials.

7. Verify the Add-In is enabled in the Manage add-ins table.

8. The Barracuda Essentials icon displays in the Microsoft Ribbon.

 Barracuda Cloud Archiving Service

4.1 Introduction to the Barracuda Cloud Archiving Service 111

4.1.1 Understanding Compliance 111

4.1.2 Litigation Support 111

4.1.3 Storage Management 112

4.1.4 Knowledge Management 112

4.1.5 Compliance 112

4.1.6 Data Retention 112

4.1.7 Litigation Holds 113

4.1.8 Datacenters by Region 113

4.2 Barracuda Cloud Archiving Service Deployment 115

4.2.1 Step 1. Add Users to Your Barracuda Cloud Control Account 115

4.2.2 Step 2. Add Email Domains 118

4.3 PST Import 119

4.3.1 PST File Import 119

4.3.2 Barracuda PST Enterprise 120

4.4 User Roles 121

4.4.1 User Roles 121

4.4.2 User Accounts 121

4.4.3 Local Accounts 121

4.4.4 LDAP Accounts 123

4.5 End-User Access 125

4.5.1 Barracuda Cloud Archiving Web Interface 125

4.5.2 Barracuda Outlook Add-In 125

4.5.3 Barracuda Stand-Alone Search Utility 127

4.5.4 Barracuda Mobile Companion App 127

4.6 Tools and Add-Ins 129

4.6.1 Barracuda Outlook Add-In 129

4.6.2 Stand-Alone Search Utility 129

4.6.3 Mobile Companion App 130

4.7 Exchange Integration 131

4.7.1 Exchange Operations 131

4.7.2 Email Import 132

4.7.3 Configure Office 365 Exchange Online Service Account and Import Historical Data 132

4.7.4 Archive Non-Email Items 136

4.7.5 Synchronize Folders 136

4.8 Search Options 139
4.8.1 Message Actions 139

4.8.2 Search as User 140

4.8.3 Select Messages 140

4.8.4 Resend to Me 140

4.8.5 Export Messages 140

4.8.6 Forward Messages 141

4.8.7 Tag Messages 141

4.8.8 Search As User 142

4.8.9 Available Actions 142

4.8.10 Build Search Queries 142

4.8.11 Advanced Search Parameters  143

4.8.12 Search Strings 143

4.8.13 Keyword Expressions 144

4.8.14 Wildcards 144

4.8.15 Domain-Based Search Strings 144

4.8.16 Compound Search Strings 144

4.8.17 Stop Words 145

4.8.18 Punctuation in Search Strings 145

4.8.19 Encrypted Email 146

4.9 Retention Policies 147

4.9.1 Global Retention Policy 147

4.9.2 Saved-Search Retention Policy 147

4.10 Litigation Holds 149

4.11 Audit Logs 151

4.11.1 Audit Log Tools and Options 151
Student Guide | Barracuda Essentials Foundation Introduction to the Barracuda Cloud Archiving Service | 111

4.1 Introduction to the Barracuda

Cloud Archiving Service
The Barracuda Cloud Archiving Service is a Software as a Service (SaaS) solution hosted in the Barracuda Cloud, previously

referred to as direct-to-cloud. The Barracuda Cloud Archiving Service is designed for customers that do not want to

manage a physical or virtual appliance. It is simpler to deploy than public cloud versions of Barracuda Message Archiver,

without additional infrastructure investment.

Emails are archived without the need to install any email client or server software. Barracuda’s extensive and robust global

cloud infrastructure ensures security, and centralized management through the Cloud Control portal makes it simple.

4.1.1 Understanding Compliance

The Barracuda Cloud Archiving Service provides everything an organization needs to comply with government

regulations in a cloud solution. The Barracuda Cloud Archiving Service stores and indexes all email for easy search and

retrieval by both regular users and third-party auditors. Backed by Energize Updates, delivered by Barracuda Central, the

Barracuda Cloud Archiving Service receives automatic updates to its extensive library of virus and policy definitions to

enable enhanced monitoring of compliance and corporate guidelines as well as document file format updates needed to

decode content within email attachments.

The Barracuda Cloud Archiving Service features an easy-to-use web user interface, creating an intuitive and cost-effective

administration tool for the Software as a Service (SaaS) solution. The web user interface allows administrators to define,

manage, and control corporate archiving settings and rules from a central location.

The Barracuda Cloud Archiving Service provides:

• Litigation Support

• Storage Management

• Knowledge Management

• Compliance

• Regulatory Compliance

4.1.2 Litigation Support

Litigation discovery involves all parties in a lawsuit and requires that all data or information relevant to the lawsuit be

provided as requested by the court of law. All email is stored and indexed for easy search and retrieval by both regular

users and third-party auditors.

112 | Introduction to the Barracuda Cloud Archiving Service Barracuda Essentials Foundation | Student Guide

4.1.3 Storage Management

Not only does the volume of email messages continue to increase, the size of the average email itself is also on the rise.

Due to the increased use of file attachments in email messages, the average email size can range between 22KB and

350KB. As such, the ability for an organization to adequately keep up with the storage demands of email can be costly.

While storage solutions can be used to deal with the problem of email message growth in the short term, the Barracuda

Cloud Archiving Service provides a more resourceful way of handling the issue over a longer period of time.

4.1.4 Knowledge Management

A company’s email system contains a vast amount of vital corporate intelligence, some of which is not replicated in

any other data or material. If email is lost or is not easily accessible, a company runs the risk of losing that intelligence.

The Barracuda Cloud Archiving Service provides management tools essential to storing and controlling access to an

organization’s knowledge base.

4.1.5 Compliance
Compliance issues are perhaps the driving force behind the increase in demand for an email archiving solution. The sheer

number of regulations requiring some form of email retention, as well as the more specific parameters of how the email

should be stored and for how long, can be confusing for administrators.

Although many regulations exist and have varying requirements, compliance is based on three concepts:

• Email permanence – Email must be maintained in its original form without alteration or deletion

• Email security – Information must be protected against all threats including unauthorized access to the email as well as

physical damage. This same concept applies to the process of legal discovery which often specifies who can access the

email (i.e., legal teams) as well as safeguards against the destruction of hard copies of the data

• Auditability – Email must be easily accessible in a timely fashion by authorized personnel upon request

4.1.6 Data Retention

By default, automated purging of messages archived on the Barracuda Cloud Archiving Service is disabled. When enabled,

the Global Retention Policy and any Saved-Search retention policies are run against all the archived messages once a

week. You can allow messages to be deleted from the Barracuda Cloud Archiving Service when the age of any message

exceeds the maximum age allowed by all matching Saved Search retention policies, or the Global Retention Policy if no

Saved Search retention policy matches the message. Retention policies are the only way to purge messages; data cannot

be deleted directly by a user.

Student Guide | Barracuda Essentials Foundation Introduction to the Barracuda Cloud Archiving Service | 113

4.1.7 Litigation Holds

Litigation Holds are created by auditors to prevent messages that meet the criteria for a specific Saved Search from being

removed from the Barracuda Cloud Archiving Service.

4.1.8 Datacenters by Region

When setting up the Barracuda Cloud Archiving Service, use the MAS hostnames based on your region.

See Data Centers by Region in Barracuda Campus for the latest MAS hostnames by region.
Student Guide | Barracuda Essentials Foundation Barracuda Cloud Archiving Service Deployment | 115

4.2 Barracuda Cloud Archiving Service Deployment

4.2.1 Step 1. Add Users to Your Barracuda Cloud Control Account

Add users through Active Directory (AD) authentication and associate a role and whose mail can be viewed with an AD

user or group, or manually configure and assign roles to local accounts in the web interface.

Understanding Roles
• User – Able only to view messages accessible to the account, either because the username for the account is

also that of the sender or recipient of a message, or because it has been given explicit access to view an email

address via Alias Linking.

• Auditor – Able to create and activate policies, and view, search, and export any messages to/from the domains to which

they have access. Additionally, Auditors can save and name an Advanced search for re-execution at a later time from

the Saved Searches tab. To create a “Domain Auditor” (an auditor with access to only a subset of the domains on your

Barracuda Cloud Archiving Service), set the role to Auditor and specify at least one domain. If no domains are specified,

then all messages in the entire Barracuda Cloud Archiving Service are accessible. No auditor account has access to any

system or network configuration information on the Barracuda Cloud Archiving Service.

• Admin – Able to view all items from any user, not just those listed for the account. Also able to create and activate

policies, and can make other system or network changes.

Active Directory Configuration

Use AD authentication to store and administer Barracuda Cloud Archiving Service user accounts via your

organization’s LDAP or Azure AD.

Use the following steps to set up Barracuda Cloud Control LDAP authentication.

Set Up LDAP
1. Log in to https://login.barracudanetworks.com/ as the account administrator.

2. In Barracuda Cloud Control, go to the Admin >Directories page, and click Add Directory > LDAP Active Directory;

the Create Directory wizard displays. In the Info page, specify the following details:

a. Enter a name to represent the directory in the Directory Name field.

b. Toggle User / Group Sync to On to synchronize with AD.

c. Toggle Authenticate to On to allow users to authenticate using their LDAP AD credentials. When toggled Off, users

must authenticate using their Barracuda Cloud Control credentials.

116 | Barracuda Cloud Archiving Service Deployment Barracuda Essentials Foundation | Student Guide

d. Optionally, enter the administrator contact email address.

3. Click Save & Continue.

4. In the Host page, enter the your LDAP host details.

5. Click Add Domain; the domain is added to the Domains field. Click Verify.

6. Click Test to verify connectivity. If the connection is successful, Connected displays. If the connection fails, verify the

entered LDAP host details. Click Continue.

7. In the Domains page, click Add domain to add the domain to the AD configuration. Complete this step for each

domain you want to add.

8. To verify you own the domains you plan to include in your AD configuration, select the manner in which to

verify the domains:

• Copy a META tag to your domain header, or

• Add a TXT record to your host’s DNS management settings

9. Click Verify. Once the domain is verified, it is added to the Directories table in the Admin > Directories page in

Barracuda Cloud Control.

Use the following steps to set up Barracuda Cloud Control Azure AD authentication.

Set Up Azure AD
1. Log in to https://login.barracudanetworks.com/ as the account administrator.

2. In Barracuda Cloud Control, go to the Admin >Directories page, and click Add Directory > Azure Active Directory;

the Create Directory wizard displays.

3. Click Add Directory > Azure Active Directory; the Create Directory wizard displays. In the Info page, enter a name to

represent the directory in the Directory Name field.

4. Click Connect to Microsoft to sign in to Microsoft and authorize Barracuda Cloud Control to connect to

your Azure AD account.

5. Once authorization is complete, toggle User / Group Sync to On to synchronize with Azure AD.

6. Toggle Authenticate to On to allow users to authenticate using their Azure AD credentials. When toggled Off, users

must authenticate using their Barracuda Cloud Control credentials.

7. Optionally, enter the administrator contact email address. Click Save & Continue.

8. Once verification is complete, your Azure AD domains display in the wizard. Click Done.
Student Guide | Barracuda Essentials Foundation Barracuda Cloud Archiving Service Deployment | 117

Use the following steps to associate LDAP or Azure AD users and groups to a role and list of email addresses.

Associate a Role
1. Log in to https://login.barracudanetworks.com/ using your account credentials, and click Archiver in the left pane.

2. Go to the Users > LDAP User Add/Update page. In the LDAP User/Group field, enter the User or Group name to

which the permissions apply.

3. Select the Role for the specified user or group account:

a. User Role – Specify mailbox addresses to include or exclude from the account. Click Include these Addresses,

and enter a mailbox address you want to make available to the specified account. Click Add. Click Exclude these

Addresses, and enter a mailbox address you want to hide from the specified account. Click Add.

b. Author Role – Configure the desired permissions. Enter a Domain for which the auditor can view mail, and click

Add. Once you define Saved Searches on the Basic > Search page in the web interface, you can select the Saved

Search from the drop-down menu to filter the auditor’s search results. Enter a mailbox address you want to hide

from the specified account in the Exclude these addresses field, and click Add.

c. Admin Role – Specify mailbox addresses that you want to hide from the specified account, and then click Add.

4. Click Save.

Local accounts reside only on the Barracuda Cloud Archiving Service.

Manually Add Local Accounts

1. Log in to https://login.barracudanetworks.com/ using your account credentials, and click Archiver in the left pane.

2. Go to the Users > User Add/Update page, and enter the user’s Email Address and the User Display Name.

3. Enter all aliases associated with the entered email address, one entry per line.

4. Enter the account password and select the user role for the account.

5. If you select the user role Auditor enter the following additional details:

a. Enter a domain for which the auditor can view messages and other Outlook items, and click Add. Any messages

that includes an email address in the listed domains in either the From, To, or CC/Bcc areas, or any items that

belong to a user in the specified domains, display in search results. To allow the auditor to view all items from all

domains, leave this field blank.

b. In the Saved Search drop-down menu, select a defined Saved-Search to automatically apply to all searches

performed by this auditor. Note that the parameters in the Saved Search take precedence over any domain

limitations that may be specified above, as well as over any attempts by the auditor to Search As any other account.
118 | Barracuda Cloud Archiving Service Deployment Barracuda Essentials Foundation | Student Guide

4.2.2 Step 2. Add Email Domains

Add email domains and fully-qualified domain names (FQDNs) you want to archive. The FQDN consists of a host or system

name and domain name, including the top-level domain. Any messages sent to any recipient in the listed domains are

added to the archive.

Add Email Domains

1. Log in to https://login.barracudanetworks.com/ using your account credentials, and click Archiver in the left pane.

2. Go to the Basic > Domain Management page, and enter the domain or FQDN in the LOCAL DOMAINS field.

3. Click Add, and then click Save.

Student Guide | Barracuda Essentials Foundation PST Import | 119

4.3 PST Import

4.3.1 PST File Import

You can import the contents of any .pst file from Microsoft Mail Sources > PST Import page, set Allow PST

File Uploads to Yes.

Before importing .pst files, ensure that LDAP services for your Active Directory (AD) server are configured.
This ensures that SMTP aliases associated with the message sender and recipients are resolvable.

The Barracuda Cloud Archiving Service can accept one .pst file at a time for immediate import from the web interface.

Files that are imported directly in this manner are processed immediately and their contents is added. Because processing

files for import can be resource-intensive, Immediate Import supports files of less than 250 MB in size.

 To upload PSTs larger than 250 MB or to upload more than one PST at a time, you can utilize an SFTP
share. Contact Barracuda Technical Support to get the SFTP share enabled.

Assign a PST File

Use the following steps to assign a PST file to an LDAP user and make the contents searchable from

within the web interface:

1. Log in to the web interface, go to the Basic > Search page, and click the PSTs & Tags tab.

2. Expand PSTs, and then expand the Unassigned PSTs folder.

3. Right-click on a PST file, and click Assign PST.

4. In the Assign PST dialog box, enter the first few characters of either the username or the email address of the user to

which to assign the PST file:

5. As you type in the user field, matching users display in a drop-down list. Select the user to which to assign the

PST file, and click OK.

120 | PST Import Barracuda Essentials Foundation | Student Guide

 The list of users populates based on your LDAP directory; you can only assign a PST file to a
user found in the list.

6. The PST file now displays in the Assigned PSTs folder under the selected user name.

 You can also assign a PST file by dragging it to a specific user listed in the Assigned PSTs folder.

Once a PST file is assigned to a user, the user can select and search PST folders and search inside PST files one at a time.

Unassign a PST File

To unassign a PST file, complete either of the following actions:

• Right-click the PST file and click Unassign PST; the PST displays in the Unassigned PSTs folder

• Click and drag the PST file to the Unassigned PSTs folder

4.3.2 Barracuda PST Enterprise

With Barracuda PST Enterprise, IT administrators can control email data stored by end-users in individual PST files and

those scattered across the organization, eliminating the risks associated with PST files, as well as reducing ongoing costs

and supporting IT requirements for Compliance and eDiscovery. For details on finding, migrating, and restoring PST files

using Barracuda PST Enterprise, refer to Barracuda PST Enterprise in Barracuda Campus.
Student Guide | Barracuda Essentials Foundation User Roles | 121

4.4 User Roles

4.4.1 User Roles

Local accounts are created with one of the following roles:

• User – Able only to view messages accessible to the account, either because the username for the account is

also that of the sender or recipient of a message, or because it has been given explicit access to view an email

address via Alias Linking.

• Auditor – Able to create and activate policies, and view, search, and export any messages to/from the domains to which

they have access. Additionally, Auditors can save and name an Advanced search for re-execution at a later time from

the Saved Searches tab. To create a “Domain Auditor” (an auditor with access to only a subset of the domains on your

Barracuda Cloud Archiving Service), set the role to Auditor and specify at least one domain. If no domains are specified,

then all messages in the entire Barracuda Cloud Archiving Service are accessible. No auditor account has access to any

system or network configuration information on the Barracuda Cloud Archiving Service.

• Admin – Able to view all items from any user, not just those listed for the account. Also able to create and activate

policies, and can make other system or network changes.

The assigned role can be changed at a later date from the Users > Accounts page, but only the last assigned role is active.

4.4.2 User Accounts

There are two types of accounts on the Barracuda Cloud Archiving Service:

• Local Accounts

• LDAP or Azure AD Accounts

4.4.3 Local Accounts

Local Accounts reside only on the Barracuda Cloud Archiving Service and are created on the Users > User Add/

Update page in the web interface.

Add Local Users

Use the following steps to manually create or update a user account:

1. Go to the Users > User Add/Update page.

2. Enter the user’s Email Address and enter the User Display Name.

3. Click Populate to retrieve all aliases associated with the LDAP for the entered email address; note that you must

configure an LDAP server on the Users > Directory Services page to use this feature.
122 | User Roles Barracuda Essentials Foundation | Student Guide

4. Enter the account password and select the user role for the account.

5. If you select the user role ‘Auditor’ enter the following additional details:

• Enter a domain for which the auditor can view messages and other Outlook items, and click Add. Any messages

that includes an email address in the listed domains in either the From, To, or CC/Bcc areas, or any items that belong

to a user in the specified domains, display in search results. To allow the auditor to view all items from all domains,

leave this field blank.

• In the Saved Search drop-down menu, select a defined Saved-Search to automatically apply to all searches

performed by this auditor. Note that the parameters in the Saved Search take precedence over any domain

limitations that may be specified above, as well as over any attempts by the auditor to Search As any other account.

Local Account Email Alias Group Membership

Archived messages that are sent to a mailing group are visible in the personal message archive for every member

of that group. For example, if [email protected], [email protected], and [email protected] are

all members of [email protected], then any message that is sent to [email protected] is available in the

archives of all three users.

To enable this ability, you must be using an Active Directory or LDAP server, and the lists must reside on those servers.

Local Account Alias Linking

LDAP users often have one primary email address that is their user account name along with several aliases for

convenience. For example, [email protected] might also receive messages as [email protected],

[email protected], and [email protected]. For organizations that use LDAP, messages sent to any alias are also

accessible from the primary user account.

In addition, you can create a local user account on the Barracuda Cloud Archiving Service that has access to archived

messages for multiple users. For example, you want a single user account to see emails for chris.smith@company.

com, [email protected], and [email protected], in addition to [email protected]. To do so,

create a local account on the Barracuda Cloud Archiving Service (for example, “local_boss”), and list as aliases the email

addresses to which that account is to have access.

List Aliases for a New Account

1. Go to the Users > User Add/Update page.

2. Enter the new user Email Address, and enter the User Display Name.

3. Enter all email addresses used as aliases for this user, one alias per line in the User Aliases field.

4. Add the desired password for the account, and click the user role from the Role drop-down menu.
Student Guide | Barracuda Essentials Foundation User Roles | 123

5. Click Save to save the list of aliases for that user. This account is added to the Users > Local Accounts page

including its aliases.

4.4.4 LDAP Accounts

LDAP accounts reside in your LDAP directory. Once LDAP is configured on the Barracuda Cloud Archiving Service, users

can log in using their regular network credentials to view and create flags for messages in their personal archive.

LDAP Account Email Alias Group Membership

LDAP users often have one primary email address that is their user account name along with several aliases for

convenience. For example, [email protected] might also receive messages as [email protected], chris@

company.com, and [email protected]. For organizations that use LDAP, messages sent to any alias are also

accessible from the primary user account.

You can enter an LDAP group name in the LDAP User/Group field and select a role for that group. When a member of that

group logs in to the Barracuda Cloud Archiving Service, they log in with the assigned role.

LDAP Account Include/Exclude Rules

You can define exclude/include rules on the Users > LDAP User Add/Update page to set permissions on whose mail the

LDAP user or group members can view. The addresses must belong to a user, group, or public folder on a configured LDAP

server. When a configured user runs a search, the following rules are in place:

1. Mail for addresses added to the Exclude these Addresses list are not displayed unless the mail includes the user

performing the search to assure that a user can always see their own mail.

2. The Exclude these Addresses list always takes precedence; addresses added to the Include these Addresses list are

searchable unless the Exclude these Addresses list blocks the mail.

3. Because a user with the Admin or Auditor role can by default view all mail, users set to these roles can only edit

their Exclude these Addresses list.

4. If a user is not configured and is a member of a group, then the include/exclude rules assigned to that group apply

to that user. Additionally, if the unconfigured user is a member of multiple groups, then the privileges for all of those

groups are merged and that user is assigned the least privileged role of those groups. This allows the Admin to apply

include/exclude rules to all users of a distribution group.

• Example 1: If Brian is not individually configured but is a member of the distribution group HR, then the Admin

can set the include/exclude rules for the group HR, and Brian uses these settings when searching mail rather than

seeing only his own mail.

124 | User Roles Barracuda Essentials Foundation | Student Guide

• Example 2: If Josh is not individually configured but is a member of the distribution group HR which has an Auditor

role, and Josh is also a member of the group Employees which has a User role, Josh has only the User role privileges

when running a search.

5. A user cannot run a Search As User Search on the Basic > Search page on a user that is on their Exclude these

Addresses Exclusion Rules blocklist.

Student Guide | Barracuda Essentials Foundation End-User Access | 125

4.5 End-User Access

4.5.1 Barracuda Cloud Archiving Web Interface

Users can log in to the Barracuda Cloud Archiving Service through Barracuda Cloud Control and search messages to which

they have access privileges. If you are performing large or complex search queries, or a search for the purpose of litigation,

Barracuda recommends using the Advanced Search option via the web interface rather than through the Outlook Add-In,

Stand-alone Search Utility, or Mobile app.

Search Using the Barracuda Cloud Archiving Web Interface

Use the following steps to search the Barracuda Cloud Archiving Service:

1. Log in to https://login.barracudanetworks.com/, click Archiver in the left pane, and go to the Search page.

2. Enter your search criteria, and click Search.

3. All matching search results display in the Archive Search table.

4.5.2 Barracuda Outlook Add-In

The Barracuda Outlook Add-In search results are limited based on your assigned role and customization options applied

during deployment. For example, if you are assigned the User role, the search result is limited to 50,000 messages. For best

results, refine your search criteria.

For discovery purposes, Barracuda recommends logging in to the web interface, and running your search using

the Advanced Search option.

For deployment options, see Barracuda Outlook Add-In Deployment in Barracuda Campus.

Deploy the Barracuda Outlook Add-In

Before installing the Barracuda Outlook Add-In, you must close Outlook.

1. Log in to the Barracuda Cloud Archiving Service, and navigate to the Users > Client Downloads page.

2. Click Download Now to the right of the Outlook Add-In Installer to download the executable file

to your local system.

3. Run the .exe file to launch the Setup Wizard.

4. Follow the onscreen instructions to install the Outlook Add-In.

For additional configuration options, refer to How to Install and Configure the Barracuda Outlook Add-In

in Barracuda Campus.
126 | End-User Access Barracuda Essentials Foundation | Student Guide

Search Archived Items

To search archived items, click the Search Archive icon to open the Search dialog box:

• Look for drop-down menu – Select the type of item you wish to search for; select Any type of

Item, Appointments, Contacts, Messages, Notes, Social Media, or Tasks.

• In drop-down list – Select the search location:

• All data – Search everywhere in the selected item type

• Specific folders – Click Specific folders, or click Browse to select one or more folders across all of your Archiver stores

in which to search; click OK to save your selections

• In drop-down list – Select the search location:

• Entire message

• Subject or body

• Subject only

• Body only

• Keyword expression

Archive Message Size Limit

 Items archived using the Outlook Add-In buttons have a 300MB size limit.

The Barracuda Outlook Add-in tool includes an option to immediately archive a selected item(s).

Archive a Message
1. Select the desired item(s) in Outlook, and click the Archive icon; a progress window displays while the

item(s) is archived.

2. Double-click the archived message to open it in the message view.

Using this feature immediately sends the message for archiving; however, if the Barracuda Cloud
Archiving Service is currently in the midst of archiving other messages, it may be a matter of minutes
or even hours before the archived messages are available. Once archived, the message appears in the
Barracuda Outlook Add-in search results.
Student Guide | Barracuda Essentials Foundation End-User Access | 127

4.5.3 Barracuda Stand-Alone Search Utility

Use the Barracuda Stand-Alone Search Utility to search archives without using the Barracuda Outlook Add-In or logging

in to the Barracuda Cloud Archiving web interface. When enabled by the administrator, you can download and install

Barracuda Archive Search on your Windows-based or Mac OS X-based system to search archives without using the

Barracuda Outlook Add-In or logging in to the Barracuda Cloud Archiving web interface.

Barracuda Archive Search results are limited based on your assigned role and customization options applied during

deployment. For example, if you are assigned the User role, the search result is limited to 50,000 messages. For best results,

refine your search criteria.

For discovery purposes, Barracuda recommends logging in to the web interface, and running your search using

the Advanced options on the Basic > Search page.

For deployment instructions, see Barracuda Stand-Alone Search Utility Deployment Kit in Barracuda Campus. You can

install the utility on the Windows or Mac OS X.

4.5.4 Barracuda Mobile Companion App

The Barracuda Mobile Companion app, available for Android and iOS, provides easy access to historical emails stored on

your organization’s Barracuda Cloud Archiving Service including:

• Search for archived messages based on email content, or constrain the search to a date range, a specific sender or

recipient, or subject line content;

• Search deleted messages and emails no longer visible in your mail application;

• View and interact with (reply to, reply all, forward) archived messages;

• Save a search query; and

• Redeliver messages to your mailbox using the Resend to Me option.

Student Guide | Barracuda Essentials Foundation Tools and Add-Ins | 129

4.6 Tools and Add-Ins

4.6.1 Barracuda Outlook Add-In

The Barracuda Outlook Add-In allows users to perform various functions with messages stored through your organization’s

Barracuda Cloud Archiving Service. The administrator can deploy and configure the Outlook Add-In for all users in the

service using the Outlook Add-In deployment kit, or deploy via the Exchange manifest to automatically deploy the

Outlook Add-In to all user mailboxes. Optionally, you can allow users to individually install and configure the add-in.

To deploy using the Outlook Add-In Deployment Kit, first download and launch the .msi file. Follow the onscreen

instructions in the wizard to install the deployment kit. Copy the ADMX files to your domain policy definitions directory

on the domain controller, and then configure and deploy the Outlook add-In using the Group Policy Editor for the domain

where you are installing the add-In. The Outlook Add-In supports Outlook versions 2010, 2013, and 2016. See Barracuda

Campus for detailed deployment instructions.

To deploy the add-in using the Manifest file, download the manifest file from the web interface. An XML file is generated

and installed, and the manifest is automatically deployed to all user mailboxes. Archive search is activated once a user

clicks on a message, composes a new message, or clicks on or creates an appointment.

Once enabled via the Manifest file, users can search their archives from:

• Outlook 2013 or 2016;

• Outlook 2016 for Mac;

• Outlook Web Access (OWA); and

• Outlook apps for mobile platforms including Windows Phone, iOS devices, and Android devices.

To allow individual users to install and use the Outlook Add-In, set Enable Client Access on the Users > Client Downloads

page to Yes. Once enabled, users can download the add-in from the Basic > Client Downloads page.

The Barracuda Outlook Add-In search results are limited based on your assigned role and customization options applied

during deployment. For example, if you are assigned the User role, the search result is limited to 50,000 messages. For best

results, refine your search criteria.

4.6.2 Stand-Alone Search Utility

The Stand-Alone Search Utility allows you to search your archives without using the Barracuda Outlook Add-In or logging

in to the Barracuda Cloud Archiving Service web interface. This utility allows users to search through their own archived

messages directly from their desktop without logging in to the Barracuda Cloud Archiving Service web interface, and

perform such actions as forwarding or replying to messages.

130 | Tools and Add-Ins Barracuda Essentials Foundation | Student Guide

The search utility can be deployed to all users in your organization using the deployment kit, or allow Windows and Mac

users to individually install and configure the search utility.

To deploy using the Deployment Kit, download and extract the contents of the kit, including the MSI and ADMX files. Use

the Group Policy Object Editor to install, configure, and deploy the stand-alone search utility. See Barracuda Campus for

step-by-step setup instructions.

To allow individual users to install and use the Stand-Alone Search Utility, set Enable Client Access and Show Stand-Alone

Search Utility on the Users > Client Downloads page to Yes. Once enabled, users can download the utility from the

Basic > Client Downloads page.

4.6.3 Mobile Companion App

The Barracuda Companion mobile app is available for Android, and iPhone, iPod Touch, and iPad. Use the mobile app to

perform various actions with your messages stored in your organization’s Barracuda Cloud Archiving Service. To allow users

to install and use the mobile apps, set Show Mobile Apps on the Users > Client Downloads page to Yes. Once enabled,

users can download the mobile app from the Basic > Client Downloads page.

For Android installation, simply download and install the latest Android Barracuda Companion mobile application available

from the Google Play Store to your Android device. Launch the app, and enter your corporate email credentials in the

provided fields. Enter your MAS hostname in the Host field, and click Login. You can now search your archived emails.

For iOS installation, download and install the latest iPhone Barracuda Archive Search application from iTunes. Launch the

app, and tap Barracuda Essentials in the Welcome screen. Enter your corporate email credentials in the provided fields, and

enter your MAS hostname in the Host field. Tap Save. You can now search your archived emails.

See Data Centers by Region in Barracuda Campus for MAS hostnames based on your region.
Student Guide | Barracuda Essentials Foundation Exchange Integration | 131

4.7 Exchange Integration

To forward mail to the Barracuda Cloud Archiving Service, the Essentials Wizard sets up journaling from your Office 365

environment to the Barracuda Cloud Archiving Service including:

• Remote domain

• Send connector

• Journaling rule for the Barracuda Cloud Archiving Service

4.7.1 Exchange Operations

Configure actions that the Barracuda Cloud Archiving Service is to execute on Microsoft Office 365 Exchange Online on

the Mail Sources > Exchange Integration page in the web interface. Define the following operations:

• Email Import – Import all Microsoft Exchange Online email into the service that meets the specified criteria.

 Importing is a one-time event and can only be scheduled for immediate execution. An additional
date parameter is required when importing messages, where the date is defined to be either the
date that the message was created on Exchange, or the date that appears in the Date field in the
message, whichever produces more results. This option imports all Exchange items along with the
folder information. If you want to update all folder information only and none of the contents, use
the Folder Sync option.

• Non-Email Sync – In addition to emails that are automatically sent from Microsoft Office 365 Exchange Online

to the Barracuda Cloud Archiving Service for storage, you can configure non-email items such as Appointments,

Contacts, Notes, and Tasks for archive. This enables you to get a more complete picture of all items that are or have

been stored on your Exchange Server, and eliminates the need to keep .pst files around solely for the purposes of

retaining this information.

• Folder Sync – Import the complete folder structure of the selected Item Sources, including custom folders and sub-

folders. The nightly folder synchronization process scans the specified Microsoft Office 365 Exchange Online user

mailboxes, and imports the user’s folder structure, including custom folders and sub-folders, into the Barracuda Cloud

Archiving Service. Note that a Folder Sync job does not import emails to the Barracuda Cloud Archiving Service, it only

imports the folder structure. Email messages are sent to the Barracuda Cloud Archiving Service via real-time journaling.

When you schedule an action, you must configure the Exchange environment on which to base the action. When setting

up the Exchange import job in the web interface:

• Use the Exchange Online MX hostname followed by outlook.com;

• Use the GUID@domain-style hostname available when setting up an Outlook profile; or

132 | Exchange Integration Barracuda Essentials Foundation | Student Guide

• Use https://testconnectivity.microsoft.com/

4.7.2 Email Import

Use the following steps to automatically discover settings; for manual configuration, see How to Configure Microsoft

Exchange Online Email Import in Barracuda Campus: Configure Microsoft Exchange Online Email Import.

Configure Microsoft Exchange Online Email Import

1. Log in to the Barracuda Cloud Archiving Service as the administrator, and go to Mail Sources > Exchange Integration.

2. Click Start New Action. In the Select Action page, click Email Import.

3. In the Select Server page, click Add New Server.

4. In the Add New Server dialog, enter a name to identify the configuration as well as the service

account Username/Password.

5. Click Autodiscover; when the details display, click Save to add it to the Server table. Click Continue.

6. In the Configure Action page, select All Users from the Source drop-down menu.

7. In the Schedule section, select Now for a one-time import, or click Nightly to configure an ongoing

nightly data import.

8. Click Continue.

9. Verify the configuration settings in the View Summary page, and click Submit to add the Email Import to

the Scheduled Actions table.

4.7.3 Configure Office 365 Exchange Online Service Account and Import Historical Data
An Office 365 Exchange Online service account provides Exchange Server directory permissions to grant the Barracuda

Cloud Archiving Service read access to all mailboxes.

You must have the following to complete this configuration:

• Windows 8 or 8.1

• Windows Server 2012 or Windows Server 2012 R2

• Windows 7 Service Pack 1 (SP1)

• Windows Server 2008 R2 SP1

• Microsoft .NET Framework 4.5 or 4.5.1 and either the Windows Management Framework 3.0 or the Windows

Management Framework 4.0

• Verify the service account has a mailbox, and is not hidden in the Global Address list
Student Guide | Barracuda Essentials Foundation Exchange Integration | 133

Microsoft Exchange Online message throttling policies set bandwidth limits and restrict the number of
processed messages. Throttling is enabled by default in Microsoft Exchange Online. Currently you cannot
set policies to disable throttling in Exchange Online; for details, refer to the Microsoft Outlook dev blog.
Barracuda is working on a solution to provide this option in the future.

Step 1. Connect to Office 365 Exchange Online

1. Open Windows PowerShell, enter the following command, and then press Enter:

$UserCredential = Get-Credential

2. In the Windows PowerShell Credential Request dialog box, enter your Exchange Online user name and

password, and then click OK.

3. Enter the following command, and then press Enter:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri

https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential

-Authentication Basic -AllowRedirection

 See the Microsoft TechNet article Connect to Exchange Online PowerShell for more information.

4. Enter the following command, and then press Enter:

Import-PSSession $Session

5. Enter the following command, and then press Enter:

Get-Mailbox -ResultSize unlimited | Add-MailboxPermission -User

[email protected] -AccessRights fullaccess -InheritanceType

all -Automapping $false

Permissions are assigned on existing mailboxes only; if additional mailboxes are added to your
organization, you must rerun this command. For more information on adding mailbox permissions,
see Add-MailboxPermission in the Microsoft TechNet. For information on testing mailbox rights, see
Get-MailboxPermission in the Microsoft TechNet.
134 | Exchange Integration Barracuda Essentials Foundation | Student Guide

Step 2. Import from Office 365 Exchange Online

 When setting up the Exchange import job in the web interface, use the GUID@domain-style hostname
available when setting up an Outlook profile or use https://testconnectivity.microsoft.com/.

Automatically Discover Settings

1. Log in to the Barracuda Cloud Archiving Service as the admin, and go to Mail Sources > Exchange Integration.

2. Click Start New Action. In the Select Action page, click Email Import.

3. In the Select Server page, click Add New Server.

4. In the Add New Server dialog box, enter a Configuration Name, the email address for the service account and the

service account password.

5. Click Autodiscover.

6. If autodiscover is unable to identify your settings, manually configure settings.

Manually Obtain Exchange Hostname Using PowerShell

Use the steps in this section only if autodiscover is unable to identify your settings via Autodiscover.

1. Open Windows PowerShell, and connect to Office 365 Exchange Online.

2. Enter the following command, and then press Enter:

$UserCredential = Get-Credential

3. In the Windows PowerShell Credential Request dialog box, enter your Exchange Online admin username and

password, and then click OK.

4. Enter the following command, and then press Enter:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri

https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential

-Authentication Basic -AllowRedirection

 See the Microsoft TechNet article Connect to Exchange Online PowerShell for more information.

5. Enter the following command, and then press Enter:

Import-PSSession $Session

6. Enter the following command, and then press Enter:

Get-Mailbox -Identity <username for service account> | Format-List

ExchangeGuid, PrimarySMTPAddress
Student Guide | Barracuda Essentials Foundation Exchange Integration | 135

7. To determine the Exchange Hostname, combine the ExchangeGuid with the domain portion of the Primary

PrimarySMTPAddress in the form [email protected]

8. To close out the remote PowerShell session, enter the following command, and then press Enter:

Remove-PSSession $Session

Manually Configure Server Settings for Email Import

1. Log in to the Barracuda Cloud Archiving Service as the admin, and go to Mail Sources > Exchange Integration.

2. Click Start New Action. In the Select Action page, click Email Import.

3. In the Select Server page, click Add New Server.

4. In the Add New Server dialog, click Configure Manually; enter the Exchange details:

a. Configuration Name – Enter a name to identify the configuration. For example, type: testdomain

b. Exchange Hostname – Enter the ExchangeGUID@Domain configured in the previous section. For example, type:

[email protected]

c. Username – Enter the service account username. For example, type: [email protected]

d. Password – Enter the password associated with the username.

e. Exchange 2013 – Select Yes.

f. Advanced Options – In the Proxy Server field type outlook.office365.com.

5. Click Save to add your configuration, and close the dialog box.

6. In the Configure Action page, click Continue.

7. In the View Summary page, select All Users from the Source drop-down menu.

8. Specify the desired Date and Schedule settings. Click Continue.

9. Verify the configuration settings in the View Summary page, and then click Submit to add the Email Import to the

Scheduled Actions table.

136 | Exchange Integration Barracuda Essentials Foundation | Student Guide

4.7.4 Archive Non-Email Items

In addition to emails that are automatically sent from Microsoft Office 365 Exchange Online to the Barracuda Cloud

Archiving Service for storage, you can configure non-email items such as Appointments, Contacts, Notes, and Tasks for

archive. This enables you to get a more complete picture of all items that are or have been stored on your Exchange Server,

and eliminates the need to keep .pst files around solely for the purposes of retaining this information.

The archiving, or synchronization, of all non-email items is configured on the Mail Sources > Exchange Integration

page. You can configure synchronization of all or a portion of the Outlook items, be it for all or selected users,

on a recurring basis.

4.7.5 Synchronize Folders

The nightly folder synchronization process scans the specified Microsoft Office 365 Exchange Online user mailboxes, and

imports the user’s folder structure, including custom folders and sub-folders, into the Barracuda Cloud Archiving Service.

Note that a Folder Sync job does not import emails to the Barracuda Cloud Archiving Service, it only imports the folder

structure. Email messages are sent to the Barracuda Cloud Archiving Service via real-time journaling.

You can specify folder structure synchronization for all or selected users on the Mail Sources > Exchange Integration page

based on the selected item source, and optionally specify a specific server from which to archive. The synchronization

process can be scheduled to run as soon as possible, creating a one-time job that is not repeated, or configured to run

nightly. When configured to run nightly, the process starts at 10PM when the additional system load on the Barracuda

Cloud Archiving Service least impacts users.

Move Email Between Folders

When the user moves an email between folders, the Barracuda Cloud Archiving Service updates the location of the email

once the next nightly folder sync job runs and captures the new email location information. Additionally, the Barracuda

Cloud Archiving Service keeps track of all folders in which an email has historically been located. Note that this does not

cause any extra copies of the mail to be stored; the association is actually performed by associating the email message ID

and the name of the folders in which the email should be shown.

The Barracuda Cloud Archiving Service keeps track of all folders in which an email has historically been seen. This does not

cause any extra copies of the mail to be stored; the association is actually performed by associating the messageID of the

email and the name of the folder(s) in which that email should be shown.
Student Guide | Barracuda Essentials Foundation Exchange Integration | 137

Folder Synch
Outlook system folders (for example, Drafts, Sync Issues), Inbox, Deleted Items, and Sent Items are not synchronized; a

user’s custom folders under Inbox are scanned. In the Barracuda Cloud Archiving Service’s folder view, data is shown in

Inbox and Sent Items based upon the header information in the mail itself. An email displays in a user’s Inbox if that user

is on the recipient list, and is visible in their Sent Items if the user’s SMTP address, or email aliases, appears in the From

header of the email.

When email is sent to the Barracuda Cloud Archiving Service via journaling, any emails in the Deleted Items folder will

have already been archived to the Barracuda Cloud Archiving Service from the Inbox.
Student Guide | Barracuda Essentials Foundation Search Options | 139

4.8 Search Options

You can conduct a search on the following aspects of a message:

• Message body content;

• Recipients and senders;

• Attachment type and content;

• Date

Searches can only be made over messages that the searcher has read access to, so privacy is always preserved. Use the

Basic Search page for quick one-time searches, or go to the Advanced Search page for a full array of search options

including complex search queries and the ability to save searches. Saved Searches are the basis for Policy Alerts, used by

Auditors and Administrators to monitor compliance, and Retention Policies, to purge messages from the archiver that are

older than a specified date.

Punctuation is treated as white space in search strings with the following exceptions:

• Email addresses and Internet hostnames – Treated as single searchable tokens.

Example: [email protected] is treated as a single searchable token.

• Period (.) – When not followed by whitespace, a period is treated as part of a word.

Example: 1.2 is treated as a single searchable token.

• Hyphen (-) – When a token containing a hyphen also contains a number, the complete item is treated as a

part of the number.

Examples:

MD-1800 is considered a searchable word, including the hyphen.

hyphen-madness is treated as two words (“hyphen” “madness”) with the hyphen treated as whitespace.

4.8.1 Message Actions

Easily collect messages for exporting or forwarding and add tags to messages for future re-identification. You can

control whether any or all of these actions are available to users on the Basic > Administration page, in the Search

Page Settings section.

 When virus scanning is enabled on the Basic > Virus Checking page, forwarded and exported messages
are scanned for viruses. When disabled, forwarded and exported messages are not scanned for viruses.
140 | Search Options Barracuda Essentials Foundation | Student Guide

Messages journaled directly from Microsoft Exchange have additional hidden information, such as bcc recipients

and other SMTP data. End-users do not have access to this information; however, for compliance reasons you may

want to include this hidden information when messages are exported or forwarded by the administrator or auditor.

The Preserve Journal Wrappers setting, also in the Search Page Settings section, causes the body of an exported or

forwarded message to consist of the complete envelope information with the actual contents of the email turned into an

attachment to the message.

 If an option is not visible in the web interface, the administrator must enable the option on the Basic >
Administration page in the Search Page Settings section.

4.8.2 Search as User

From the Tools menu, select Search as User to execute a search across only those messages that are accessible by the

selected user. When this option is selected, a pop-up appears prompting you for the username or email address whose

access should be emulated for the search.

4.8.3 Select Messages

The standard selection controls apply when selecting messages in the list view:

• To select one message, single-click on the desired message.

• To select multiple consecutive messages, single-click on a message, and Shift-click on another message to select both

messages along with all messages listed between those two in the Message List.

• To select multiple individual messages, single-click on one message, and Ctrl-click on every other

message you want to select.

4.8.4 Resend to Me
To redeliver selected messages to your mailbox, select one or more messages, and then click Resend to Me located at the

top of the message list,

4.8.5 Export Messages

Once a search is executed and the results are listed in the Basic > Search page, you can choose to export one or more of

these messages as a .pst or .zip file.

To export one or more messages, select the desired item(s) from the message list using Shift- or Ctrl-click to select

multiple messages. Click the Tools menu at the top of the message list, and click Export Messages. In the window select

the desired action and export method. The desired messages are gathered into a single .pst or .zip file:
Student Guide | Barracuda Essentials Foundation Search Options | 141

• Export Name – A label used to identify this export task.

• Export Type – The format used to export messages:

• A single PST file suitable for loading into Microsoft Outlook

• A single ZIP file containing individual .eml files for each message, with files named under one of the

following conventions:

• Numerical – Serial counter, beginning with 0.

• Date – A string of numbers representing the date and time of the message.

• Date/From/To – A (long) string containing the date, time, sender and recipient of the message.

• Content – Specify whether to export the Current Search Results or Selected Messages.

Export to – Select whether to export to the Barracuda Cloud Archiving Service for download to your local system, or to

a Barracuda Copy account.

• Chunk Size – Select the chunk size for the PST or ZIP export as 800MB, 4.7GB, or specify a custom chunk size in gigabytes.

• Folder Data – Select Export if present to include folder data. Note that this option is only available when logged in as an

LDAP user; this option is not available when logged in as the admin.

4.8.6 Forward Messages

Once you execute a search and the results display in the Basic > Search page, you can specify one or more of these

messages to be forwarded to a desired list of recipients.

To forward one or more messages, select the desired item(s) from the message list using Shift- or Ctrl-click to select

multiple messages. Click on Tools located at the top of the message list, and select the desired action. A pop-up dialog

prompts you for the email addresses of those users that are to receive the selected messages; use semi-colons to separate

multiple email addresses:

• Forward Selected – Each message selected in the Message List is individually forwarded (re-delivered) to the specified

email address. When this option is selected, a pop-up prompts you for the desired forwarding email address. Use

commas to separate multiple delivery destinations.

• Forward All – All messages currently in the Message List are individually forwarded (re-delivered) to the specified email

address. When this option is selected, a pop-up prompts you for the desired forwarding email address. Use commas to

separate multiple delivery destinations.

4.8.7 Tag Messages

Tag messages to easily identify any messages for future use. Tags can be any text, and can be accessed only by the

account that created them.

142 | Search Options Barracuda Essentials Foundation | Student Guide

To tag one or more messages, execute a search in the Basic > Search page, and select the desired item(s) from the

message list using Shift- or Ctrl-click to select multiple messages. Click PSTs & Tags, click on Tools located at the top of

the message list, and select the desired Tag action. A pop-up dialog prompts you for the tag text. Tags can then be used as

search criteria, allowing you to easily retrieve these messages at a later time:

• Tag Selected – Only the messages that have been selected in the Message List are tagged. When this option is selected,

a pop-up prompts you for the text with which to tag the messages.

• Tag All – All messages currently in the Message are tagged. When this option is selected, a pop-up prompts you for the

text with which to tag the messages.

• Untag Selected – All tags removed from the selected messages; you cannot remove individual tags on a message.

4.8.8 Search As User

Execute a search across only those messages that are accessible by a specific user. When this option is selected, a pop-up

prompts you for the username or email address of the user whose access should be emulated for the search.

4.8.9 Available Actions

Many different actions are possible from the Advanced Search interface that help you to build and save queries with

multiple search parameters:

• Add search parameters – Click on the plus sign (+) located to the extreme left of a search criteria line; a new search

parameter line is added.

• Remove a search parameter – Click on the minus sign (-) located to the left of the search parameter you wish to remove.

• AND or OR search parameters – Click AND at the end of a search parameter to signifies that it is to be logically ANDed to

the next specified parameter. If your next criteria is to be logically ORed, click AND to toggle it to OR.

• Save a constructed query – In the SAVE AS field, enter the name under which the query is to be saved, and click

SAVE AS. If you enter a name that already exists, the new search parameters overwrite the previously saved

parameters under that name.

Run a previously-saved search – Select the Saved Search from the pulldown menu to load the search parameters onto the

page, then click Search.

4.8.10 Build Search Queries

When including both AND and OR search terms in a query, the order in which these terms are placed is

important. For example,

1. Add the first term “A”, and then add term “and B”; the query searches as: (A AND B)

2. Add a term “or C”; the query searches as: ((A AND B) OR C)
Student Guide | Barracuda Essentials Foundation Search Options | 143

3. Add a term “and D”; the query searches as: (((A AND B) OR C) AND D)

This affects preparation and ordering of Advanced Search queries as follows. Typically, you first build a population of results

by using “OR”, and then subtract items from that population by using “AND”. For example,

TermA OR

TermB OR

TermC AND

TermD

If you want to force a different order of operations by placing parentheses yourself, use the Keyword Expressions search

mode and construct your query according to those guidelines.

4.8.11 Advanced Search Parameters

Select the area of a message to which the search criteria applies.

 Note that the browser time zone is used unless the time zone is specified in a search query. For example,
set the search criteria to All - Date - is equal to - 2013-01-21 15:41:50 -0500 where -500 is the time zone.
For a list of advanced search parameters, see Advanced Search Options in Barracuda Campus.

4.8.12 Search Strings

A search string is the format that the searched-for text must be in for searches through the Barracuda Cloud Archiving

Service. The search query tips in this article apply to both Basic and Advanced search queries. When you enter terms in

Basic Search mode, the search strings are treated in the same manner as Advanced Search criteria formed with “All” “Entire

Message” “contains” criteria.

• Text-Based Search Strings – A single string or phrase of text, to be matched exactly as entered. Valid formats are: a single

word (with no whitespace) or a single double-quoted sequence of words (separated by spaces).

• Integer Number-Based Search Strings – A single integer string in bytes to be matched exactly to an index attribute

as entered. Valid formats are: a single number (with no whitespace). To find a range, use a Compound Search

String. For example:

• Multi-Text Search Strings – A collection of Text-based words or phrases, separated by spaces. Each item listed must match

somewhere, but they do not have to be adjoining or found in the order supplied. For example:
144 | Search Options Barracuda Essentials Foundation | Student Guide

4.8.13 Keyword Expressions

Keyword expressions allow you to construct your own complex queries in Advanced Search, letting you combine multiple

keyword-based search terms that follow this basic syntax: search_field:phrase. For a list of search_field values, refer to

Keyword Expressions in Barracuda Campus.

The phrase can only contain a single item. However, that one item can be any one of the following:

• a single Text-based string;

• a single Integer number-based string;

• a single Wildcarded string;

• a single Domain-based string (for to and from search_field only);

a single compound search string created by combining multiple strings with the keywords AND and OR, and grouping

the phrases with parentheses to control the logic.

When creating compound search strings, the keywords ‘AND’ and ‘OR’ must be capitalized.

4.8.14 Wildcards
Wildcards are characters in search strings that can match arbitrary characters in a search. They can ONLY be used as part

of a single word, and are NOT allowed as the first character of a search word. They are also NOT allowed in any double-

quoted string containing multiple words (i.e., spaces). Wildcards are not allowed as part of a phrase, or any search string

that is comprised of more than one word, regardless of the use of double quotes.

• Asterisk (*) – The asterisk (*) as a multi-character wildcard, matching zero or more occurrences of any and all characters.

• question mark (?) – The question mark (?) is a single-character wildcard, matching a single occurrence of any one

character. The number of question marks used denotes the exact number of characters that must be matched.

4.8.15 Domain-Based Search Strings

The domain part, or everything after the at-sign (@), of an email.

4.8.16 Compound Search Strings

(Only Used in Keyword Expressions)

When creating compound search strings, the keywords ‘AND’ and ‘OR’ must be capitalized.
Student Guide | Barracuda Essentials Foundation Search Options | 145

A combination of two or more strings in any of the above formats (Text-based, Multi-Text, Wildcard, or Domain

as applicable to the fields being searched) or with other Compound search strings, each separated by the

keywords AND or OR. Surround logical groupings with parentheses as needed to determine order of operations.

Compound search strings of increasing complexity can be constructed by combining multiple compound phrases

themselves, to create a single query that identifies multiple search locations in addition to multiple search patterns.

4.8.17 Stop Words

Stop Words are common words that are ignored in searches, and may be omitted.

Recognized Stop Words are:

a, an, and, are, as, at, be, but, by, for, if, in, into, is, it, no, not, of, on, or, such, that, the, their, then, there, these, they,

this, to, was, will, with

Stop Words are also ignored in wildcard searches, so make sure that the wildcards are attached to letters that do not

comprise a Stop Word in its entirety.

4.8.18 Punctuation in Search Strings

In general, punctuation is treated as a whitespace, and thus a delimiter between searchable items. However, the following

punctuation exceptions exist:

• Email addresses and Internet hostnames are treated as a single searchable token. For example:

• If you enter the search criteria “[email protected]”, the address is treated as a single searchable token.

• Period (.) – A period that is not followed by whitespace is treated as part of a word, that is, a searchable token, and the

period is searchable. For example:

• If you enter the search token “192.168.0.1” or “1.2”, the period is included in the search results, and treated as a

single searchable token.

• Hyphen (-) – When a token containing a hyphen also contains a number, the complete item is treated as a part of the

number. For example:

• Searching on “MD-1800” is considered a searchable word, including the hyphen.

• Searching “hyphen-madness” is treated as two words (“hyphen” “madness”) with the hyphen treated as whitespace.

 A Basic search is treated the same as a search using Advanced Search criteria formed with “All” “Entire
Message” “contains” criteria. Using “Entire Message” “contains” with a string without quotes does not
search for the string. Rather, it treats the string as a list of tokens to be joined with ANDs. You must
use quotes around the string or use “Entire Message (phrase)” to search for the string.
Also see Working with Apostrophes and Other Punctuation in Barracuda Campus.
146 | Search Options Barracuda Essentials Foundation | Student Guide

4.8.19 Encrypted Email

When you digitally sign a message, you embed information in the message that validates your identity. When you encrypt

a message, it appears to be “scrambled” and can only by read by a person who has the message decryption key. Digitally

signing a message ensures that the message originated from the stated sender, and encrypting ensures that the message

has not been read or altered during transmission.

To encrypt messages, you can use the public-key cryptographic system. In this system, each participant has two separate

keys: a public encryption key and a private decryption key. When someone wants to send you an encrypted message, you

use your public key to generate the encryption algorithm. When you receive the message, you must use your private key

to decrypt the message.

Because encrypted messages are secure, the content cannot be decrypted upon import by the Barracuda Cloud Archiving

Service, and the content is therefore unavailable for search via the Barracuda Cloud Archiving Service.
Student Guide | Barracuda Essentials Foundation Retention Policies | 147

4.9 Retention Policies

While the Barracuda Cloud Archiving Service can handle an archive of virtually unlimited size, some organizations may

want to expire messages as a matter of course. The Policy > Retention page allows you to set the maximum age of an

archived message before it is permanently purged from the archive. Note that if an auditor has specified an indefinite hold

on a Saved Search, the retention policy is treated as an infinite lifetime.

By default, automated purging of messages archived to the Barracuda Cloud Archiving Service is disabled. If you enable

this ability, the Global Retention Policy and any Saved-Search retention policies are run against all the archived messages

weekly on Friday night.

If the age of any message exceeds the maximum age allowed by all Saved-Search retention policies that
apply to the message, that message is permanently deleted from the Barracuda Cloud Archiving Service.

The Global Retention Policy setting does not apply to any messages that match a Saved-Search retention policy.

To enable or disable the automatic message expiration, set the Allow automatic message deletion option to Yes or No.

4.9.1 Global Retention Policy

The Global Retention Policy applies to every archived message. When retention policies are run against the archived

messages (weekly on Friday night), any messages stored on the Barracuda Cloud Archiving Service that are older than this

age are deleted unless they match an existing Saved-Search policy.

Configure Global Retention Policy

1. On the Policy > Retention page, set Allow automatic message expiration to Yes.

2. Click Add Global Retention Policy to open the Add Retention Policy dialog.

3. In the Keep on cloud section, specify the total length of archived message retention:

a. Forever – Messages are retained in the Barracuda Cloud Archiving Service forever.

b. For – Enter the number of days to retain archived messages.

4. Click Submit to save the retention policy, and then click Save.

4.9.2 Saved-Search Retention Policy

You can define a retention policy based on a Saved Search to automatically delete archived messages from the Barracuda

Cloud Archiving Service. Note that before you can create a Saved Search retention policy, you must create at least one

Saved Search in the Basic > Search > Advanced Search page.
148 | Retention Policies Barracuda Essentials Foundation | Student Guide

Messages that match the specified Saved Search are permanently removed from the Barracuda Cloud Archiving

Service when the age of the message exceeds the specified Saved Search policy length.

If you define multiple Saved Search retention policies, if the age of any message exceeds the maximum age allowed by

all Saved Search retention policies that apply to the message, that message is permanently deleted from the Barracuda

Cloud Archiving Service.

Litigation holds overwrite Saved Search and Global Retention Policies; a litigation hold may be for a
defined period of time or indefinite. If a message matches more than one Saved Search-based policy,
then the message is kept according to the longest policy length. If it matches a Saved Search-based
policy as well as the global policy, then the Saved Search policy takes precedence.

Because a Saved Search retention policy overrides the Global retention policy, Saved Search retention policies are useful
when you want to create exceptions to a global retention policy.

Set Up Saved Search Retention Policy

1. Log in to the Barracuda Cloud Archiving Service, go to the Basic > Search page, and in the Standard

tab, click Advanced.

2. Enter the search criteria, and click Save Search.

3. Enter the Search Name, and click OK.

4. Go to the Policy > Retention page, and verify that Allow automatic message deletion is set to Yes; when set to Yes,

the Saved Search policies are run against archived messages weekly on Friday nights.

5. Click Add Retention Policy to open the Add Retention Policy dialog box.

6. From the Saved Search drop-down menu, select the name of the saved search on which to base this retention policy.

7. In the Keep on box section, specify whether to retain archived messages forever, or for a specified number of days:

• Forever – Messages meeting the Saved Search criteria on this Barracuda Cloud Archiving Service

are retained forever.

• For – Enter the number of days to retain archived messages that match the selected Saved Search criteria.

8. Click Submit to save the Saved Search retention policy.

9. The Saved Search is added to the table.

If a message matches more than one Saved Search-based policy, then the message is kept according
to the longest policy length. If it matches a Saved Search-based policy as well as the global policy,
then the Saved Search policy takes precedence.
Student Guide | Barracuda Essentials Foundation Litigation Holds | 149

4.10 Litigation Holds

Litigation Holds are created by auditors to prevent messages that meet the criteria for a specific Saved Search from being

removed from the Barracuda Cloud Archiving Service. The system administrator must first Enable Litigation Holds before

auditors are given the option to create Litigation Holds from the Saved Searches tab on the Basic > Search page.

The following information about active Litigation Holds will be displayed here, visible only to the system administrator:

• Auditor – The account name of the Auditor who created the Litigation Hold

• Saved Search – The name of the Saved Search associated with this Litigation Hold

• Hold End Date – The date and time when this Litigation Hold expires

To delete a litigation hold you must have system administrator rights; click the trash can icon following the Litigation

Hold you want to delete.

Add a Litigation Hold

1. Log in to the Barracuda Message Archiver as an auditor, go to the Basic > Search page, and click the Standard tab.

2. Click Advanced, enter your search criteria, and click Search.

3. When the search results return, click Save Search, enter the Search Name, and click OK.

4. Click the Saved Searches tab, and in the Actions column for the selected Saved Search, click Apply Litigation Hold.

5. In the Apply Litigation Hold dialog, specify the Hold End Date as either:

• Indefinite – Content that matches the Saved Search is retained until the Litigation Hold is cancelled

• Specific Date – Enter the expiration date

Student Guide | Barracuda Essentials Foundation Audit Logs | 151

4.11 Audit Logs

The Audit Log displays a list of all activities, including search-related activities initiated by the system. In this view you can

browse through the list, or perform a search to filter on a subset of activities. You can filter by start/end dates, user name,

and item type. Click on an activity to display the activity details in the Details pane.

4.11.1 Audit Log Tools and Options

The Audit Log includes the following tools and options:

• Page Navigation – Click on the navigation arrows or type a number in the Page field to move through the Audit Log.

• Refresh Icon – Click the icon to update the page.

• Export – Click Export, enter an email address to which to send a .csv file containing the selected audit logs in the dialog

box, and click OK. Once the report generates, it is sent to the specified email address.

• Tools – Click to select the number of items to display per page and to specify the Details Pane location.

 You can serach for activities in the Audit log.

Search Audit Log

1. Log in to the web interface, and go to the Advanced > Audit Log page. By default, all audit log records display.

2. Enter the desired search criteria, and then click Search.

3. The results pane displays those items matching the entered criteria. Information displayed for each record includes:

a. Date – When the action occurred and was logged in the Audit Log.

b. User – Which user performed this action. Some actions are performed automatically, not actively by a specific user,

displaying as user System.

c. Type – What type of action this record is for.

d. Detail – Many audit log records contain information in addition to the date, user, and type. In some cases,

a useful piece of this additional information is displayed in the Detail column, for instance to narrow down

a broad action type.

4. To view additional information, click on an item. Details display in the right pane.
 Barracuda Cloud-to-Cloud Backup

5.1 Introduction to Barracuda Cloud Backup 155

5.2 Configure Impersonation for Exchange Online 157

5.2.1 Configure Impersonation 157

5.3 Configure an Exchange Online Data Source 161

5.4 Configure Impersonation for OneDrive for Business 165

5.4.1 Configure Impersonation 165

5.5 Configure OneDrive for Business Data Source 171

5.6 Configure SharePoint Online Primary Site Collection Admin 175

5.7 Configure SharePoint Online Data Source 177

5.8 Configure Backup Schedules 181

5.9 Restore Backup 183

5.10 Backup Reports 191

5.10.1 Backup Report 191

5.10.2 Restore Report 191

5.10.3 Audit Log Reports 191

Student Guide | Barracuda Essentials Foundation Introduction to Barracuda Cloud Backup | 155

5.1 Introduction to Barracuda Cloud Backup

Barracuda Cloud-to-Cloud Backup for Office 365 protects Exchange Online, OneDrive for Business, and SharePoint Online

data by backing it up directly to Barracuda Cloud Storage. Barracuda Cloud-to-Cloud Backup for Office 365 can be used

as an add-on to an on-premises Barracuda Backup appliance or as a standalone subscription without an appliance. For

Exchange Online, Barracuda Cloud-to-Cloud Backup protects all email messages, including all attachments, as well as the

complete folder structure of each users’ mailbox. In OneDrive for Business, all files under the Documents Library, including

the entire folder structure, are protected. For SharePoint Online, Barracuda Cloud-to-Cloud Backup protects online files and

folders in Document Libraries, Site Assets, Site Pages, Picture Libraries, and Form Templates in Team Sites, Public Sites, Wiki

Sites, and Publishing Sites.

Student Guide | Barracuda Essentials Foundation Configure Impersonation for Exchange Online | 157

5.2 Configure Impersonation for Exchange Online

In order for Barracuda Cloud-to-Cloud Backup to access user mailboxes for backup, you must first create a new service

account with administrative privileges and apply the impersonation role to that account for Exchange Online, as described

in the section that follows.

5.2.1 Configure Impersonation

In order for Barracuda Cloud-to-Cloud Backup to access user mailboxes for backup, you must create a new service account

with administrative privileges and apply the impersonation role to that account.

Step 1. Create a New Service Account

To configure impersonation within Exchange Online:

1. Log in to your Office 365 Management Panel using an account with administrative privileges, and click users and

groups in the left pane.

2. Click the + symbol to create a new account.

3. In the details page, enter the details for the new service account, and click next.

4. In the settings page, select Yes to assign administrator permissions, and from the drop-down menu, select Global

administrator. Optionally, you can add an alternate email address and location. Click next.

5. In the assign licenses page, make no changes. Click next.

6. In the send results in email page, click Create. The service account details are sent to the admin.

7. To activate the account, log in to your Office 365 Management Panel using the new service account, and

update the password.

Step 2. Create Impersonation Role

Option 1. Manually Set Up Impersonation

1. Log in to your Office 365 Management Panel using an account with administrative privileges, and go to

permissions > admin roles.

158 | Configure Impersonation for Exchange Online Barracuda Essentials Foundation | Student Guide

2. Click the + symbol. In the new role group dialog box, type BarracudaBackupImpersonation in both the

Name and Description fields:

3. Scroll down to Roles, and click the + symbol.

Student Guide | Barracuda Essentials Foundation Configure Impersonation for Exchange Online | 159

4. From the list, select ApplicationImpersonation, and click add:

5. Click OK.

6. Scroll down to Members, select the service account created in Step 1: Create a New Service Account, and click add.

7. Click OK. Click Save to save your settings and close the Role Group window. The Impersonation role is now

listed in Admin Roles.

Option 2. Set Up Impersonation via PowerShell

Use the following steps to assign the ApplicationImpersonation role using PowerShell:

1. At the PowerShell command prompt, enter the following command:

New-ManagementRoleAssignment –name:impersonationAssignmentName –

Role:ApplicationImpersonation –User:serviceAccount

Where:

name is the friendly name of the role assignment. Each time you assign a role, an entry is made in the role-based

access control (RBAC) roles list. You can verify role assignments by using the Get-ManagementRoleAssignment cmdlet

found in the Microsoft Dev Center article How to: Configure impersonation.

Role is the RBAC role to assign. When you set up impersonation, you assign the ApplicationImpersonation role.

User is the service account.

2. Press Enter.
Student Guide | Barracuda Essentials Foundation Configure an Exchange Online Data Source | 161

5.3 Configure an Exchange Online Data Source

Configure Exchange Online to back up data directly to Barracuda Cloud Storage. When you back up Exchange Online,

Barracuda Cloud-to-Cloud Backup protects all email messages, attachments, and the complete folder structure of each

user mailbox. Messages, folders, or entire mailboxes can be restored back to the original account, a different account, or

exported via the download feature.

Configure Exchange Online Data Source

Use the following steps to set up Exchange Online backup:

1. Log in to Barracuda Backup, and select the Cloud Source in the left pane.

2. In the Status page, click Exchange Online:

3. The Data Sources page displays. Click Add a Cloud Provider, and enter the following details:

a. In the Cloud Provider description field, enter a name to represent the data source.

b. From the Cloud Provider type drop-down menu, select Microsoft Office 365.

c. Click Save.

4. The Add a Cloud Data Source dialog box displays:

a. From the Data Type drop-down menu, select Exchange Online:

b. Enter Your Office365 domain URL.

 The URL is available once you log in to Exchange Online.

c. Click Authorize.

 If you are not currently logged into the Exchange Online account, the Microsoft login page
displays. Enter your Exchange Online administrator login information, and then click Sign in.
162 | Configure an Exchange Online Data Source Barracuda Essentials Foundation | Student Guide

5. In the Exchange Online page, click Accept to authorize Barracuda to back up data from Exchange Online:

6. The Edit Exchange Online page displays.

a. Enter a name to identify the data source in the Data Description field.

b. In the Add to schedule section, click the drop-down menu, and then click Add New:

7. The Add New Schedule dialog box displays. Enter a name to represent the schedule:
Student Guide | Barracuda Essentials Foundation Configure an Exchange Online Data Source | 163

8. Click OK. The Edit Exchange Online page is updated with the new schedule name.

9. Click Save. The Edit Backup Schedule page displays.

10. In the Items to Back Up section, select individual items to back up, or click Apply to all computers and data sources

for this Barracuda Backup Cloud Service to back up everything in Exchange Online.

11. In the Schedule Timeline section, select the day you want the schedule to run.

12. In the Daily Backup Timeline, specify the time of day the schedule is to run:

13. Click Save. Exchange Online is backed up based on your data source and schedule settings.
Student Guide | Barracuda Essentials Foundation Configure Impersonation for OneDrive for Business | 165

5.4 Configure Impersonation for

OneDrive for Business
Download and install the SharePoint Online Management Shell from the Microsoft Windows Download Center to a

windows computer with PowerShell installed, and download the AdminRights.ps1 script to the same Windows computer

where you installed SharePoint Online Management Shell.

After downloading and installing the SharePoint Online Management Shell, you can follow the steps in the Microsoft

support article Assign eDiscovery permissions to OneDrive for Business sites.

5.4.1 Configure Impersonation

In order for Barracuda Cloud-to-Cloud Backup to access OneDrive user accounts for backup, you must create a new service

account with administrative privileges, and then assign that account SharePoint Site Collection Administrator privileges.

Step 1. Create a New Service Account

1. Log in to your Office 365 Management Panel using an account with administrative privileges, and click users and

groups in the left pane.

2. click the + symbol to create a new account.

3. In the details page, enter the details for the new service account, and click next.

4. In the settings page, select Yes to assign administrator permissions, and from the drop-down menu, select Global

administrator. Optionally, you can add an alternate email address and location. Click next.

5. In the assign licenses page, make no changes. Click next.

6. In the send results in email page, click Create. The service account details are sent to the admin.

7. To activate the account, log in to your Office 365 Management Panel using the new service account, and

update the password.

Step 2. Configure Permissions

Use this step to configure permissions for current users.

There are two options you can use to give the service account created in Step 1. Create a New Service Account

access to user accounts:

• Option 1 – Run a SharePoint Online Management Shell script to automatically apply the proper permissions to each user

account; this is the preferred and fastest. If you have multiple users, this is also the easiest method.

or
166 | Configure Impersonation for OneDrive for Business Barracuda Essentials Foundation | Student Guide

• Option 2 – Manually configure each user account from within the Microsoft SharePoint Admin Center. If you have only a

few users, this is the easiest method.

Option 1. Configure Permissions Using a SharePoint Online Management Shell Script

1. Download and open the AdminRights.ps1 script using a text editor such as Notepad.

2. Navigate to and edit the following four variables:

• $o365login – Replace with your Office 365 service account or administrator account username.

• $o365pw – Replace with your Office 365 service account or administrator account password.

• $spAdminURL – Replace with the same URL used in your organization’s OneDrive URL, but suffixed with -admin

• $spMyURL – Replace with the same URL used in your organizations’ OneDrive URL, but suffixed with -my

3. Save and close the script.

4. Locate the SharePoint Online Management Shell installed in Step 1, then right-click and click Run as administrator.

5. Change your working directory within the SharePoint Online Management Shell to the location where you saved the

AdminRights.ps1 script:

6. Run the following command:

Set-ExecutionPolicy Unrestricted
Student Guide | Barracuda Essentials Foundation Configure Impersonation for OneDrive for Business | 167

7. Run the following command to run the AdminRights.ps1 script:

.\AdminRights.ps1

8. Press Enter to exit the script.

9. Exit SharePoint Online Management Shell.

 You must complete the steps in Option 1 each time you add new users.

Option 2. Configure Permissions from the Microsoft SharePoint Admin Center

1. Log in to your Office 365 Management Panel using the service account created in Step 1. Create a

New Service Account.

2. In the left pane click Admin centers > SharePoint, and click user profiles.

3. Click Manage User Profiles:

168 | Configure Impersonation for OneDrive for Business Barracuda Essentials Foundation | Student Guide

4. In the Find profiles field, type the name of a user who’s OneDrive for Business data is to be backed up,

and then click Find:

5. Click the user’s Account name, and then click Manage site collection owners:

6. The site collection owners dialog box displays. In the Site Collection Administrators field, add the service account

with administrative privileges or another account with administrative privileges:

• Type the account name, and then click the Verify User icon, or

• Click the Directory icon, and navigate to and select the account from the directory:

7. Click OK. The service account or administrative account added as the user’s Site Collection Administrator can now

view the user’s entire OneDrive account.

8. Repeat Steps 3 through 7 for each user who’s OneDrive for Business data is to be backed up with Barracuda

Cloud-to-Cloud Backup.
Student Guide | Barracuda Essentials Foundation Configure Impersonation for OneDrive for Business | 169

Step 3. Set Up Impersonation Permissions

 Use these steps when adding all future users.

Complete the following steps to set up impersonation permission for the service account on all newly

created OneDrive users:

1. Log in to your Office 365 Management Panel using the service account created in Step 1. Create a

New Service Account.

2. In the left pane click Admin centers > SharePoint, and click user profiles.

3. In the My Site Settings section, Click Setup My Sites.

4. In the My Site Secondary Admin section, click Enable My Site secondary admin.

5. In the Secondary admin field, type the username of the newly created service account.

6. Click OK.
Student Guide | Barracuda Essentials Foundation Configure OneDrive for Business Data Source | 171

5.5 Configure OneDrive for Business Data Source

Configure OneDrive for Business to back up data directly to Barracuda Cloud Storage. When backing up OneDrive for

Business using Barracuda Cloud-to-Cloud Backup, all files under the Documents Library, including the entire folder

structure, are protected. Files, folders, or entire accounts can be restored back to the original account, a different account,

or exported via the download feature.

Configure OneDrive for Business Data Source

1. Log in to Barracuda Backup, and select the Cloud-to-Cloud Backup Source in the left pane.

2. In the Status page, click OneDrive for Business:

3. The Data Sources page displays. Click Add a Cloud Provider, and enter the following details:

a. In the Cloud Provider description field, enter a name to represent the data source.

b. From the Cloud Provider Type drop-down menu, select Microsoft.

c. Click Save.

4. The Add a Cloud Data Source page displays:

a. From the Data Type drop-down menu, select OneDrive for Business.

b. Enter the OneDrive URL in the associated field; the URL is available once you log in to OneDrive.

c. Click Authorize:
172 | Configure OneDrive for Business Data Source Barracuda Essentials Foundation | Student Guide

d. If you are not currently logged into the OneDrive for Business account, the Microsoft login page displays:

e. Enter your OneDrive for Business administrator login information, and then click Sign in.

5. The Edit OneDrive for Business page displays:

a. Enter a name to identify the data source in the Data Description field.

b. In the Add to schedule section, click the drop-down menu, and then click Add New:

6. The Add New Schedule dialog box displays. Enter a name to represent the schedule:

7. Click OK. The Edit OneDrive for Business page is updated with the new schedule name.

8. Click Save. The Edit Backup Schedule page displays.

Student Guide | Barracuda Essentials Foundation Configure OneDrive for Business Data Source | 173

9. In the Items to Back Up section:

a. Select individual items to back up, or

b. To back up everything on OneDrive, click Apply to all computers and data sources for this Barracuda

Backup Cloud Service.

10. In the Schedule Timeline section, select the day you want the schedule to run.

11. In the Daily Backup Timeline, specify the time of day the schedule is to run:

12. Click Save. OneDrive is backed up based on your data source and schedule settings.
Student Guide | Barracuda Essentials Foundation Configure SharePoint Online Primary Site Collection Admin | 175

5.6 Configure SharePoint Online Primary

Site Collection Admin
In order for Barracuda Cloud-to-Cloud Backup to access SharePoint sites, you must first create a primary site collection

administrator for each SharePoint Site collection data source.

Configure Site Collection Administrator

In order for Barracuda Cloud-to-Cloud Backup to access SharePoint sites, you must create a primary site

collection administrator.

 You must complete the following steps for each SharePoint Site Collection you want to back up.

To configure the primary site collection administrator for SharePoint Online:

1. Log in to your Office 365 Management Panel using an account with administrative privileges, go to the Office 365

admin center, and click Admin centers > SharePoint.

2. Hover over and select the site collection you want to add the administrator to.

3. Click Owners > Manage Administrators:

176 | Configure SharePoint Online Primary Site Collection Admin Barracuda Essentials Foundation | Student Guide

4. The manage administrators page displays. In the Site Collection Administrators section, enter the name of the

administrator you want to add as a Site Collection Administrator, and click the Check Names icon to verify the user

name is valid. For example, SharePoint Service Administrator:

5. Click OK to save your changes and add the selected administrator as the Site Collection Administrator.
Student Guide | Barracuda Essentials Foundation Configure SharePoint Online Data Source | 177

5.7 Configure SharePoint Online Data Source

Configure SharePoint Online to back up data directly to Barracuda Cloud Storage. Barracuda Cloud-to-Cloud Backup

provides complete protection of SharePoint Online. With item-level recovery options, items can be restored back directly

into SharePoint Online from the backups of Document Libraries, Site Assets, Site Pages, Picture Libraries, and Form

Templates in Team Sites, Public Sites, Wiki Sites, and Publishing Sites. Barracuda Cloud-to-Cloud Backup for Office 365

eliminates the risk of lost content due to accidental or malicious deletion. You can also retain email messages and files

indefinitely if users were to leave your organization—all without having to purchase additional licenses.

Configure Data Source

1. Log in to Barracuda Backup, and select the Cloud Source in the left pane.

2. In the Status page, click SharePoint Online:

3. The Data Sources page displays. Click Add a Cloud Provider, and enter the following details:

a. In the Cloud Provider description field, enter a name to represent the data source.

b. From the Cloud Provider type drop-down menu, select Microsoft Office 365.

4. Click Save.

5. The Add a Cloud Data Source dialog box displays:

a. From the Data Type drop-down menu, select SharePoint Online.

b. Enter Your Office365 domain URL.

 The URL is available once you log in to SharePoint Online.

c. Click Authorize.
178 | Configure SharePoint Online Data Source Barracuda Essentials Foundation | Student Guide

 If you are not currently logged in to the SharePoint Online account, the Microsoft login page displays.
Enter your SharePoint Online administrator login information, and then click Sign in.

6. In the SharePoint Online page, click Accept to authorize Barracuda to back up data from SharePoint Online:

7. The Edit SharePoint Online page displays. Complete the following:

a. Enter a name to identify the data source in the Data Description field.

b. In the Add to schedule section, click the drop-down menu, and then click Add New:
Student Guide | Barracuda Essentials Foundation Configure SharePoint Online Data Source | 179

8. The Add New Schedule dialog box displays. Enter a name to represent the schedule:

9. Click OK. The Edit SharePoint Online page is updated with the new schedule name.

10. Click Save. The Edit Backup Schedule page displays.

11. In the Items to Back Up section, select individual items to back up, or click Apply to all computers and data sources

for this Barracuda Backup Cloud Service to back up everything in SharePoint Online.

12. In the Schedule Timeline section, select the day you want the schedule to run.

13. In the Daily Backup Timeline, specify the time of day the schedule is to run:

14. Click Save. SharePoint Online is backed up based on your data source and schedule settings.
Student Guide | Barracuda Essentials Foundation Configure Backup Schedules | 181

5.8 Configure Backup Schedules

Use the Backup > Schedules page to create backup schedules for selection when setting up your data sources. Once your

data sources are set up, data is collected from each data source for the first time during an initial backup period. Once the

initial backup is complete, Barracuda Cloud-to-Cloud Backup checks for changed and new data based on the data source

backup schedules. When new or changed information is identified, each file is analyzed at the bit level, and only the new

bit sequences in the files themselves are copied and transferred.

Configure a Backup Schedule

Use the following steps to schedule an Office 365 backup:

1. Log in to Barracuda Backup, and select the Cloud-to-Cloud Backup Source in the left pane.

2. Go to Backup > Schedules.

3. On the Schedules page, click Add a Schedule in the upper right-hand corner.

4. Enter a name for your schedule in the Schedule name field:

5. In the Identify the data sources section, select the data to be backed up using this schedule. You can select Apply to

all computers and data sources for this Barracuda Cloud to Cloud Backup or you can granularly select data down to

a specific file or folder.

6. In the Schedule Timeline section, select the days you want the schedule to run. If you are creating a one-time only

backup schedule, deselect all days:

182 | Configure Backup Schedules Barracuda Essentials Foundation | Student Guide

7. In the Daily Backup Timeline section, enter a start time for your backup schedule. To repeat a backup schedule

throughout a 24-hour period, select the Repeat option and specify the frequency of the backup and the end time. A

backup schedule cannot span multiple days:

8. Once you have configured your backup schedule, click Save.

9. The backup schedule is now listed on the Schedules page and specifies the days and times that it is to run. To run a

backup on-demand, click Run Backup Now, to edit the schedule click Edit, or to delete a schedule, click Remove:
Student Guide | Barracuda Essentials Foundation Restore Backup | 183

5.9 Restore Backup

Use the Restore > Restore Browser page to restore backed up Office 365 data sources. You can restore single

files or entire systems.

Restore an Exchange Online Data Source

Use the following steps restore an Exchange Online backup:

1. Log in to Barracuda Backup, and select the Cloud-to-Cloud Backup source in the left pane.

2. Click the Restore tab, and then click Restore Browser.

3. Click Exchange Online in the left pane, and then select the user mailbox from which to restore data:

4. Select the folder from which to restore data:

5. Locate the email or folder to restore, or use the search field to locate the desired data:
184 | Restore Backup Barracuda Essentials Foundation | Student Guide

6. The default view displays data that was present during the last backup.

7. To find a historical email or folder revision from a previous date, click Change Date in the left pane:

8. Use the calendar to select the desired day to view data available for restore from that date.

9. Once you locate the email(s) or folder to restore, click Restore to the right of a single item, or click Restore selected

items if you selected multiple items:

10. The Restore dialog box displays. Select to restore to the Original Location and Original Path, or click Specify New

Path and specify a different user and path:

Student Guide | Barracuda Essentials Foundation Restore Backup | 185

11. Click Start Restore. A notification displays that the restore is in progress:

12. To view restore status, go to the Reports > Restore page.

13. Verify the messages or folders have been restored in the user’s Exchange Online mailbox.

Restore a OneDrive for Business Data Source

Use the following steps to restore OneDrive for Business data:

1. Log in to Barracuda Backup, and select the Cloud-to-Cloud Backup Source in the left pane.

2. Click the Restore tab, and then click Restore Browser.

3. Click OneDrive for Business in the left pane, and then select the user account from which to restore data:

4. Navigate through the folder structure to locate the file or folder you want to restore. Alternatively, you can use the

search field to locate the desired data:

186 | Restore Backup Barracuda Essentials Foundation | Student Guide

5. The default view displays data present during the last backup. To find a historical revision of a file or folder,

click Change Date in the left pane:

6. Use the calendar to select the desired day to view data available for restore from that date.

7. Once you locate the file(s) or folder to restore, click Restore to the right of a single item, or click Restore selected

items if you selected multiple items:

8. The Restore dialog box displays. Select to restore to the Original Location and Original Path, or click Specify New

Path and specify a different user and path:

Student Guide | Barracuda Essentials Foundation Restore Backup | 187

9. Click Start Restore. A notification displays that the restore is in progress:

10. To view restore status, go to the Reports > Restore page.

11. Verify the files or folders have been restored in the user’s OneDrive for Business account.

Restore a SharePoint Online Data Source

Use the following steps to restore SharePoint Online data:

1. Log in to Barracuda Backup, and click the Office 365 Backup in the left pane.

2. Click Restore > Restore Browser.

3. Click SharePoint Online in the left pane, and then select the Site from which to restore data:

4. Navigate through the folder structure to locate the file or folder you want to restore, or use the search field to

locate the desired data:

188 | Restore Backup Barracuda Essentials Foundation | Student Guide

5. The default view displays data present during the last backup. To find a historical revision of a file or folder, click

Change Date in the left pane:

6. Use the calendar to select the desired day to view data available for restore from that date.

7. Once you locate the file(s) or folder to restore, click Restore to the right of a single item, or click Restore selected

items if you selected multiple items:

Student Guide | Barracuda Essentials Foundation Restore Backup | 189

8. The Restore dialog box displays. Select to restore to the Original Location and Original Path:

9. Click Start Restore. A notification displays that the restore is in progress:

10. To view restore status, go to the Reports > Restore page.

11. Verify the files or folders have been restored in the SharePoint Online Site.
Student Guide | Barracuda Essentials Foundation Backup Reports | 191

5.10 Backup Reports

Use the Reports page to view backup and restore details as well as an audit log of all activities in the Barracuda Cloud

Backup web interface.

5.10.1 Backup Report

Go to Reports > Backup to view a detailed report for each backup that is run. In addition, any backup process currently

running displays. Backup reports include details about the backup such as when the backup started, duration, size, if there

were any errors or warnings, and any new, changed, or removed items. Reports also include links to each backed up file

to view or download the item from the report. Click Details to view recent activity in chart form. You can also view a list

of backed up files including the number of new, changed, and removed files, as well as a list of any errors encountered

during backup. Click Download to save the report as a .csv file to your local system.

5.10.2 Restore Report

You can view restoration details in the Reports > Restore page. To specify how you wish to sort the table, click on a

heading, and then click on the up/down arrows to the right of each heading to specify either an ascending or descending

sort. Click Details to view all details for the selected restoration including any encountered errors.

5.10.3 Audit Log Reports

The Reports > Audit Log page displays a report of all activities in the Barracuda Cloud Backup web interface by time and

date, by user, and by action. Logged activity includes log on authentication, changes to settings, changes to account

information, and more. Click Details for additional information for a specific activity.
campus.barracuda.com | [email protected]