Email Security Changes - INTERNAL ITS STAFF

INTENDED AUDIENCE: **INTERNAL ITS STAFF ONLY**

A close-up of a logoAI-generated content may be incorrect.

Transition to Abnormal AI

What is Abnormal AI?

Abnormal AI is an email security platform that uses artificial intelligence (AI) and machine learning to identify and prevent email-based attacks such as phishing, financial scams, account takeover, and business email compromise (BEC).

How does this affect Students, Staff, and Faculty?

The Abnormal AI system functions alongside our Microsoft 365 tenant to automatically detect and remediate malicious emails from mailboxes – typically, within just a few milliseconds. Users may notice:

Reduced phishing, suspicious, or junk mail.
Occasional instances where an email is received and then quickly removed by Abnormal AI.
Little to no difference in how they interact with email compared to our previous solution.

When will this change take effect?

We expect all mailboxes to be protected by Abnormal AI by December 15, 2025.

Frequently Asked Questions

Should I be concerned about disappearing messages? Where are they going?

No, this is normal behavior. Abnormal reviews emails in a secure environment after delivery. If Abnormal issues a judgement determining the email is malicious, it will quickly remove the email and place it into a quarantine folder. This may result in messages appearing and then disappearing.

Is the Quarantine folder accessible by the user?

No, this folder is only accessible by designated Administrators. Currently this includes the IT Security team and members of the Infrastructure team.

What if an expected message never arrives?

While we expect this to be a rare occurrence, legitimate emails may be incorrectly flagged by Abnormal AI.

Before escalating this to the IT Security team please first check the following folders:

Junk E-mail (Microsoft’s built-in spam filtering folder)

If the message still cannot be found, please open a ticket for the user and forward it to the IT Security queue in FreshService with the following information:

Sender’s email address
Subject Line
Approx. date/time the email was sent

The IT Security team will review the message and make attempts to retrieve it, if possible.

What about suspicious emails that are still delivered to mailboxes?

Users may continue to report suspicious emails using the Phish Alert Report button in the Outlook ribbon in both the Desktop client and Outlook Web app.

Will all mailboxes be protected?

Yes, all mailboxes will be protected by Abnormal AI – including generic mailbox accounts (e.g. TelCoSW1, IRB, etc.)

Accidentally deleted an email?

Deleting a message from the Inbox will send it to the “Deleted Items” folder in Outlook. If the message is manually deleted from the “Deleted Items” folder or when it is purged, Microsoft will move the email into a “Recoverable Items” folder where it will be held temporarily pending permanent deletion.
If a user encounters a situation where they are unable to retrieve a deleted email, please follow the same instructions listed under "What if an expected message never arrives?" and create a ticket for the IT Security team.

Can users manually block an email address?

Yes, if unwanted email is being delivered to the inbox the user may manually block the address using the following steps:
1. Select the unwanted message
2. Right-click on the message and hover over “Block”
3. Select “Block Sender”
Doing so will place all emails matching the sender address into Microsoft’s “Junk Mail” folder.
- If the user suspects the email is phishing or spam, they should be encouraged to use the Phish Alert Button (PAB) in Outlook.

Important emails keep going into the “Junk Mail" folder?

If important email is going into the Junk Mail folder, the sender address may be added to the “Never Block” list by:
1. Select the wanted message in the Junk Mail folder.
2. Right-click on the message and hover over “Block”
3. Select “Never Block Sender”
Doing so will place all emails matching the sender address into the Inbox folder as long as they are not determined unsafe by Abnormal.
- Be aware, global blocklists implemented in the Abnormal tenant will override any user inbox blocklist/safelist.