HYBRID CLOUD EMAIL SECURITY WITH
365 TOTAL PROTECTION

Flexibility, Control, and Performance Combined

Hybrid, API or MX? When setting up 365 Total Protection, you can decide how the security services should be implemented. You can select between: MX-based security mode, API-based security mode, and Hybrid security mode, which provides the most comprehensive protection. On this page, you’ll discover the advantages and potential drawbacks of each option, helping you make the right choice for your organization. We make it as easy as possible for you: Hybrid combines the best of both worlds!

Which mode is best for me?

Hybrid Mode

API Mode

MX Mode

Hybrid Security Mode: The Best of Both Worlds.

Hybrid mode combines all the extensive protection of API and MX mode in one.

For the most robust and comprehensive protection, the Hybrid mode is the clear choice. This approach combines the strengths of both modes. In Hybrid mode, emails are checked pre- and post-delivery, offering the highest layer of protection against email-based attacks.
The Secure Email Gateway filters out the bulk of routine threats, while the Integrated Cloud Email Security layer applies advanced AI and machine learning to examine message bodies and attachments for more subtle, modern risks.

✅ Ensures pre- and post-delivery protection.

✅ Combines all features of API and MX modes.

✅ Most comprehensive email security and compliance toolset.

FEATURE	HYBRID MODE	API MODE	MX MODE
SPAM & MALWARE PROTECTION
EMAIL ENCRYPTION
EMAIL SIGNATURES & DISCLAIMERS

ADVANCED THREAT PROTECTION
POST-DELIVERY PROTECTION
EMAIL ARCHIVING
EMAIL CONTINUITY

MX Mode

The MX-based model relies on a Secure Email Gateway (SEG), which requires an organization to change its MX records to route all inbound and outbound email traffic through the gateway. This creates a powerful perimeter defense with a high degree of control. Emails are scanned and filtered before they ever reach a user’s inbox, which effectively removes threats and minimizes the risk of user interaction. Because every email must be processed, there can be minimal delays in email delivery.

✅ Ensures pre-delivery protection.

✅ Filters incoming and outgoing messages.

✅ Enables several additional features like encryption, compliance support, or data loss prevention.

❌ No post-delivery protection.

❌ No auto-remediation.

❌ Changes to MX records required.

API MODE

The API-based model for email security, often referred to as Integrated Cloud Email Security (ICES), offers several distinct advantages, primarily centered on ease of deployment and efficiency. A key benefit is the fast onboarding process; since the solution integrates directly with the cloud platform’s API, there is no need to change MX records. This allows for the security to be immediately available, simplifying deployment and reducing costs. Furthermore, this method ensures that the delivery of emails is not delayed by the filtering process. API-based solutions can also delete malicious emails from the mailbox after delivery, a useful feature for remediation. However, it’s limited to post-delivery protection only.

✅ Ensures post-delivery protection.

✅ Fast, simple deployment.

✅ No changes to MX records.

❌ No pre-delivery protection.

❌ No continuity during outages.

❌ Unencrypted emails.

Get more Information on our Factsheet

To download the factsheet, please click on the button below.

Infopaper cover : Modes and Features comparison

Download here

Comprehensive Security for Microsoft 365 – Today and for the Future

Protect your Microsoft 365 environment with a fully integrated solution for security, risk management, governance, compliance, and backup. This all-in-one platform delivers everything your business needs to secure critical email communication and data—intelligently, efficiently, and with a future-ready approach.