Zero trust for email. Solved.

Yes. Shield uses AI in specific and deliberate ways, like generative AI for email summaries in Bundler. Shield also uses multiple layers of established technology—heuristic pattern matching, machine learning, and behavioral analysis—to infer risk signals from every message. But these are simply components doing specific jobs within a greater system. That system is Shield’s zero trust architecture—the foundation everything sits on top of, and what makes Shield fundamentally different from every other email security product.

So when you hear competitors say “AI-powered,” know that they’re likely describing the same tech that’s been in email filtering for years, just rebranded as AI became a marketing buzzword. Shield’s differentiation isn’t the AI. It’s the zero trust architecture that AI supports—a foundation no amount of rebranding can replicate.

Shield starts with zero trust and employs a multi-tiered decision engine to determine what reaches the inbox. The first layer targets high-risk threats—phishing, spoofing, malware, impersonation—and stops them before they ever have a chance. Messages that clear that layer fall to the trust network, where Shield applies each user’s personalized preferences to ensure wanted mail gets through. The third layer catches unwanted noise: messages that aren’t threats but aren’t wanted either. What’s left is tagged with a New Sender banner where users make their own trust/silence decisions. Each interaction sharpens the trust network, and Shield quietly fades into the background.

Not in the traditional sense. Most email security solutions let everything in and try to chase down what’s bad. The result forces users to navigate the gray areas in quarantines where threats can live right beside legitimate messages. Instead, Shield’s zero trust foundation assumes every message is unwanted until it proves it belongs.

Shield’s multi-tiered decision engine factors in multiple risk signals—from spam indicators and authentication failures to suspicious geography, sender reputation and more—to determine where messages are sent before users ever see them. Emails with very high spam scores, viruses, and confirmed phishing and impersonation are immediately classified as high risk and held outside the mailbox in a place we call Jail.

From there, Shield’s composite risk assessment gives borderline emails a comprehensive evaluation, leading to fewer false positives. If a user still believes something to be incorrectly flagged, they can submit a veto request for review by an admin. But with Shield, that’s the exception—not the rule.

Shield is both. It combines our secure email gateway with a patented API integration for full visibility into the email lifecycle. The gateway stops threats before they reach Microsoft 365. The API tracks and acts on messages that make it to the mailbox. And the two parts aren’t just stitched together; they were built as a single system from the ground up to share context in real time—something competitors simply can’t replicate. See the difference.

Shield is built for Microsoft 365 environments and deeply integrated with the platform, enhancing its native security rather than disrupting it. It addresses many of M365’s shortcomings, like messages you want repeatedly landing in junk or getting held in quarantine. Google Workspace support is on the horizon. In the meantime, CloudFilter™—Mailprotector’s powerful and flexible secure email gateway—can be used to support mixed platform environments.

No. Shield integrates with Microsoft 365 via an enterprise app, with transport rules and connectors configured automatically during deployment so your MX records can stay exactly as they are. However, pointing MX records to Mailprotector is an option as well—the choice is yours.

Deployment can take as little as one to three minutes using Shield’s automated setup. The process connects to Microsoft 365 using admin credentials, installs the enterprise app, configures transport rules and connectors, and runs a mail flow test before going live. If any errors are detected during the test, the deployment automatically rolls back. Manual DNS configuration is also available if the client’s domain registrar isn’t supported by the automated flow. In these cases, deployment averages 10–15 minutes.

Shield Pro is an add-on tier for enhanced productivity and privacy features, including Bundler (a dedicated space for non-urgent mail with AI summaries), Lockbox (a secure vault for your most sensitive messages) and Burner Addresses (temporary addresses that can be created and discarded to protect a user’s primary address). Shield Pro is licensed per user, not per domain, so you can deploy it selectively for power users without rolling it out to the entire organization.

Group training webinars are held every Tuesday and Thursday. One-on-one sessions with the support team are available on request at no additional cost. Partners also receive free NFR licenses so they can deploy and use Shield themselves before rolling it out to clients, which is strongly recommended.

We designed the Shield Onboarding Kit with everything you need to prepare your clients for a smooth rollout. The kit includes a getting started video that walks users through their first week, an intuitive and approachable onboarding guide, a pre-deployment email campaign, and even a custom GPT to help tailor your own rollout communications. As Todd Davis from Obsidian IT shared:

"Thank you for putting this kit together. It makes a huge difference when onboarding new clients and significantly improves the overall satisfaction with this amazing product."