as you know email remains a top infection vector for the threat Ransomware.
I use on the MEG ClickProtect (without Hybrid) so only replace or remove URLs threat, GTI, URLs filtering, ecc.
What do you thik about to use in a MEG the compliance in email policy with a dictionary for the email bearing the Ransomware.
Someone has used different methods?
Retrieving data ...