General Q&A

Quick answers to common questions organized by topic.

Written By Matt Sywulak

Last updated About 1 month ago

Kaseya 365 User

I have Kaseya 365 User. When will I get access to INKY?

You will get access to INKY Advanced on January 1, 2026. If you have purchased an upgrade to INKY Pro with your Kaseya 365 User contract, you will receive access to that on January 1 as well.

How do I access my new INKY module?

INKY is available through your KaseyaOne homepage. Simply log in to KaseyaOne and click the INKY tile in the My Modules section. This will bring you to the INKY login page, where you can login using your Microsoft or Google single sign-on credentials. If you do not use SSO, click More and enter your email provider credentials.

Does INKY integrate with any Kaseya modules?

Yes! INKY integrates with BullPhish ID, allowing you to deliver security training based on security events identified through INKY. Refer to Integrating BullPhish ID with INKY.

Is INKY replacing Graphus in my Kaseya 365 User subscription?

Yes, INKY is the Kaseya 365 User solution for email security.

When can I start my migration from Graphus to INKY?

You can begin migrating from Graphus to INKY starting January 1, following the instructions in the Graphus to Inky section of the knowledge base. This describes how to use the first phase of the automated migration tool to import team information and admins into Inky.

If you want to migrate your block/allow settings and VIP list, you can do so manually by following the additional steps outlined in the manual migration process.

Can I run Graphus and INKY at the same time?

Yes, but you will need to run INKY in “silent mode.” Silent mode is a journal mode where you can review each email that has been scanned and the banner INKY added. This is a good way to compare how INKY handles emails vs. how Graphus handles them.

What are the key differences between INKY and Graphus?

  • INKY scans and protects emails before they reach the inbox (Graphus scanned after delivery).

  • Banners appear on all email regardless of severity to give the recipient the true sender’s address and the ability to report email.

  • User actions (reply/forward or “mark safe”) permanently remove banners for that conversation.

  • Two-click access to curate a personal allow and block list.

  • INKY significantly reduced banner fatigue and false positives out-of-the-box.

    Other notes:

  • BullPhish ID integrates with both platforms.

  • Email Signatures are included in both INKY bundles.

  • Email Encryption requires INKY Pro (Graphus customers need to upgrade from INKY Advanced).

Does INKY support complex rules like Graphus “AND” conditions?

Yes. Advanced Block Lists support multi-condition rules with AND/OR logic based on sender, recipient, subject, headers, attachments, and authentication results.

Will BullPhish ID continue to work after I migrate to INKY from Graphus?

Yes, BullPhish ID phishing simulation campaigns will automatically fall back to SMTP delivery after Graphus is disabled. However, during migration, you must allowlist INKY IP addresses and domains in Microsoft 365 or Google Workspace to ensure phishing simulation emails are not blocked and are successfully delivered to end users. See the article, Integrating BullPhish ID with INKY.

I’m a new Kaseya 365 User subscriber. How do I get started with INKY?

If you are the Implementation Contact for your company’s Kaseya 365 subscription, as indicated on your quote and contract, you will set up INKY with your other Kaseya 365 User modules by following the instructions in your Kaseya 365 Setup Guide page in KaseyaOne. The first time you log in to KaseyaOne, you will automatically navigate to the Setup Guide. Follow the steps to get started with all your Kaseya 365 modules. Refer to Getting Started with Kaseya 365 User for more information.

What permissions will I have in INKY when I access it through my Kaseya 365 User subscription?

If you are the Implementation Contact for your new Kaseya 365 subscription, you will have Super Admin credentials in INKY at the top level and at the org teams level. As a Super Admin you can add other users and configure the product. Any other users already in KaseyaOne will have Viewer access. If you need to elevate permissions, you can do this through your Admin center.

Architecture & Deployment

Does INKY require MX record changes?

No. INKY operates inline behind Microsoft 365 or Google Workspace, integrating through native transport rules and connectors. This eliminates DNS propagation delays and email routing downtime.

How does INKY's inline architecture work?

INKY uses transport-level mail control through connectors and transport rules to route email to INKY for analysis before final delivery. This allows INKY to dictate mail routing (Inbox, Junk, or Quarantine) before users see messages, unlike API-only solutions that process email after delivery.

Does INKY support email gateway configurations for non-M365/Google environments?

No. INKY is designed for native integration with Microsoft 365 and Google Workspace only. On-premise Exchange and smarthost configurations are not supported during the initial Kaseya rollout.

What happens to email if the provider goes down? Does INKY offer spooling?

INKY operates inline behind the email provider's infrastructure. If Microsoft 365 or Google Workspace experiences an outage, their built-in redundancy and SLAs handle continuity. INKY doesn't provide spooling since it processes mail after the provider receives it.

Why use INKY inline instead of API-only with Microsoft Defender?

Layered Defense: INKY works with Microsoft Defender, not instead of it. In a 30-day customer study:

  • Microsoft Defender missed 908 phishing emails

  • INKY blocked 777 as Dangers (85.5%)

  • Warned users on 126 with Caution banners (13.9%)

  • Only 5 full misses (0.6% miss rate)

That's 99.4% protection on threats Microsoft completely missed. INKY's inline architecture prevents threats from reaching inboxes, while API-only solutions create an exposure window by processing after delivery.

Onboarding & Setup

How long does deployment take?

Technical deployment: 30 minutes

  • 0-15 minutes: Create connectors, configure mail flow, grant permissions

  • 15-30 minutes: Enable journal mode for traffic observation

  • Week 1-2: Journal/Learning Mode - INKY analyzes patterns

  • Production cutover: Instant switch to inline mode

No MX record changes required. Most MSPs run journal mode for 1-2 weeks before production cutover.

Does INKY review historical email during onboarding?

No. INKY begins analyzing mail traffic going forward from deployment. The journal mode phase provides enough current data for proper protection without needing historical analysis.

How does Learning Mode work?

During the first 1-2 weeks, INKY runs in Learning Mode to establish baseline patterns and control first-time sender alerts. Yellow banners are more common during this period as the system learns tenant communication patterns.

What does provisioning look like?

Microsoft 365: Access Partner Center, generate licenses, follow step-by-step guide. Total time: 10 minutes configuration plus 30-60 minutes propagation.

Google Workspace: More manual due to API requirements, but features are at parity with M365.

Do users need to log into a separate platform?

No. Users continue working in their normal email environment. The INKY User Center is available for managing personal allow/block lists but it's optional—users can manage quarantine through Microsoft's native interface at: https://security.microsoft.com/quarantine

Email Assistant (Banner System)

What is INKY's Email Assistant?

The Email Assistant is INKY's banner system—like having a phishing security expert sitting next to users as they read email. Color-coded banners warn about threats in real-time, appearing automatically in all email clients.

What do the banner colors mean?

  • Red - Dangerous (confirmed threats, malware, high-confidence phishing)

  • Yellow - Caution (suspicious indicators, verify before acting)

  • Blue - Known External (trusted business contacts)

  • Gray - Neutral (no threat detected)

Will legitimate emails have banners?

Yes. Every email INKY processes gets a banner. Around 85-90% show gray neutral banners (external but safe).

Are there situations with no banner?

No. If users aren't seeing banners on all emails, check mail flow configuration.

What happens to banners when forwarding or replying?

Banners are automatically removed to prevent external recipients from seeing internal security warnings. Link rewriting is also undone.

Can we hide banners for known clients?

You can't hide banners, but you can use Known External Senders to change them to blue for trusted contacts. This is a tenant-wide setting—you cannot suppress banners per domain.

What does a first-time sender get?

Typically yellow caution for the first email to a specific user, unless other threat indicators override this. First-time sender tracking is per-user, not global.

Will users see red banners often?

Rarely. Red-level threats go to admin quarantine by default. Users only see red banners if admins route dangerous messages to the inbox.

What does clicking "Details" show?

Security awareness training explaining specific threat indicators and higher-level threat category information.

When is "reported spam" shown?

When other INKY users across all tenants have reported similar emails—it's global intelligence voting.

Are INKY banners customizable?
Banners can be white labeled with logos links. A subset of banners can accept customized text for enhancing the user’s experience and providing company policy instructions. Banners support 30 languages.

Threat Detection & Analysis

How does INKY analyze email?

Multiple detection layers:

  • Computer Vision: Analyzes logos, brand visuals, layout for spoofing

  • GenAI (Pro only): Detects intent—ultimatums, urgency, credential requests

  • Sender Authentication: SPF/DKIM/DMARC validation

  • Link Analysis: URL reputation, redirects, QR codes

  • Attachment Scanning: Malware detection, sandbox analysis

  • Behavioral AI: Learns communication patterns to detect anomalies

What are INKY's threat buckets?

Six levels that determine routing and banner colors:

  1. Neutral - External mail to Inbox

  2. Caution (Non Spam) - External mail to Inbox

  3. Caution (Spam) - External mail to User Quarantine

  4. Caution (High Confidence Spam) - External mail to Admin Quarantine

  5. Danger (Phish or Malware) - All mail to Admin Quarantine

  6. Danger (High Confidence) - All mail to Admin Quarantine

Does INKY protect against internal threats?

Yes. Internal Mail Protection (both bundles) analyzes email between users, catching compromised accounts, lateral phishing, and unusual sending patterns.

How does INKY handle graymail?

Graymail Protection (both bundles) identifies newsletters and marketing, routing them to a dedicated folder. Users can release, permanently allow senders, or unsubscribe directly.

Does INKY handle typosquatting?

Yes, through hard-coded lookalike domain checks in routing config and Known External Senders, plus automated detection for conversation hijacks and domain impersonation.

Does INKY learn history before it is installed?

Not currently. INKY learns at analysis time as emails arrive.

GenAI Features (Pro Only)

What does GenAI add?

GenAI understands email intent to detect sophisticated social engineering:

  • Urgency detection ("wire payment immediately")

  • Credential harvesting ("update password now")

  • Executive impersonation (tone matching)

  • 20 specific intent categories including Authentication, Payment, Ultimatum, Confusable Text, etc.

Is GenAI analyzing every email?

Yes, in Pro bundles. GenAI scans 100% of emails for intent patterns.

How are GenAI labels displayed?

Admin dashboard: Shows specific intent labels (Authentication, Payment, Urgency, etc.) User banners: Display threat categories and colors based on overall assessment

Bundles & Features

What's the difference between INKY Advanced and INKY Pro?

INKY Advanced (included with Kaseya 365 User):

  • Computer vision threat detection

  • Email Assistant banners

  • Link rewriting

  • Attachment scanning

  • Spear phishing protection

  • Advanced Block Lists

  • Quarantine management

  • BullPhish ID integration

  • Email Signatures

INKY Pro (upgrade tier) adds:

  • GenAI intent analysis

  • Outbound DLP

  • Email encryption

  • DMARC monitoring

Are email signatures included in both bundles?

Yes. Email Signatures are included in both Advanced and Pro at no additional cost.

How do I upgrade from Advanced to Pro?

Contact your Kaseya Account Manager. The upgrade takes effect immediately with no redeployment needed. Existing policies remain unchanged.

Quarantine & Delivery

Where does quarantine go?

INKY integrates with Microsoft 365's native quarantine. Users access through INKY dashboard or Microsoft's interface.

What are the recommended delivery settings?

  • Caution (Spam) → Junk Folder

  • Danger (Phish) → User Quarantine

  • Danger (High Confidence) → Admin Quarantine

If Microsoft flags as spam, can INKY override?

Yes. INKY allow lists override Microsoft's spam scoring.

Can INKY remediate phishing from all inboxes?

Yes. The remediation feature removes messages per-message or in bulk using filters across all mailboxes in a tenant or across all protected tenants.

Can INKY re-deliver deleted emails?

No. INKY doesn't store raw message content. Recovery depends on Microsoft's or Google's retention policies.

User Actions & Management

What should users do with spam that doesn't get a red banner?

Report it using "Report This Email" or Quick Action Links to mark as graymail/spam and move to appropriate folder.

If users report something, will they stop getting emails from that sender?

Yes. Reported senders are added to personal block lists, automatically filtering future emails.

What happens if legitimate email is mistakenly flagged?

It goes to deleted items (soft delete) and can be recovered.

How do users manage personal allow/block lists?

Through the INKY User Center web portal (optional login).

Can users report suspicious emails from their inbox?

Yes. Quick Action reporting links in banners let users report phishing, false positives, or request allow/block actions without leaving their email client.

Policy & Configuration

What policy levels exist?

Three levels (most specific wins):

  1. INKY global defaults

  2. MSP level (applies to all customers)

  3. Tenant level (most specific)

Does INKY have domain-level whitelisting?

Yes, at both team and MSP levels. MSP allow lists apply to all customer teams automatically.

What MSP settings apply to all tenants?

Changes at MSP level (building icon) automatically apply to all customer tenants. Tenant-level changes override MSP settings.

How do I find missing emails?

Use Observations page to search by domain, subject, time, or header fields. Includes in-app message trace through Microsoft.

How far back does message history go?

Six months.

Can I see full message headers?

Not directly in Observations, but raw .eml files are attached when users report emails.

Microsoft 365 & Google Workspace

What Microsoft licensing is required?

Just Exchange mailbox licenses. No special Defender licensing needed.

Does INKY require separate Office 365 licenses?

No. INKY works with basic Exchange Online licenses. Shared mailboxes and resource mailboxes get protection at no additional INKY cost.

Is Google Workspace setup similar to M365?

Core technologies and features are at parity, but Google setup is more manual due to API requirements.

What's INKY's recommendation on Microsoft spam filtering?

Keep it enabled. INKY works after Microsoft, benefiting from its detections while adding advanced threat analysis.

Security & Compliance

Is INKY SOC 2 compliant?

Yes. INKY maintains SOC 2 Type II certification, plus ISO 27001, GDPR compliance, and data encryption in transit and at rest.

Does INKY support multiple languages?

Yes. Computer vision works universally. GenAI intent analysis currently supports English with expansion planned.

Will INKY replace Satto SaaS Defense?

Yes. INKY is replacing Satto SaaS Defense as Kaseya's primary email security solution.

Integration & Roadmap

Does INKY integrate with Autotask?

Not yet, but it's on the roadmap.

Does INKY include security awareness training?

BullPhish ID is included with Kaseya 365 User subscriptions. INKY integrates with BullPhish:

  • Won't mark simulations as phishing.

  • Provides congratulations feedback for correct reporting.

  • Creates closed-loop training based on real threats.

DLP & Encryption (Pro Only)

How does INKY's encryption work?

Admins define policies (keywords, domains, data patterns). Matching outbound emails are automatically encrypted. Recipients receive secure links to view in protected portal—no software required.

What is outbound DLP?

Monitors outbound email for sensitive data (credit cards, SSN, custom patterns). Actions include:

  • Sender approval required

  • Manager approval routing

  • Automatic encryption

  • Any combination of the above

Licensing & Pricing

How is INKY licensed?

Per user per month based on active mailbox count. A Kaseya 365 User subscription includes INKY Advanced. INKY Pro is available as an add-on. Shared/resource mailboxes are protected but not billed.

I purchased one specific license type, but I see all license types available in my portal. Why?

INKY will show all available license types. You will only be billed for usage of additional licenses or license types if you deploy a license you have not already purchased.

Branding & Customization

What branding options are available?

User-facing portals (User Center, reporting pages, link rewriting) can show MSP or customer logo. Welcome emails aren't used. Encryption notifications have limited branding.