Written By Marissa Fegan
Updated at May 19th, 2026
Sending an email to the wrong person or attaching a sensitive file by mistake can happen in an instant. VIPRE SafeSend Cloud helps eliminate these common but risky errors, by intelligently prompting users to verify external recipients and attachments, adding a simple but powerful layer of security to your email workflow.
This guided setup applies only to SafeSend Cloud. If you are using any version of SafeSend Self-Hosted, please navigate to the SafeSend Self-Hosted guide instead.
Ready to get started? You're in the right place. This guide will lead you through the deployment process from start to finish. If you'd like to learn more about its features first, we invite you to check out our product overview and comparison chart.
Prerequisites
Before you install SafeSend Cloud add-in for Outlook, please verify that you have all of the required prerequisites listed here.
- Verify that your organization meets the System Requirements
- Ensure you have access to your organization's Microsoft tenant with Global Admin or Privileged Role Admin login credentials
Access SafeSend Cloud
SafeSend Cloud is hosted within the VIPRE Symphony portal. If you currently access other VIPRE products via the portal URLs listed below, your account is already configured, and you may skip steps 2 through 4.
- Navigate to the appropriate access URL for your region
- North America: https://security-na.threatsecure.com
- Europe: https://security-eu.threatsecure.com
- Click Forgot password?
- Enter the email address you used to subscribe to SafeSend Cloud and follow the prompts to set your password
- Upon your first login to the VIPRE Symphony portal, you will be prompted to configure Two-Factor Authentication (2FA); you can complete this setup using either SMS or an Authenticator app
Connect your Microsoft Tenant
- When you successfully log in to the SafeSend Cloud web console for the first time, you will see the "Start your account configuration" screen; click the Connect button to begin the integration process
- You will be redirected to the Microsoft "Pick an account" page; select the Global Administrator or Privileged Role Administrator account for the tenant you wish to protect
- Once signed in to your Microsoft tenant, you will see a list of APIs for which SafeSend is requesting permissions; review the requested list and select Accept
SafeSend Cloud requires a mix of Delegated and Application permissions to manage user identity and interact with email metadata for Data Loss Protection (DLP) scanning. You can preview a detailed list of requested permissions below:
API / Permission Name |
Type |
Description |
|---|---|---|
Calendars.ReadWrite.Shared |
Delegated |
Read and write user and shared calendars |
Delegated |
View users' email address |
|
Files.ReadWrite |
Delegated |
Have full access to user files |
Group.Read.All |
Delegated |
Read all groups |
Group.Read.All |
Application |
Read all groups |
Mail.ReadWrite.Shared |
Delegated |
Read and write user and shared mail |
offline_access |
Delegated |
Maintain access to data you have given it access to |
openid |
Delegated |
Sign users in |
profile |
Delegated |
View users' basic profile |
User.Read |
Delegated |
Sign in and read user profile |
User.Read.All |
Application |
Read all users' full profiles |
User.ReadBasic.All |
Delegated |
Read all users' basic profiles |
Next Step: Selecting a Manifest