The Auto Remediation feature is part of "Email Threat Detection and Response" under the Email Security.Cloud services. This feature remediates any email that is already delivered which is later determined to have contain Malware from the end users' inboxes.
The below steps explain how it actually works:
The Auto Remediation Settings tab is located in the ClientNet portal under: Dashboard > Services > Email Services > Email Threat Detection and Response
You must first set up your Microsoft Office 365 service to work correctly with Auto Remediation. Click the Manage Tenants option to set up permissions to allow Auto Remediation access to your users' inboxes.
The following permissions are required on Office 365. These are automatically granted once you sign in and link to your Office 365 tenant account.
You must specify the action that is applied to any messages that Auto Remediation identifies as containing malware.
Alerts settings are configured under Dashboard > Services > Email Services > Anti-Malware > Alert Settings.
When does auto-remediate attempts to remediate a message?
The Cynic scan is configured with a max hold time, going to 0 (immediate delivery) to 20 min, in increments of 5 minutes. The Auto-Remediation will activate when an email has been delivered after going beyond the hold time stated and having been classified as malicious then. This can happen from seconds after the delivery, to minutes, as this is entirely dependent on the nature of the content of the email.