Scribd
Upload
136 views7 pages

Exchange Online Protection Overview

The document provides an overview of Exchange Online Protection (EOP), which is Microsoft's cloud-based email filtering service that protects organizations from spam, malware, and other threats. It describes how EOP processes and filters incoming email through multiple layers including connection filtering, anti-malware scanning, policy enforcement, and content filtering. The document also provides details on EOP data centers, features, and configuration options for spam and malware protection, quarantines, and mail flow rules.

Uploaded by

Rodrigo Martinez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
136 views7 pages

Exchange Online Protection Overview

The document provides an overview of Exchange Online Protection (EOP), which is Microsoft's cloud-based email filtering service that protects organizations from spam, malware, and other threats. It describes how EOP processes and filters incoming email through multiple layers including connection filtering, anti-malware scanning, policy enforcement, and content filtering. The document also provides details on EOP data centers, features, and configuration options for spam and malware protection, quarantines, and mail flow rules.

Uploaded by

Rodrigo Martinez
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

Exchange Online Protection overview

• 09/18/2020
• 7 minutes to read

o
o +5

Important

The improved Microsoft 365 Defender portal is now available. This new experience
brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more
into the Microsoft 365 security center. Learn what's new.

Applies to

• Exchange Online Protection


• Microsoft Defender for Office 365 plan 1 and plan 2
• Microsoft 365 Defender

Exchange Online Protection (EOP) is the cloud-based filtering service that protects your
organization against spam, malware, and other email threats. EOP is included in all
Microsoft 365 organizations with Exchange Online mailboxes.

Note

EOP is also available by itself to protect on-premises mailboxes and in hybrid


environments to protect on-premises Exchange mailboxes. For more information,
see Standalone Exchange Online Protection.

The steps to set up EOP security features and a comparison to the added security that you
get in Microsoft Defender for Office 365, see protect against threats. The recommended
settings for EOP features are available in Recommended settings for EOP and Microsoft
Defender for Office 365 security.

The rest of this article explains how EOP works and the features that are available in EOP.

How EOP works


To understand how EOP works, it helps to see how it processes incoming email:
1. When an incoming message enters EOP, it initially passes through connection
filtering, which checks the sender's reputation. The majority of spam is
stopped at this point and rejected by EOP. For more information,
see Configure connection filtering.
2. Then the message is inspected for malware. If malware is found in the
message or the attachment(s) the message is delivered to quarantine. By
default, only admins can view and interact with malware quarantined
messages. But, admins can create and use quarantine policies to specify what
users are allowed to do to quarantined messages. To learn more about
malware protection, see Anti-malware protection in EOP.
3. The message continues through policy filtering, where it's evaluated against
any mail flow rules (also known as transport rules) that you've created. For
example, a rule can send a notification to a manager when a message arrives
from a specific sender.

In on-premises organization with Exchange Enterprise CAL with Services


licenses, Data loss prevention (DLP) checks in EOP also happen at this point.

4. The message passes through content filtering (anti-spam and anti-spoofing)


where harmful messages are identified as spam, high confidence spam,
phishing, high confidence phishing, or bulk (anti-spam policies) or spoofing
(spoof settings in anti-phishing policies). You can configure the action to take
on the message based on the filtering verdict (quarantine, move to the Junk
Email folder, etc.), and what users can do to the quarantined messages
using quarantine policies. For more information, see Configure anti-spam
policies and Configure anti-phishing policies in EOP.
A message that successfully passes all of these protection layers is delivered to the
recipients.

For more information, see Order and precedence of email protection.

EOP datacenters

EOP runs on a worldwide network of datacenters that are designed to provide the best
availability. For example, if a datacenter becomes unavailable, email messages are
automatically routed to another datacenter without any interruption in service. Servers in
each datacenter accept messages on your behalf, providing a layer of separation between
your organization and the internet, thereby reducing load on your servers. Through this
highly available network, Microsoft can ensure that email reaches your organization in a
timely manner.

EOP performs load balancing between datacenters but only within a region. If you're
provisioned in one region all your messages will be processed using the mail routing for
that region. The following list shows the how regional mail routing works for the EOP
datacenters:

• In Europe, the Middle East, and Africa (EMEA), all Exchange Online
mailboxes are located in EMEA datacenters, and all messages are routed
through EMEA datacenters for EOP filtering.
• In Asia-Pacific (APAC), all Exchange Online mailboxes are located in APAC
datacenters, and messages are currently routed through APAC datacenters for
EOP filtering.
• In the Americas, services are distributed in the following locations:
o South America: Exchange Online mailboxes are located in
datacenters in Brazil and Chile. All messages are routed through
local datacenters for EOP filtering. Quarantined messages are
stored in the datacenter where the tenant is located.
o Canada: Exchange Online mailboxes are located in datacenters in
Canada. All messages are routed through local datacenters for EOP
filtering. Quarantined messages are stored in the datacenter where
the tenant is located.
o United States: Exchange Online mailboxes are located in U.S.
datacenters. All messages are routed through local datacenters for
EOP filtering. Quarantined messages are stored in the datacenter
where the tenant is located.
• For the Government Community Cloud (GCC), all Exchange Online
mailboxes are located in U.S. datacenters and all messages are routed through
U.S. datacenters for EOP filtering.

EOP features

This section provides a high-level overview of the main features that are available in EOP.
For information about requirements, important limits, and feature availability across all
EOP subscription plans, see the Exchange Online Protection service description.

Notes:

• EOP uses several URL block lists that help detect known malicious links
within messages.
• EOP uses a vast list of domains that are known to send spam.
• EOP uses multiple anti-malware engines help to automatically protect our
customers at all times.
• EOP inspects the active payload in the message body and all message
attachments for malware.
• For recommended values for protection policies, see Recommended settings
for EOP and Microsoft Defender for Office 365 security.
• For quick instructions to configure protection policies, see Protect against
threats.

TABLE 1
Feature Comments
Protection
Anti-malware Anti-malware protection in EOP

Anti-malware protection FAQ

Configure anti-malware policies in EOP


Inbound anti-spam Anti-spam protection in EOP

Anti-spam protection FAQ

Configure anti-spam policies in EOP


Outbound anti-spam Outbound spam protection in EOP

Configure outbound spam filtering in EOP

Control automatic external email forwarding in Microsoft 365


Connection filtering Configure connection filtering
Anti-phishing Anti-phishing policies in Microsoft 365

Configure anti-phishing policies in EOP


Anti-spoofing protection Spoof intelligence insight in EOP

Manage the Tenant Allow/Block List


TABLE 1
Feature Comments
Zero-hour auto purge (ZAP) ZAP in Exchange Online
for delivered malware, spam,
and phishing messages
Preset security policies Preset security policies in EOP and Microsoft Defender for Office 365

Configuration analyzer for protection policies in EOP and Microsoft Defender


for Office 365
Tenant Allow/Block List Manage the Tenant Allow/Block List
Block lists for message Create blocked sender lists in EOP
senders
Allow lists for message Create safe sender lists in EOP
senders
Directory Based Edge Use Directory Based Edge Blocking to reject messages sent to invalid recipients
Blocking (DBEB)
Quarantine and
submissions
Admin submission Use Admin submission to submit suspected spam, phish, URLs, and files to
Microsoft
User submissions (custom User submissions policy
mailbox)
Quarantine - admins Manage quarantined messages and files as an admin in EOP

Quarantined messages FAQ

Report messages and files to Microsoft

Anti-spam message headers in Microsoft 365

You can analyze the message headers of quarantined messages using


the Message Header Analyzer at.
Quarantine - end-users Find and release quarantined messages as a user in EOP

Use quarantine notifications to release and report quarantined messages

Quarantine policies
Mail flow
Mail flow rules Mail flow rules (transport rules) in Exchange Online

Mail flow rule conditions and exceptions (predicates) in Exchange Online


TABLE 1
Feature Comments
Mail flow rule actions in Exchange Online

Manage mail flow rules in Exchange Online

Mail flow rule procedures in Exchange Online


Accepted domains Manage accepted domains in Exchange Online
Connectors Configure mail flow using connectors in Exchange Online
Enhanced Filtering for Enhanced filtering for connectors in Exchange Online
Connectors
Monitoring
Message trace Message trace

Message trace in the Exchange admin center


Email & collaboration View email security reports
reports
Mail flow reports View mail flow reports

Mail flow reports in the Exchange admin center


Mail flow insights Mail flow insights

Mail flow insights in the Exchange admin center


Auditing reports Auditing reports in the Exchange admin center
Alert policies Alert policies
Service Level Agreements
(SLAs) and support
Spam effectiveness SLA > 99%
False positive ratio SLA < 1:250,000
Virus detection and blocking 100% of known viruses
SLA
Monthly uptime SLA 99.999%
Phone and web technical Help and support for EOP.
support 24 hours a day,
seven days a week
Other features
A geo-redundant global EOP runs on a worldwide network of datacenters that are designed to help
network of servers provide the best availability. For more information, see the EOP
datacenters section earlier in this article.
TABLE 1
Feature Comments
Message queuing when the Messages in deferral remain in our queues for one day. Message retry attempts
on-premises server cannot are based on the error we get back from the recipient's mail system. On average,
accept mail messages are retried every 5 minutes. For more information, see EOP queued,
deferred, and bounced messages FAQ.
Office 365 Message For more information, see Encryption in Office 365.
Encryption available as an
add-on

Recommended content

Anti-spam protection - Office 365

Admins can learn about the anti-spam settings and filters that will help
prevent spam in Exchange Online Protection (EOP).


Quarantined email messages - Office 365

Admins can learn about quarantine in Exchange Online Protection (EOP) that
holds potentially dangerous or unwanted messages.


Anti-spoofing protection - Office 365

Admins can learn about the anti-spoofing features that are available in
Exchange Online Protection (EOP), which can help mitigate against phishing
attacks from spoofed senders and domains.

You might also like