Exchange Online Protection provides enterprise-class reliability and protect against spam and malware, while maintaining access to email during and after emergencies. It provides a layer of protection features that are deployed across a global network of data centers, helping you to simplify the administration of your messaging environments.

Reiterating our SLAs.

  1. Five financially backed SLAs attest to a high quality of service, including protection from 100% of known viruses and 99% of spam.
  2. Globally load-balanced network of data centers helps to ensure a 99.999% network uptime.

 

However, it is important to understand that while EOP will eliminate unwanted emails – but for a few organizations, with specific requirements, IT administrators can customize EOP policies. And, EOP also learns from end-user reporting and gradually streamlines itself.

 

Plan of Action.

 

  1. Tweak
    1. Set anti-spam options
      1. Mange your connection filters by adding IP addresses to IP Allow and IP Block lists. Learn more at Configure the Connection Filter Policy and Safe Sender and Blocked Sender Lists FAQ.
      2. Phishing: It's recommended that organizations who are concerned about phishing turn on the SPF record: hard fail and Conditional Sender ID filtering: hard fail options. Learn more at Configure Content Filter Policies and Advanced Spam Filtering Options.
      3. Spoofing: When you set up EOP, you added an SPF (sender policy framework) record for EOP to your DNS records. The SPF record helps prevent spoofing. For more information about how an SPF record prevents spoofing and how you can add your on-premises IP addresses to the SPF record, see Customize an SPF Record to Validate Outbound Email Sent from Your Domain
      4. If you are using the default content filter action, Move message to Junk Email folder, in order to ensure that this action will work with on-premises mailboxes, you must configure two Exchange Transport rules on your on-premises servers to detect spam headers added by EOP. For details, see Ensure that Spam is Routed to Each User's Junk Email Folder.

         

    2. Set Anti-Malware options
      1. Review and fine tune your malware filter settings in the EAC. Learn more at Configure Anti-Malware Policies.

         

    3. Create Transport Rules
      1. Create transport rules (custom filters) to meet business needs.
      2. When you deploy a new rule to production, select one of the test modes first to see the effect of the rules.  Once you are satisfied that the rule is working in the manner intended, change the rule mode to Enforce.
      3. When you deploy new rules, consider adding the additional action of Generate Incident Report to monitor the rule in action.
      4. If you are in a hybrid deployment configuration, with part of your organization on-premises and part in Office 365, you may want to create rules that apply to the entire organization in a seamless manner. You can only do this if you use predicates and actions that are available both on-premises and in Office 365.  While most predicates and actions are available in both deployments, there is a small set that are specific to a particular deployment scenario. Learn more at Transport Rules.

         

         

         

  2. Report Microsoft – How?
    1. For Spam
          1. Install and Uninstall the Junk Email Reporting Add-in for Microsoft Office Outlook
          2. Report Junk Email Messages to Microsoft
          3. Troubleshooting and Support Information
        1.  

          Summary

          False Negative?

 

False Positive?

 

  1. For Malware
    1. False Negative? (submit a sample)

      If you have received malware such as a virus that made it past the filter, please save a copy of the email message with its attached virus, go to the Malware Protection Center and submit a sample using the detailed instructions on that page. When submitting the file, in the Product drop-down list select Other, select the I believe this file contains malware option, and in the Comments field specify Exchange Online Protection. After we receive the sample, we'll investigate and if it's determined that the sample contains malware, we'll take corrective action to prevent the virus from going undetected.

       

    2. False Positive? (submit a sample)

      Similar to submitting malware, go to the Malware Protection Center and submit a sample using the detailed instructions on that page. When submitting the file, in the Product drop-down list select Other, select the I believe this file should not be detected as malware option, and in the Comments field specify Exchange Online Protection. After we receive the sample, we'll investigate and if it's determined that the sample is clean, we'll take corrective action to prevent the file from being detected as malware.

 

  1. Troubleshoot
    1. Troubleshoot general issues and trends by using the reports in the Office 365 admin center or the Excel reporting workbook. Find single point specific data about a message by using the message trace tool. Learn more about reporting at Reporting and Message Trace in Exchange Online Protection. Learn more about the message trace tool at Trace an Email Message and Message Trace FAQ.
    2. Help and Support for EOP

 

 

 

Anti-Spam and Anti-Malware Dig In

Anti-Spam and Anti-Malware Protection

Anti-Spam Protection

Anti-Spam Protection FAQ

Safe Sender and Blocked Sender Lists FAQ

Manage Safe Sender Lists for Bulk Mailers

Configure the Anti-Spam Policies

Configure the Connection Filter Policy

Configure Content Filter Policies

Advanced Spam Filtering Options

Configure End-User Spam Notifications in Exchange Online

Configure the Outbound Spam Policy

Sample Notification When a Sender is Blocked Sending Outbound Spam

Request That a User, Domain, or IP Address Be Removed from a Block List After Sending Outbound Spam

High Risk Delivery Pool for Outbound Messages

Spam Confidence Levels

Submitting Spam and Non-Spam Messages to Microsoft for Analysis

Junk Email Reporting Add-in for Microsoft Office Outlook

Install and Uninstall the Junk Email Reporting Add-in for Microsoft Office Outlook

Report Junk Email Messages to Microsoft

Troubleshooting and Support Information

Use Transport Rules to Block Spam Reporting to Microsoft

Anti-Spam Message Headers

Quarantine

Quarantine FAQ

Manage Quarantined Messages

Release a Quarantined Message and Optionally Report it as a False Positive (Administrators)

Release a Quarantined Message and Optionally Report it as a False Positive (End Users)

Anti-Malware Protection

Anti-Malware Protection FAQ

Configure Anti-Malware Policies

 

 

 

Further Research

Usual Topics

Exchange Online Protection      

Exchange Online Protection Overview

EOP General FAQ

EOP Queued, Deferred, and Bounced Messages FAQ

Set Up Your EOP Service

Set Up Mail Flow Through Exchange Online Protection

Forefront Online Protection for Exchange (FOPE) Transition Center

Before Your Transition

During Your Transition

After Your Transition

Understand how Licensing Works After Your Transition

FOPE to EOP Transition FAQ

Switch to EOP from Google Postini, the Barracuda Spam and Virus Firewall, or Cisco IronPort

Use Inbound and Outbound Connectors to Configure Custom Mail Flow

Test Mail Flow with the Remote Connectivity Analyzer

Inbound and Outbound Connector FAQ

Scenario: Outbound Smart Hosting

Scenario: Regulated Partner with Forced TLS

Scenario: Conditional Mail Routing

Best Practices for Configuring EOP

Exchange Online Protection IP Addresses

Recipient, Domain, and Company Management in EOP

Recipients in EOP

Manage Admin Role Group Permissions in EOP

View or Edit Managed Domains in EOP

Use Directory Based Edge Blocking to Reject Messages Sent to Invalid Recipients

Messaging Policy and Compliance in EOP

Anti-Spam and Anti-Malware Protection

Reporting and Message Trace in Exchange Online Protection

Exchange Admin Center in Exchange Online Protection

PowerShell in Exchange Online Protection

Help and Support for EOP