Microsoft Exchange Online Protection – The Ultimate Guide

Your email holds the key to the kingdom. Literally. Stolen credentials are the leading cause of data breaches. And the chief vector to steal the credentials? Phishing. Phishing is the most common form of cybercrime with an estimated 3.4 billion spam emails are sent daily. Securing your organization’s Microsoft Exchange is probably the most crucial part of your cybersecurity plan. Microsoft recognizes the significance of Exchange protection and to mitigate the risks it has introduced the Microsoft Exchange Online Protection (EOP). It is a cloud-based email filtering and management service that helps organizations protect their sensitive and confidential information. EOP is included in all Microsoft 365 organizations with Exchange Online mailboxes. What exactly is Microsoft Exchange Online Protection and how can you optimize its features for maximum benefit?

What is Microsoft Exchange Online Protection? (EOP)

Microsoft Exchange Online Protection is an email filtering and management service designed to secure emails from spam, malware, and phishing threats. It provides advanced scanning and filtering of incoming and outgoing emails, reducing the possibility of data leakage and securing a company’s confidential information. EOP also has features for email protection such as email encryption, anti-malware protection, and anti-phishing protection.

How Does Microsoft Exchange Online Protection Work?

EOP acts as a gatekeeper between the internet and your user’s mailbox.

Exchange Online Protection: An Overview

It has four key gatekeepers:

  1. Connection filtering: This checks the sender’s reputation. Spam is largely filtered out here and sent to the Spam/Junk folder.
  2. Anti-malware protection: Next comes EOP’s anti-malware guard that filters out emails based on your configured anti-spam policy.
  3. Policy Filtering: Emails are then filtered out based on any specific organizational policy you have set up. For example, notifications on receipt of certain emails.
  4. Content Filtering: Finally, the content of the email is examined against your anti-spam policy, spoof settings, and anti-phishing policy.

How to Set up Microsoft Exchange Online Protection?

#1 Set up connection filtering

This is used to identify good or bad source email servers by IP addresses. You need to define 2 lists in the Microsoft 365 Defender portal on the Anti-spam policies page:

  1. IP Allow List: All spam filtering will be skipped for these IP addresses. However, they will still be scanned for malware and high-confidence phishing.
  2. IP Block List: All messages from these IPs will be blocked completely.
  3. Safe list: This requires no customer configuration. It is identified by Microsoft as trusted email sources from subscriptions to various third-party lists.

Read here for further details to set up your connection filtering policy.

#2 Configure anti-phishing policies in Microsoft EOP

Here are some pointers to set up anti-phishing policies in EOP:

  • Use the Microsoft 365 Defender portal to create anti-phishing policies and apply them to users, groups, or domains.
  • Enable spoof intelligence: The anti-spoofing technology in EOP specifically examines fraudulent From headers in the message body.
  • On the anti-phishing page, modify, enable/disable, and prioritize existing anti-phishing policies.
  • You can also use PowerShell to configure anti-phishing policies in EOP.

#3 Configure policies for Data Loss Prevention (DLP)

The next step would be customizing or imporingt Data Loss Prevention (DLP) policies in the Microsoft Purview compliance portal. This is largely to protect business critical emails that include sensitive data. You can either use pre-built templates by Microsoft, import a policy file, or create one from scratch. EOP also supports “Policy Tips notification messages” to inform users about sensitive content expectations in emails.

#4 Set up Content Filtering

Finally, set up content filtering with both anti-spam and anti-spoofing policies where malicious messages are identified as spam, high confidence spam, phishing, high confidence phishing, or bulk (anti-spam policies) or spoofing (spoof settings in anti-phishing policies). Create Quarantine policies that will move suspicious emails to a quarantine folder.

Features and Benefits of Microsoft EOP

Microsoft Exchange Online Protection filters out unwanted emails, spam, and viruses, ensuring that legitimate emails reach their intended recipient. EOP also offers advanced threat protection that protects against complex attacks like phishing and zero-day exploits. It helps in email encryption, ensuring that emails are secure and cannot be intercepted by unauthorized users.

Advantages of Microsoft Exchange Online Protection (EOP)

Feature Advantage
Spam Filtering It filters out spam and unwanted emails, lowering the risk of downloading malicious software. This includes both inbound and outbound spam.
Safe Link Protection Safe link protection scans URLs in emails and warns the user about any suspicious links that may lead to a malicious website.
Anti-malware protection It detects malware and prevents it from entering the system
Anti-phishing protection It scans the emails for phishing attempts and blocks them before it reaches the recipient.
Anti-spoofing protection Spoof intelligence identifies spoofed senders who are legitimately sending you unauthenticated email
Mail flow policies Preset security policies allow you to comply with your organization’s legal and regulatory requirements
Quarantine and Submission Manage quarantined messages and files as an admin. Report messages and files to Microsoft
Monitoring Trace the flow of messages through your organization to efficiently answer user questions about what happened to messages, troubleshoot mail flow issues, and validate policy changes.
Reporting Get mail flow insights and auditing reports in the EOP
SLA Commitments EOP offers a Spam effectiveness SLA of greater than 99%, and a virus detection and blocking SLA covering 100% of known viruses.

Level up Your Microsoft Exchange Online Protection with CloudAlly

As email is an essential part of any organization, Microsoft Exchange Online Protection provides an efficient way to secure emails from various cyber threats. It offers several features, including safe link protection, anti-malware, anti-phishing, and spam filtering, to provide maximum security for emails. EOP is easy to set up and configure, making it an ideal choice for any organization looking for a secure email management system. Implementing EOP is a step towards securing confidential data and creating a safe environment for the company and its stakeholders. However, EOP cannot protect you from Exchange data loss due to accidental/malicious deletion, sync errors, or the inadvertent malware/ransomware attack.

“If you want to support recovering messages beyond 30 days, you would need to use a 3rd party service for the backup… Point in time restoration of mailbox items is out of scope for the Exchange Online service.”

Microsoft SLA

CloudAlly Microsoft Exchange Backup secures up all your enterprise’s Microsoft Exchange Online data- Mail Calendar Contacts and Tasks with one easy-to-use backup solution trusted by 20,000+ customers. Your Exchange data is encrypted and backed up on AWS storage with unlimited retention with the option of granular and full account recovery. Try it for yourself – Start a free trial or book a demo – no commitment and no payment details required.