introduction
Microsoft Exchange Online Protection (EOP) is an email cloud service that provides end users with protection against SPAM and Malware
that is Good
BUT ,,,,
What is SPAM and Malware ?
SPAM
Email spam, also known as junk email, is unsolicited (Annoying ) bulk messages sent through email
to send SPAM you often will get email addresses by SPAMbot which is a program designed to collect, e-mail addresses from the Internet in order to build mailing lists to send SPAM
Malware
Malware, or malicious software, is any program or file that is harmful to a computer user.
Types of malware can include
- computer viruses,
- worms,
- Trojan horses
- spyware.
- and recently Ransomware
These malicious programs can perform a variety of functions such as
- stealing Data for criminal purpose
- encrypting your data like ransomware
- deleting sensitive data,
- altering or hijacking core computing functions
- monitoring users’ computer activity.
EOP Plans
EOP, is available to [Exchange Server on-premises ] and [ Office 365 ] and has three service plans:
- EOP standalone – This service is designed for on-premises Exchange mailboxes.
- EOP in Office 365 – This service is designed for Exchange Online mailboxes in the cloud.
- Exchange Enterprise CAL with Services – This service like EOP standalone, >> but also includes data loss prevention, as well as PowerShell remoting administration capabilities.
please note :
regarding DLP and powershell remote administration : as Networks Pioneers we will fully cover these topic in separate article , please join us
How EOP protect your Email ?
- Let us to supposed that an email has been sent to Ahmad@NetworksPioneers.com which mailbox is hosted in Microsoft 365 tenants [Pioneers101.OnMicrosoft.com ]
- The first line of defense is connection filtering, >> which checks the sender’s reputation. The majority of spam is stopped at this point and rejected by EOP.
- Second line of defense that message is inspected for signs of malware. If malware is found in the message or the attachment(s) the message is routed to an admin only quarantine store.
- The third stop is policy filtering (also known as Exchange Mail Flow ) , where they are evaluated against custom mail flow rules (also known as transport rules) that you create or enforce from a template. For example, you can have a rule that sends a notification to a manager when mail arrives from a specific sender or email have specific words
- Last check action is content filtering (also known as Anti-spam). if email determined to be spam or phishcan >> will be sent to quarantine, or a user’s Junk Email folder, among other options.
- If incoming Email passes all of these protection layers successfully >> then it will be delivered to the recipient 🙂
Where to configure EOP
we can manage EOP by :
- EAC Exchange Admin center : https://outlook.office.com/ecp
- SCC Security & Compliance enter https://Protection.office.com
Please note
- some feature is NOT included in EAC while ALL features are included in SCC
- SCC has more options for SPAM filtering comparing with EAC
- SCC will be the ONLY platform to Manage ALL security aspects in MS365 >> which require more attention and more practice [ our opinion as Networks Pioneers ]
who can Configure EOP settigns
To EOP >> you must be assigned an on of the following role :
- Global administrator
- Security Administrator
- Exchange Online Organization Management
Conclusion
Microsoft Exchange Online Protection (EOP) is an email cloud service that provides end users with protection against SPAM and Malware
Exchange Online Protection tools applied in order:
- Connection filter based on IP address
- Ant-malware
- Mail flow which is like Hub-Transport HT in local exchange
- Spam filter
next articles we will explain each one of these tools : please join us