Exchange Online Protection : Connection filtering

Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email
Table of Contents

introduction

Connection Filtering enables you to black list or white list email messages originating from individual IP addresses or entire ranges 

as we mentioned in previous article : EOP tools  to check incoming email in order  : 

  • connection filtering 
  • anti-malware 
  • MAil Flow Rules 
  • Content Filtering ( which known as ANti-SPAM ) 

 

SO … Connection Filtering id the first tool to check incoming email before sent to recipient 

 

this articloe we will how to configure connection filtering from both:

  • [Exchange Admin Center EAC ]
  • and [Security And Compliance Center SCC ] 

 

Connection Filtering Concepts

you can configure the default connection filter policy to identify good or bad source email servers by their IP addresses. or even create new policy 

The key components of the connection filter policy are:

IP Allow List

  •  Skip spam filtering for all incoming messages from the source email servers that you specify by IP address or IP address range. 

IP Block List

  •  Block all incoming messages from the source email servers that you specify by IP address or IP address range. The incoming messages are rejected, are not marked as spam, and no additional filtering occurs. 

  • Meaning that the first defense line [Connection Filtering ] has reject incoming email and there is NO need to make another inspection 

Safe list

  •  The safe list is a dynamic allow list in the Microsoft datacenter that requires no customer configuration.

  • Microsoft identifies these trusted email sources from subscriptions to various third-party lists.

  • You enable or disable the use of the safe list; >> you can’t configure the source email servers on the safe list.

  • Spam filtering is skipped on incoming messages from the email servers on the safe list.

  • in simple words : We can’t find any information about who these “Trusted Senders” are or who creates this list so we can’t really comment on what it does.>> just accept it 🙂 

Configure Connection Filtering

we have company requirement to 

  • enable all incoming email from email server with public IP  2.2.2.2
  • Block all incoming email from email server with public IP 3.3.3.3
  • enable microsoft safe list 

let us to configure Connection Filtering default policy : 

  • To access connection filtering from EAC :  https://portal.office.com >>  admin center >>  exchange  >>  protection >> content filtering
  • also we can Use the Security & Compliance Center To access connection filtering from SCC :   https://protection.office.com/   >> In the Security & Compliance  Center and go to Threat managementPolicy > Anti-Spam.
  • On the Anti-spam settings page, expand Connection filter policy by clicking  , and then click Edit policy.
  • Please note connection filtering is always ON
  • In the Default flyout that appears, configure any of the following settings:
  • Description: Enter optional descriptive text.
  • IP Allow List: Click Edit. In the IP Allow Listflyout that appears, enter an IPV4 address in the Address or address range box using the following syntax:
  • Single IP: For example, 2.2.2.2
  • IP range: For example, 2.2.2.2 -2.2.2.254 .
  • CIDR IP 2.2.2.2 /24
  • IP Block List: Click Edit. In the IP block List flyout that appears, enter an IPV4 address in the Address or address range box using the following syntax:
  • Single IP: For example, 3.3.3.3
  • IP range: For example, 3.3.3.3 -3.3.3.254 .
  • CIDR IP 3.3.3.3 /24
For Better View > Open Image in different TAB
For Better View > Open Image in different TAB
For Better View > Open Image in different TAB

Conclusion

Connection Filtering is the first EOP [Exchange Online Protection ] Tools to check incoming email before sent to recipient mailbox 

Connection Filtering could be configured by : 

  • Exchange Admin center EAC 
  • Security and Compliance Center SCC 

 

Share this post
Share on facebook
Share on google
Share on twitter
Share on linkedin
Share on pinterest
Share on print
Share on email

About Me

Our Power in Numbers

 17 

Courses

321

Articles

3,882

Images
and All configurations images are proudly made in Pioneers Lab

Articles By Course

Recent Articles

Subscribe

Contact us

have a challenge ? don’t hesitate to contact us