Best Practices for Getting the Most out of Exchange Online Protection

The following are considered ‘Best Practices’ for the Exchange Online Protection (EOP) email filtering service that is provided for the Exchange Online service within Office 365. There is no offer of warranty or guarantee for the results that may result from you using these methods, however, they are straight forward and easy to understand, so you should be able to
adopt them to match your own.

Transport Rules:

Remember to create a path of escalation for emails when it comes to dealing with spam and malicious content. Regular emails that are considered “safe”, but an annoyance to the user due to their spam nature, should be routed to the user’s junk folder for further determination. Emails considered “harmful” should be routed to Quarantine or another recipient mailbox. Letting the end user decide what to do with a .ZIP file may be too risky, especially if some of your recipients have access to sensitive data. Sending to hosted quarantine gives the administrator the first chance to review the email, and if appropriate, release it to the user.

Connection Filter:

These should be used sparingly, especially in the world of shared/hosted services who may be sharing one IP address. A good rule of thumb is if you whitelist an IP address via the connection filter, you should create a transport rule to cover it. e.g.

  • Condition: if email was received from IP address 1.1.1.1,
  • Action: redirect the message to quarantine,
  • Exception: except if the sender’s domain contains “Fabrikam.com.”

Content Filter:

A good practice is to use the SPF failure. A domain that fails SPF is certainly not in the right configuration state at best and should review their emailing practices. At the minimum, you should route these to Junk where they can be reviewed by the end user. If it fails SPF and it contains malicious content or attachments, it should be considered to be sent to the hosted quarantine.

These tips will help you get the most out of the Exchange Online Protection email filtering service that is provided for the Exchange Online service within Office 365. For a full report on transport rules, connection filters, content filters, malware filters, and hosted quarantine, download our Exchange Online Protection eBook.

Was this article helpful?
YesNo