Back
Exchange

7 new Exchange Online Protection enhancements

Share on Facebook Share on Twitter Share on Linkedin Share via OneNote Share via Email Print

Todays’ post was written by Shobhit Sahay, technical product manager for the Office 365 team.

The Office 365 Exchange Online Protection (EOP) team has been hard at work on new features that reflect our continued commitment to provide advanced security, reliability and protection of your email, and a simpler and more efficient user experience for email admins. Today, we’re pleased to announce seven new EOP features, including:

  1. Scheduled EOP reports
  2. Domain-based email traffic support
  3. Simplified block and allow
  4. Quarantined message preview
  5. Bulk release
  6. Improving backscatter detection with Boomerang
  7. Non-delivery report (NDR) backscatter storm prevention

Scheduled EOP reports and domain-based email traffic support

Two new EOP reporting features have been included in this update. First, customers can now schedule EOP reports to be delivered via email on a weekly or monthly basis. For tenant admins, this means you can schedule EOP reports to arrive in your inbox on a day that you specify and choose from four types of EOP reports:

  • Mail traffic summary (aka sent-and-received mail)
  • Spam detections summary
  • Rule matches
  • Data Loss Prevention policy matches

7 new Exchange Online Protection enhancements 1

The new scheduled report feature is easy to set up on the Office 365 portal for EOP or Exchange Online customers.

To get started, go to the Office 365 portal and click Reports, then select the type of report you want to schedule. From the report page, click Schedule this report. It’s that easy! You’ll find more information about scheduling EOP reports and the customization features that help you obtain the specific data you need here.

7 new Exchange Online Protection enhancements 2

Scheduled EOP reports are delivered to your inbox on the day of the week or month you specify.

The second new reporting feature enables admins to assess email traffic at the domain level through PowerShell. For large customers with many domains, this feature makes it easy to view domain-level aggregation of mail traffic. To obtain mail traffic breakdown by domain, use the ‘Domain’ parameter with  Get-MailTrafficReport and Get-MailTrafficPolicyReport in PowerShell. More information about domain-based email traffic support is available here.

Simplified block and allow

We simplified the process for EOP or Exchange Online admins to block or allow emails from an individual sender or an entire domain. The new simplified block-and-allow lists replace the need to write a complex transport rule to bypass spam filtering or modify the Spam Confidence Level for a sender or domain.

Located in the Spam Filter section of the Office 365 Exchange Admin Center, you’ll access this feature by clicking the Protection link, making it easy and intuitive to find. There, you can create, edit and maintain block-and-allow lists for senders and domains.

spamallowlist

Simplified block and allow is currently in preview with first-release customers and will be deployed worldwide by the end of the month.

Quarantined message preview and bulk release

As part of our efforts to revamp our quarantine feature area to further protect against email containing malware or viruses, we released our new quarantined message preview earlier this month. You gave us the feedback that you need more information to determine if a quarantined message is malicious or legitimate. The new quarantined message preview allows you to see the body of a message without triggering any malicious content. This new visibility provides an improvement over previously just seeing a quarantined message’s sender, recipient, subject and date.

Two months ago, we released our bulk release feature, which has received widespread positive feedback from customers. Now, admins can quickly and easily select up to 500 quarantined messages to release or not release, which can be especially helpful in addressing large email campaigns. The bulk release feature can be accessed either through the Office 365 quarantine area or via PowerShell.

Backscatter spam improvements

Backscatter spam—when you receive a non-delivery receipt for an email that a spammer sent using your forged email address—is a growing source of irritation for end users and a challenge for email admins. We have stepped up to backscatter spam with two new protections:

  • Improving backscatter detection with Boomerang—In addition to basic backscatter protections in Office 365, we recently rolled out Boomerang, our Microsoft-branded mechanism to better detect backscatter spam. Now deployed for both hosted and on-premises mailboxes, Boomerang provides greater security and smarts to fight backscatter spam.
  • NDR backscatter storm prevention—This feature, deployed in May, addresses backscatter on a mass scale by automatically deleting the majority of a spammer’s large-scale email campaign, leaving just a handful of forged messages so that the responsible admin has visibility on the attack. NDR backscatter storm prevention is especially helpful in preventing spammers from spoofing well-known, executive email aliases, which are often targeted to add an appearance of legitimacy to spam or to direct mass hate emails.

We’re excited to deliver the latest EOP features to protect your Office 365 email against spam, viruses and malware and we’re already working on more to come. Please check out these seven EOP features and let us know what you think. We value your feedback!

—Shobhit Sahay

Top