5. Stop viruses and malware
Multi-engine malware protection
Continuously evolving anti-spam protection
Protect sensitive data
Data Loss Prevention features
Encryption of sensitive email
Common administration console
Office 365 integration
Detailed reporting
Enterprise class reliability
Geographically load-balanced datacenters
Queuing capabilities to help ensure no mail is lost
24x7x365 Microsoft Support
$$$ backed SLA
Exchange Online Protection (EOP)
6. • Mail Delivery
• 99.999% EOP uptime
• Geo-redundant network
• 24/7 Live phone and web technical support
• Message queuing for 2 days if customer server unresponsive
• Filtering Performance
• 100% known virus detection (active payload)
• 99% spam detection rate
• False positive ratio of less than 1:250,000 messages
EOP Service Level Agreements
8. On-premises server - Inbound and Outbound email filtered through EOP
EOP Conceptual Diagram
Corporate NetworkEOP
9. Works with any SMTP email platform!
Every Office 365 customer is an EOP customer
Easy transition from EOP stand-alone to Office 365
On-premises server
- Inbound and Outbound email filtered through EOP
EOP Deployment scenarios
6
On Premise
Corporate Network
EOP
O365
Exchange Online
10. EOP Inbound filtering
Email is routed to EOP DC’s based on MX record resolution
(contoso-com.mail.protection.outlook.com)
IP-based edge blocking
Reputation blocking
Virus
scanning
AV Engine 1
AV Engine 2
AV Engine 3
SPAM protection
Safe Sender/Recipient
Policy enforcement
Custom Rules
Content scanning and Heuristics
Bulk Mail filtering
SPF & Sender ID Filter
Quarantine
*International Spam*
Advanced SPAM management
Customer feedback
False +ve / -ve
Spam analysts
Corporate network
Regular expressions
URL block lists
Envelope blocks
Forefront blocks
Allows/Rejects
11. Outbound Pool
Outbound Pool
EOP Outbound filtering
High Risk Delivery PoolHigh Score
Outbound Pool
Low ScoreSPAM protection
Content scanning and Heuristics
Advanced SPAM management
Virus
scanning
AV Engine 1
AV Engine 2
AV Engine 3
Policy enforcement
Custom Rules
Quarantine
Spam Analysts
Corporatenetwork
Bulk Delivery Pool
Bulk Mail
Internet
Email Encryption
13. • Phishing Campaigns
• Spear Phishing (APT)
• Bulk Mail
• Backscatter
• Malware Distribution
• Image Spam
Different Types of SPAM
14. 1. Connection filtering
Blocks up to 80% of all spam based on IP block/allow lists.
2. Sender-Recipient Filtering
Blocks up to 15% of all spam based on internal lists and sender reputation.
3. Content Filtering
Blocks up to 5% of all spam based on internal lists and heuristics.
Multi-layered anti-spam protection
14
15. Connection filtering
Static IP allow/block list
Opt-in to Microsoft-maintained reputable sender list
Content spam categories
Obvious spam
High confidence spam
Content Filtering Actions
Delete
Quarantine
Add X-Header
Modify Subject
Redirect
Granular anti-spam filtering controls
15
16. Block external threats quickly
Advanced fingerprinting technologies that identify and
stop new spam and phishing vectors in real time.
Enable more control
Mark all bulk messages as spam
Block unwanted email based on language or
geographic origin
Block email based on language
Block email based on geography
Effective spam
blocking
17. • Suspect junk mail by default goes to the Outlook junk mail folder.
• Uses Outlook safe senders and block lists.
• SPAM Quarantine was currently available to administrators only.
End user quarantine rolled out NOW!
• Email Spam Notification for the end-users
Junk mail management
18. End User Quarantine
• End users can release from quarantine
• Report Spam, not spam
Quarantine
20. False Negatives and False Positives
Outlook Junk Mail Reporting
Tool for missed spam
http://www.microsoft.com/en-
us/download/details.aspx?id=18275
Send spam email as an
attachment to
abuse@messaging.microsoft.com
Send false positive messages
to
false_positive@messaging.microsoft.c
om
22. Standalone
All mailboxes are located on-premises
Purchasable on its own or Part of Exchange Enterprise CAL with Services
Fully hosted
All mailboxes are hosted in the cloud with Microsoft Exchange Online
Exchange Online license
Hybrid
Some mailboxes are hosted in Exchange Online, and some mailboxes on-premises
Exchange Online license
EOP deployment scenarios
23. Overview of the deployment process
Step 1: Verify prerequisites
Step 2: Configure mail flow (connectors)
Step 3: Add and validate domains
Step 4: Customize spam and policy settings
Step 5: Enable mail flow
Step 6: Monitor and fine tune
24. Applicable to all scenarios
Office 365 Tenant – name.onmicrosoft.com
EOP licenses (ExO or EOP Standalone)
Domain to migrate
Modern web browser to access the Office 365 portal
Applicable to Standalone or Hybrid scenarios
Inbound and outbound public IP addresses
Open port 25 to Exchange Online Protection IP Addresses
Information on TLS policy, attachment handling, junk folder use, etc.
DirSync may require additional hardware
Prerequisites
25. Standalone
Create EOP outbound connector to deliver mail on-premises
Create EOP inbound connector to accept mail from on-premises
Create on-premises send connector to send outgoing mail to EOP
Hybrid
Hybrid mail flow is best configured using the Hybrid Configuration Wizard
Optional for all scenarios
Create connectors for forced TLS to third party
Create connectors for customized mail routing
Configure mail flow
26. On-Prem Mail
Environment
Exchange Online
Protection
Outbound Connector
Inbound Connector
Outbound TLS
Connector
Inbound TLS
Connector
EOP connectors between on-premises and EOP need to be created
*Additional connectors can be created between EOP and partners to force TLS
Partner
Environment
Configure mail flow (connectors)
30. • What it does
• Blocks messages to invalid recipients at the EOP edge
• Beneficial to organizations with on-premises mailboxes
• Configuration
• The EAC exposes two domain types.
• Authoritative - All email for unknown recipients is rejected. Setting this domain type enables DBEB
• Internal relay - Email is delivered to recipients in your org or relayed to another email server
• To enable DBEB, set the domain to be AUTHORITATIVE.
Directory Based Edge Blocking
32. Reporting
Provides a clear view on spam filtering
and malware attacks
E-mail Protection Reports
Excel Workbook available to enable self-
service analysis
Connects to the reporting web service
Data can be refreshed from within the
workbook at any time
Drill through from recent summary data to
the underlying detailed information
33. • Goals
• Is the service operating as expected?
• Make adjustments to rules or settings as needed
• Evaluate effectiveness of spam settings
• Tools
• Reports (Office 365 Portal or Mail Protection Reports for Office 365)
• Submitting spam and false positive messages to Microsoft
• Junk Mail Reporting Tool for Outlook
Monitor and fine tune
35. • Do this
• Use a test domain, subdomain or low volume domain for trying different service features
• Disable EOP inbound connector (type is on-prem) until you are ready to use it
• Use the Remote Connectivity Analyzer to troubleshoot
• Restrict inbound SMTP access to allow ONLY from EOP IP ranges
• Enable Microsoft’s IP Safe List in the Connection Filter
• When creating safe / black lists, use IP first, and if not possible, then use the domain
• Don’t do this
• Daisy chain services
• Use EOP for sending bulk mail
• Enable all Content Filter Advanced Options out of the box
• Safe list your own domain
Best practices
36. Telnet is your friend
Telnet can be used to test mail flow from EOP to your on-prem environment.
This allows verifying mail flow will work before doing the MX cutover.
Test mail flow before MX change
You do/type this Server responds with this
telnet tenantDomainMXRecordHere 25 220
helo your_sending_server_fqdn 250
mail from: you@domain.invalid 250 Sender OK
rcpt to: recipient@contoso.com 250 Recipient OK
data followed by the enter key Server provides directions on how to
enter data.
subject: Enter the subject and hit enter
twice
Enter the body text. To finish the message,
type a period on a line by itself and hit
enter.
250 Message queued for delivery.
37. • Quarantine
• Online viewer only supports up to 500 messages
• More can be viewed via PowerShell Get-QuarantineMessage Cmdlet
• Can only release in bulk through Release-QuarantineMessage Cmdlet
• Limits
• Max message size for EOP delivering to stand-alone customers is 150 MB
• Max 100 Transport Rules per tenant – DLP policies consume part of this quota
• Max of 900 domains per tenant
• EOP outbound connectors use round robin for delivery
Known Issues & Limitations
39. • Protection against unknown malware and viruses by analyzing attachment
behavior in a hypervisor environment before delivering them
• Real time, time-of-click protection against malicious URLs that are not yet
known by EOP
• Rich reporting and tracing of URL click throughs
• 2$ / month per user
Advanced Threat Protection