Export (0) Print
Expand All
34 out of 41 rated this helpful - Rate this topic

FOPE vs. EOP Feature Comparison

Exchange 2013
 

Applies to: Exchange Online Protection

Topic Last Modified: 2014-04-07

The following table provides a feature comparison between Forefront Online Protection for Exchange (FOPE) and Exchange Online Protection (EOP). It also provides information about new features that are scheduled to be added to the EOP service.

 

Feature

FOPE

EOP

Anti-spam protection

Inbound spam detection

Yes

Yes

Outbound spam detection

Yes

Yes. EOP adds the ability to configure admin notifications for suspicious outbound messages and blocked outbound messages

NDR backscatter protection

Yes

Yes

Bulk mail filtering

Yes, by following the steps described in Bulk Mail Filtering in FOPE.

Yes. EOP adds enhanced detection methods to better identify bulk email messages. Additionally, you can easily configure EOP to mark bulk email messages as spam through the user interface.

Malicious URL block lists

Yes

Yes. EOP adds two new additional URL block lists that help detect known malicious links within messages.

Anti-phishing protection

Yes

Yes. In EOP we’ve significantly improved our anti-phishing protection. FOPE included 30,000 domains of known spammers on our block lists, but EOP has been enhanced to include 750,000 domains of known spammers.

Spam management

Ability to configure connection filter IP Allow and IP Block lists

Respected for single IP addresses.

Respected for single IP addresses and CIDR IP address ranges. The service has been significantly improved to support IPV6 addresses.

Ability to configure actions on content-filtered messages

Yes

Yes and these options have been enhanced, for example you can now delete content-filtered messages or send them to the Junk Email folder.

Ability to configure advanced options for aggressive spam filtering

Yes

Yes

International spam filtering

No

Yes. you can configure EOP to block messages written in specific languages, or sent from specific countries or regions. You can configure up to 86 different languages and 250 different regions.

Manage spam via Outlook Junk Email folder

Yes

Yes

Safe sender management in Outlook

Yes

Yes

Blocked sender management in Outlook

No

Yes

False negative spam submissions via the Junk Email Reporting Add-in for Microsoft Office Outlook

Yes

Yes

False positive and false negative spam submissions via an email alias

Yes

Yes

False positive and false negative spam submissions via OWA Junk Email Reporting

No

This feature is available for Outlook Web App (OWA) customers whose Exchange Server 2013 SP1 mailboxes are being filtered by EOP. Exchange Online OWA customers will also have this functionality in the near future.

End-user spam quarantine notifications

Yes

Yes

End-user spam quarantine notification frequency

3 days by default.

Configurable from 3 to 14 days. 1 day frequency allowed if Directory Based Edge Blocking is deployed.

3 days by default.

Configurable from 1 to 15 days.

Ability to configure the language of end-user spam quarantine notifications

No

Yes

Access messages in quarantine via a web page

Yes, for end users and administrators.

Yes, for administrators.

A Web-based interface for end user self-management of spam-quarantined messages is targeted for the second quarter of 2014. In the meantime, end users can self-manage their own spam-quarantined messages via end-user spam quarantine notifications.

Ability for admins to search the quarantine

No

Yes

Customize content filter policies per user, group, or domain

No

Yes

View spam-quarantined message headers from the Exchange admin center

No

Yes

Support for anonymous inbound messages over IPv6

No

This feature is targeted to be added to the service in the second quarter of 2014. There will be limited availability for inbound IPv6 for the first few months, and you can only opt-in by requesting this functionality from technical support. In the future, you’ll be able to opt-in via remote PowerShell or through the Exchange admin center.

Support for validation of DKIM signed messages

No

This feature is targeted to be added to the service for IPV6 only in the second quarter of 2014. In a future release, EOP will verify all inbound messages signed with DKIM over IPv4. We will also be providing DKIM signing in the service.

Anti-malware protection

Multi-engine anti-malware protection

Yes

Yes

Option to disable malware filtering

Yes

No.

In the updated service we are enforcing anti-malware scanning for all email messages routing through the service. In the past we had separate anti-malware scanning solutions for FOPE standalone and Exchange Online customers. We believe that providing a consistent and rigorous level of protection for all of our customers is a critical part of the defense in depth strategy necessary to protect your email messaging environment. As a result, malware filtering is automatically enabled for all customers.

Malware inspection of message body

Yes

Yes

Malware inspection of attachments

Yes

Yes

Default or custom malware alert notifications

Yes

Yes

Option to remove attachment when malware is detected

No, the entire message is blocked.

Yes, administrators can select whether to block the entire message or to strip the attachment and send a customized message to the recipients.

Anti-spyware protection

Yes

Yes

Customize malware filter policies per user, group, or domain

No

Yes

Mail routing and connectors

Intelligent mail routing

Yes, using virtual domains

Yes, using criteria based routing (CBR)

Opportunistic TLS

Yes

Yes

Forced TLS

Inbound and outbound

Inbound and outbound

Inbound safe listing (skip spam filtering for trusted domains)

Yes

Yes, but for EOP we recommend that you use the connection filter IP Allow list instead.

Regional routing (restrict mail flow to a specific region)

United States

United States or Europe

Policy rules

Policy-based filtering and actions

Yes, via FOPE policy rules  

Yes. Custom policies are significantly enhanced and are more flexible because they are based on Exchange Transport rules. For more information about differences between FOPE policy rules and Exchange Transport rules, see Service Upgrade Changes for Policy Rules..

Filter by domain, keyword, file name, file type, subject line, message body, sender, recipient, header, IP address

Yes

Yes

Filter by text patterns

Basic (regular expressions)

Advanced (.NET regular-expression engine)

Custom dictionaries

Yes

Exchange transport rules can include long lists of text and keywords, providing the same functionality as a custom dictionary. FOPE policy rules that include custom dictionaries will be automatically converted into transport rules as part of the transition.

Per-domain policy rules

Yes

Yes

Attachment scanning

Scans the file name and file extension, but not the attachment content.

Scans the file name, file extension, and content of the attachment.

Send policy rule notifications to sender

Yes

Yes

Send policy rule notifications to recipients

Yes

No

Send messages to fixed addresses (such as redirecting or copying a message to a specific address)

Yes

Yes

'Maximum number of recipients' match option in policy rule

Yes

No

Search policies using IP address, SMTP address, etc.

Yes

This functionality is targeted to be added to the service in the second quarter of 2014.

Ability to easily adjust rules priority across multiple rules

Yes

Yes

Administration

Web-based administration

Yes, via FOPE Admin Center

Yes, via the Exchange admin center (EAC)

Integration with Office 365 admin center

No

Yes

Language support for admin center

17 languages

EAC: 60 languages

Excel Reporting Workbook: 60 languages

Directory synchronization

Yes, via the FOPE Directory Sync Tool

Yes, via the Windows Azure Active Directory Sync Tool

Upload user files via SFTP

Yes

No

Directory Based Edge Blocking

Yes

Yes for EOP standalone. For more information about configuring DBEB in EOP, see Use Directory Based Edge Blocking to Reject Messages Sent to Invalid Recipients. For additional information about DBEB in Exchange Online and Exchange Enterprise CAL with Services, as well as information about how FOPE customers who use DBEB are being transitioned to EOP, see the following blog article: In Deployment: Directory Based Edge Blocking for Exchange Online Protection.

SMTP Connectivity Checker tool

Yes

Yes

For more information about using this tool, see Test Mail Flow with the Remote Connectivity Analyzer.

Configurable domains per tenant

600

900

Match subdomains

Yes

Yes

Remote PowerShell access

No

Yes, full EOP functionality is available except for the ability to manage users and groups, which is targeted to be added to the service in the second quarter of 2014.

Reporting and logging

Message trace

Yes, 30 days of message trace data

Yes, 90 days of message trace data

Subject line shown in message trace

No

Yes

Web-based reports

Yes

Yes, with improved report visualization.

Spam reporting

Yes

Enhanced. For example, reports are available by category, and there is an additional downloadable Excel reporting workbook.

Malware reporting

Yes

Yes

Scheduled delivery of reports via email

Yes

No, we recommend that you run interactive reports in the Office 365 admin center instead.

Detailed reporting via the Excel reporting workbook

No

Yes. The reports in the workbook are similar to the email protection reports that are available in the Office 365 admin center. However, you can use the workbook to filter the reports to retrieve detailed information for a specific date, for a specific range of time, for actions taken on messages, for inbound or outbound messages, and for other attributes. You can also click the summary information to see detailed information about a specific item.

Deferral notifications (notify an administrator if an inbound message was deferred by the service)

Yes

No

Run reports for a specific domain

Yes

You cannot run Office 365 admin center reports or Excel reporting workbook reports for a specific domain. However, in the message trace you can search by sender/recipient using wildcards to limit to a specific domain.

Audit logging

Yes

Yes (administrator role group report and administrator audit log)

Service Level Agreement (SLA) and support

Spam effectiveness SLA

>99%

>99%

False positive ratio SLA

<1:250,000

<1:250,000

Virus detection and blocking SLA

100% of known viruses

100% of known viruses

Monthly uptime SLA

99.999%

99.999%

24/7 phone and web technical support

Yes

Yes

Free 90-day deployment assistance from Implementation Project Manager for customers with 1,000 seats or more

Yes

Yes

Other features

Data center mail routing by geographic region

No

Yes

Geo-redundant global network of servers

Yes

Yes

Message queuing when on-premises server cannot accept mail

Yes, 5 days

Yes, 2 days

Exchange Hosted Encryption available as an add-on service

Yes

Yes

Migrate on-premises mailboxes to Office 365 including Exchange Online

Yes

Yes, with a significantly simplified transition experience

 
Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.