What's New in Exchange Online Protection
Applies to: Exchange Online Protection
Topic Last Modified: 2013-10-16
The following sections describe new features in Microsoft Exchange Online Protection (EOP).
The Exchange admin center (EAC) is a single unified management console that allows for ease of use and is optimized for all types of deployments. The new and improved EAC replaces the Forefront Online Protection for Exchange Administration Center. EAC provides a tighter integration with Office 365 and a consistent, seamless UI experience across Exchange products (Microsoft Exchange Online and Microsoft Exchange Server 2013). For more information about the EAC, see Exchange Admin Center in Exchange Online Protection.
Exchange Online Protection leverages Exchange Transport rules functionality, which replace FOPE policy rules. Exchange Transport rules enable you to enforce specific company regulations and policies by configuring customizable filtering rules. Several new features were added to Transport rules functionality and improvements were made to existing features. New predicates and actions were added and rule monitoring features have been enhanced.
- Sender’s IP is in the range Used to detect messages sent from a specific set of IP address ranges.
- Any attachment’s file extension matches Used to detect messages that contain attachments with specific extensions.
- Any attachment has executable content Used to detect messages that contain attachments with executable content.
- Message size is greater than or equal to Used to detect messages whose overall size is greater than or equal to the specified limit.
For a list of all predicates available in EOP, see Transport Rule Predicates.
- Require TLS encryption Requires TLS encryption when routing this message outside your organization. If TLS encryption isn't supported, the message is rejected and not delivered.
- Stop processing more rules Stops the processing of all subsequent rules on the message. (Note that this item is not listed as an action, but rather as a separate check box after all the conditions and predicates.)
For a list of all actions available in EOP, see Transport Rule Actions.
Other changes in transport rules:
- Support for extended regular expression syntax Transport rules in Exchange Online Protection are now based on the Microsoft .NET Framework regular expression (regex) functionality and now support extended regular expression syntax.
- Detailed Transport rule information in message tracking logs Detailed information about Transport rules are now included in message tracking logs. The information includes which rules were triggered for a specific message and the actions taken as a result of processing those rules.
- New rule monitoring functionality Exchange Online Protection monitors Transport rules that are configured and measures the cost of running these rules both when you're creating the rule and also during regular operation. Exchange can detect and generate alerts for rules that are causing delays in mail delivery.
- Criteria Based Routing (CBR) You can select an Outbound connector to route mail through, based on criteria in a transport rule. For example, you can route mail to a specific site, using a transport rule that assigns each message to a connector, based on a user attribute. For more information, see Scenario: Conditional Mail Routing.
For more information about Transport rules, see Transport Rules.
The following are new anti-spam protection features in EOP:
Two additional URL lists are used to block suspicious messages that contain specific URLs within their message body.
Microsoft subscribes to various third-party sources of trusted senders. You can select to skip spam filtering on messages sent from these senders, ensuring that they are never mistakenly marked as spam.
You now have the ability to filter messages written in specific languages, or sent from specific countries or regions. The service will apply the configured action.
For greater granularity, you can create custom content filter policies and apply them to specified users, groups, or domains in your organization. Custom policies always take precedence over the default company-wide policy, but you can change the priority (that is, the running order) of your custom policies.
You can now easily configure the service to mark bulk email messages (such as advertisements and marketing emails) as spam through the user interface.
Administrators and end users can use the enhanced Junk Email Reporting Add-in for Microsoft Office Outlook in order to report junk (spam) messages to Microsoft for analysis. This tool is compatible with the latest Microsoft products (Outlook 2013 and Windows 8) and is backwards-compatible with prior versions. For more information about installing and using this tool, see Junk Email Reporting Add-in for Microsoft Office Outlook.
We’ve significantly improved our anti-phishing protection. FOPE included 30,000 domains of known spammers on our block lists, but EOP has been enhanced to include 750,000 domains of known spammers.
For more information about anti-spam protection, see Anti-Spam Protection.
As an administrator, you can search for and view details about quarantined email messages in the EAC. After locating the message, you can release it to specific users. You can also optionally report spam-quarantined messages as false positives.
As an end user, you can manage your own spam-quarantined messages via end-user spam notification messages (if they are enabled by your administrator). Upon receiving a notification message, you can move the spam email to your inbox, or report the spam email as not junk, in which case it will be sent to the Microsoft Spam Analysis Team. Admins can configure these notifications to be sent from every 1 to 15 days, and they can also set the language in which the notification is written.
For more information about managing quarantined messages, see Quarantine.
The following are new anti-malware protection features in EOP:
EOP has the capability to replace attachments in malware detected messages with default or custom alert text that notifies the recipients of the detection. If the detection is in the message body, the message and all of its associated attachments are deleted.
For greater granularity, you can create custom malware filter policies and apply them to specified users, groups, or domains in your organization. Custom policies always take precedence over the default company-wide policy, but you can change the priority (running order) of your custom policies.
For more information about anti-malware protection, see Anti-Malware Protection.
Many different types of reports are available in the Office 365 admin center to help you analyze mail that flows through Exchange Online Protection. For more information, see Reporting and Message Trace in Exchange Online Protection.
You can also view reports by using the Excel reporting workbook. The reports in the workbook are similar to the email protection reports that are available in the Office 365 admin center. However, you can use the workbook to filter the reports to retrieve detailed information for a specific date, for a specific range of time, for actions taken on messages, for inbound or outbound messages, and for other attributes. You can also click the summary information to see detailed information about a specific item. For more overview information and links to download and install the workbook, see Mail Protection Reports for Office 365. For information about how to use the workbook, see Mail Protection Reports Using the Excel Reporting Workbook.
The message trace tool includes the following new features:
Search functionality has been enhanced.
When viewing message trace results, the subject line text is provided for each message.
A detailed view is provided that describes all of the events that happened to the message.
For more information about using the message trace tool, see Trace an Email Message.
For information about feature differences and behavior changes between Forefront Online Protection for Exchange (FOPE) and EOP, see the following topics:
FOPE vs. EOP Feature Comparison, which shows the feature differences between FOPE and EOP.
Service Upgrade Changes for Policy Rules, which covers differences between FOPE policy rules and Exchange Transport rules.
For information about Exchange Enterprise CAL with Services, which provides the email protection features of EOP along with additional features, see “Exchange Enterprise CAL with Services features” in the Exchange Online Protection Service Description.