Export (0) Print
Expand All

What's New in Exchange Online Protection

Exchange 2013

Applies to: Exchange Online Protection

Topic Last Modified: 2014-05-30

The following sections describe new features in Microsoft Exchange Online Protection (EOP).

The Exchange admin center (EAC) is a single unified management console that allows for ease of use and is optimized for all types of deployments. The new and improved EAC replaces the Forefront Online Protection for Exchange Administration Center. EAC provides a tighter integration with Office 365 and a consistent, seamless UI experience across Exchange products (Microsoft Exchange Online and Microsoft Exchange Server 2013). For more information about the EAC, see Exchange admin center in Exchange Online Protection.

Exchange Online Protection leverages Exchange Transport rules functionality, which replace FOPE policy rules. Exchange Transport rules enable you to enforce specific company regulations and policies by configuring customizable filtering rules. Several new features were added to Transport rules functionality and improvements were made to existing features. New predicates and actions were added and rule monitoring features have been enhanced.

New predicates:

  • Sender’s IP is in the range   Used to detect messages sent from a specific set of IP address ranges.

  • Any attachment’s file extension matches   Used to detect messages that contain attachments with specific extensions.

  • Any attachment has executable content   Used to detect messages that contain attachments with executable content.

  • Message size is greater than or equal to   Used to detect messages whose overall size is greater than or equal to the specified limit.

For a list of all predicates available in EOP, see Transport rule conditions (predicates).

New actions:

  • Require TLS encryption   Requires TLS encryption when routing this message outside your organization. If TLS encryption isn't supported, the message is rejected and not delivered.

  • Stop processing more rules    Stops the processing of all subsequent rules on the message. (Note that this item is not listed as an action, but rather as a separate check box after all the conditions and predicates.)

For a list of all actions available in EOP, see Transport rule actions.

Other changes in transport rules:

  • Support for extended regular expression syntax   Transport rules in Exchange Online Protection are now based on the Microsoft .NET Framework regular expression (regex) functionality and now support extended regular expression syntax.

  • Detailed Transport rule information in message tracking logs   Detailed information about Transport rules are now included in message tracking logs. The information includes which rules were triggered for a specific message and the actions taken as a result of processing those rules.

  • New rule monitoring functionality   Exchange Online Protection monitors Transport rules that are configured and measures the cost of running these rules both when you're creating the rule and also during regular operation. Exchange can detect and generate alerts for rules that are causing delays in mail delivery.

  • Criteria Based Routing (CBR)  You can select an Outbound connector to route mail through, based on criteria in a transport rule. For example, you can route mail to a specific site, using a transport rule that assigns each message to a connector, based on a user attribute. For more information, see Scenario: Conditional mail routing.

For more information about Transport rules, see Transport rules.

The following are new anti-spam protection features in EOP:

  • Two additional URL lists are used to block suspicious messages that contain specific URLs within their message body.

  • Microsoft subscribes to various third-party sources of trusted senders. You can select to skip spam filtering on messages sent from these senders, ensuring that they are never mistakenly marked as spam.

  • You now have the ability to filter messages written in specific languages, or sent from specific countries or regions. The service will apply the configured action.

  • For greater granularity, you can create custom content filter policies and apply them to specified users, groups, or domains in your organization. Custom policies always take precedence over the default company-wide policy, but you can change the priority (that is, the running order) of your custom policies.

  • You can now easily configure the service to mark bulk email messages (such as advertisements and marketing emails) as spam through the user interface.

  • Administrators and end users can use the enhanced Junk Email Reporting Add-in for Microsoft Office Outlook in order to report junk (spam) messages to Microsoft for analysis. This tool is compatible with the latest Microsoft products (Outlook 2013 and Windows 8) and is backwards-compatible with prior versions. For more information about installing and using this tool, see Junk Email Reporting Add-in for Microsoft Office Outlook.

  • Exchange Server 2013 SP1 OWA customers can report missed spam in the inbox and misclassified as spam messages to Microsoft for analysis by using its built-in junk email reporting options. Depending on the results of the analysis, we can then adjust the anti-spam filter rules for EOP. For more information, see Junk Email Reporting in OWA.

  • We’ve significantly improved our anti-phishing protection. FOPE included 30,000 domains of known spammers on our block lists, but EOP has been enhanced to include 750,000 domains of known spammers.

For more information about anti-spam protection, see Anti-Spam Protection.

As an administrator, you can search for and view details about all quarantined email messages in the EAC. After locating the message, you can release it to specific users. You can also optionally report spam-quarantined messages as false positives (not junk).

As an end user, you can manage your own spam-quarantined messages either via the spam quarantine user interface or by using end-user spam notification messages (if they’re enabled by your administrator). Upon receiving a notification message, you can move the spam email to your inbox, or report the spam email as not junk, in which case it will be sent to the Microsoft Spam Analysis Team. Admins can configure these notifications to be sent from every 1 to 15 days, and they can also set the language in which the notification is written.

For more information about managing quarantined messages, see Quarantine.

The following are new anti-malware protection features in EOP:

  • EOP has the capability to replace attachments in malware detected messages with default or custom alert text that notifies the recipients of the detection. If the detection is in the message body, the message and all of its associated attachments are deleted.

  • For greater granularity, you can create custom malware filter policies and apply them to specified users, groups, or domains in your organization. Custom policies always take precedence over the default company-wide policy, but you can change the priority (running order) of your custom policies.

For more information about anti-malware protection, see Anti-Malware Protection.

If you’re an administrator, there’s a good chance you’d like to monitor how much spam and malware is being detected, or how often your transport rules are being matched. With the interactive mail protection reports in the Office 365 admin center, you can quickly get a visual report of summary data, and drill-down into details about individual messages, for as far back as 90 days. For more information, see Use mail protection reports in Office 365 to view data about malware, spam, and rule detections.

The message trace tool includes the following new features:

  • Search functionality has been enhanced.

  • When viewing message trace results, the subject line text is provided for each message.

  • A detailed view is provided that describes all of the events that happened to the message.

  • Data retention for the message trace has been increased to 90 days.

For more information about using the message trace tool, see Trace an Email Message.

For information about feature differences and behavior changes between Forefront Online Protection for Exchange (FOPE) and EOP, see the following topics:

FOPE vs. EOP feature comparison, which shows the feature differences between FOPE and EOP.

Service upgrade changes for policy rules, which covers differences between FOPE policy rules and Exchange Transport rules.

For information about Exchange Enterprise CAL with Services, which provides the email protection features of EOP along with additional features, see “Exchange Enterprise CAL with Services features” in the Exchange Online Protection Service Description.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2014 Microsoft