Anti-Spam and Anti-Malware Protection

For Exchange Online Dedicated customers, anti-malware protection is applied within the Exchange servers of the messaging service. All messages that are transported through Exchange Online Dedicated are scanned for malware. If malware is detected, the message is deleted. Notifications can be sent to senders or admins that exist within the Exchange Online Dedicated environment when an infected message is deleted and not delivered. You can also use the Exchange Admin Center (EAC) to provide a replacement message for infected attachments with either default or custom text that notifies the recipients of the malware detection.

Optionally, your organization can use Exchange Online Protection (EOP) service. The premium level version of EOP, referred to as the Exchange Enterprise Client Access License (CAL) with Services, is provided with Exchange Online Dedicated subscriptions at no additional charge. See the Exchange Online Protection Service Description for more information.

Note:

Anti-malware protection features offered in Exchange Online Dedicated provide protection for messages routed within your online environment (effectively your “intranet”). If appropriate subscription licenses have been purchased, Exchange Online Dedicated also will provide Data Loss Prevention (DLP) protection for intranet traffic. The EOP service is used to apply filtering and protection for all messages delivered via the Internet, including anti-spam protection. DLP is provided by EOP regardless of the Exchange Online Dedicated subscription type of the message originator. Certain kinds of email attachments from non-trusted sources are blocked from entry into the Exchange Online Dedicated environment by a transport rule. Exchange Online Dedicated applies a default transport rule that an Exchange admin in your organization can view and edit to allow anti-malware filtering to be tailored to meet the requirements of your organization.

Customer Responsibilities

• During initial configuration of the Exchange Online Dedicated service, provide a list of IP email addresses to be blocked, allowed, or blocked and allowed via policy..

• Default setting for user notification of messages in quarantine is 15 days; self-service administration within EOP can be used to alter setting.

• Control timing and deployment of Mail Exchange (MX) record changes.

• Manage changes to policy settings after deployment through the EAC extension used to manage EOP.

Microsoft Responsibilities

• If your organization will use EOP for Internet inbound and outbound email filtering, configure EOP to support the filtering of this traffic.

Limitations

• Anti-malware detection notifications are sent only to Exchange Online Dedicated senders who are sending mail within the Exchange Online Dedicated environment.