Anti-Spam and Anti-Malware Protection
Applies to: Office 365
Topic Last Modified: 2014-12-11
Microsoft Exchange Online Protection (EOP) provides built-in malware and spam filtering capabilities that help protect inbound and outbound messages from malicious software and help protect your network from spam transferred through email. Administrators do not need to set up or maintain the filtering technologies, which are enabled by default. However, administrators can make company-specific filtering customizations in the Exchange admin center (EAC).
Looking for information about all EOP features? See the Exchange Online Protection Service Description.
Using multiple anti-malware engines, EOP offers multilayered protection that’s designed to catch all known malware. Messages transported through the service are scanned for malware (viruses and spyware). If malware is detected, the message is deleted. Notifications may also be sent to senders or administrators when an infected message is deleted and not delivered. You can also choose to replace infected attachments with either default or custom messages that notify the recipients of the malware detection.
For Exchange Online Protection standalone customers, the service only scans inbound and outbound messages that are routed by the service, and does not scan messages sent from a sender in your organization to a recipient in your organization. However, for another layer of defense, you can pair the service with the built-in anti-malware protection capabilities of Exchange Server 2013, which scans internal messages for malware.
For Exchange Online and Exchange Enterprise CAL with Services customers, the service scans inbound and outbound messages that are routed by the service, as well as internal messages sent from a sender in your organization to a recipient in your organization.
You can customize anti-malware policies in the EAC. You can configure the default policy for company-wide settings. For greater granularity, you can also create custom content filter policies and apply them to specified users, groups, or domains in your organization. Custom policies always take precedence over the default policy, but you can change the priority (that is, the running order) of your custom policies. For more information, see Configure Anti-Malware Policies.
EOP uses proprietary anti-spam technology to help achieve high accuracy rates. The service provides strong connection filtering and content filtering on all inbound messages. Outbound spam filtering is also always enabled if you use the service for sending outbound email, thereby helping to protect organizations using the service and their intended recipients.
Spam filtering is automatically enabled for all inbound and outbound email messages processed by EOP. Spam filtering cannot be completely disabled, but certain company-wide settings can be modified by editing your default anti-spam policies. For greater granularity, you can also create custom content filter policies and apply them to specified users, groups, or domains in your organization. By default, custom policies take precedence over the default policy, but you can change the priority (running order) of your custom policies. For more information, see Configure the Anti-Spam Policies.
|For EOP standalone customers: By default, the EOP content filters send spam-detected messages to each recipients’ Junk Email folder. However, in order to ensure that the Move message to Junk Email folder action will work with on-premises mailboxes, you must configure two Exchange Transport rules on your on-premises servers to detect spam headers added by EOP. For details, see Ensure that Spam is Routed to Each User's Junk Email Folder.|
Messages identified as spam and messages that match a transport rule can be sent to the administrator quarantine. Administrators can search for and view details about quarantined email messages in the EAC. After locating the email message, you can release it to specific users and optionally report it as a false positive (not junk) message to the Microsoft Spam Analysis Team if it was misidentified as spam.
There is also a spam quarantine for end users, which lets them manage their own spam-quarantined messages. End user management of spam-quarantined messages can also be performed via end-user spam notification messages (if they are enabled by an administrator).
For more information about the quarantine feature, see Quarantine.
The Junk Email Reporting Add-in for Microsoft Office Outlook lets EOP users easily report junk (spam) email to Microsoft for analysis to help reduce the number and impact of future junk email messages filtered by the service. For more information about installing and using this tool, see Junk Email Reporting Add-in for Microsoft Office Outlook.
The Junk Email Reporting feature in Outlook Web App lets users easily report junk (spam) email to Microsoft for analysis by using its built-in junk email reporting options. Depending on the results of the analysis, we can then adjust the anti-spam filter rules for our EOP service. For more information, see Junk Email Reporting in OWA.
To view feature availability across Office 365 plans, standalone options, and on-premise solutions, see Exchange Online Protection Service Description.