Applies to: Office 365
Topic Last Modified: 2017-03-22
For most organizations that use Office 365, we host your mailboxes and take care of mail flow. It's the simplest configuration and means that Office 365 manages all mailboxes and filtering. However, some organizations have a business need to keep all their mailboxes on premises. Exchange Online Protection (EOP) enables you to do that and provides antivirus and anti-spam mail processing in the cloud. For more information and to purchase EOP, go to Exchange Online Protection.
Looking for information about domain management or Directory Based Edge Blocking (DBEB)? See Recipient, Domain, and Company Management. To learn more about all EOP features, see the Exchange Online Protection Service Description.
You can configure a connector to enable mail flow between Office 365 (including Exchange Online or EOP) and an SMTP-based email server such as Exchange. For details about this, see Do I need a connector? And Set up connectors to route mail between Office 365 and your own email servers.
As an EOP customer, you can set up secure mail flow with a trusted partner by using Office 365 connectors. Office 365 supports secure communication through Transport Layer Security (TLS), and you can create a connector to enforce encryption via TLS. TLS is a cryptographic protocol that provides security for communications over the Internet. By using connectors, you can configure both forced incoming and outgoing TLS using self-signed or certification authority (CA)-validated certificates. You can also apply other security restrictions, such as specifying domain names or IP address ranges from which your partner organization sends mail.
For more information, see Set up connectors for secure mail flow with a partner organization.
You can add a trusted partner’s IP address to a safe list to ensure that messages they send to you are not subject to spam filtering. To do this, you can use the connection filter’s IP Allow list. For more information, see Configure the connection filter policy.
You can configure a connector with a Transport rule that routes mail to a specific site, based on conditions. For more information, see Scenario: Conditional email routing.
Hybrid means that you host a portion of your mailboxes on premises, and a portion in the cloud (Exchange Online). You can move from a standalone (on-premises) deployment to a hybrid deployment.
If you have a hybrid deployment, you can protect your cloud and on-premises mailboxes with EOP. Standalone licenses are required for on-premises mailboxes, when they are protected by EOP. For more information about mail routing in a hybrid deployment, see Transport routing in Exchange hybrid deployments.
The Microsoft Exchange Server Deployment Assistant also provides detailed hybrid deployment provisioning and hybrid message transport guidance.
To view feature availability across Office 365 plans, standalone options, and on-premise solutions, see Exchange Online Protection Service Description.