Microsoft Exchange Online Protection: Secure Your Emails Now

Published On - January 29, 2025

Summary: Does Microsoft Exchange Online Protection keep my emails secure? But how? The blog answers questions like these. It also covers all the important aspects of EOP and provides step-by-step assistance to configure it for your organization more efficiently. Furthermore, you can use Recoveryfix Microsoft 365 Backup tool to protect your mailboxes by backing them to a safe location.

Rising online threats like email phishing are one of the major security concerns for organizations. Therefore, organizations must find reliable methods to protect their whole email environment against cyber threats.

Microsoft 365 recognizes these needs and, consequently, introduced its Exchange Online Protection (EOP) service on March 1, 2013. A powerful email filtering system specially designed to safeguard your crucial email data from spam, malware, phishing, and other risks.

So, we have tried our best to simplify the Microsoft EOP services for all users. It will help you to understand the EOP services better and provide assistance in implementing them for your organization’s security.

Why do I need to enable Microsoft Exchange Online Protection?

Exchange Online security comes with several features that work in a predefined order to filter out unwanted emails from your Exchange Account. It automates email sorting on the back end to create a secure environment for organizations. Learn about EOP features in detail:

Protection features
Microsoft EOP secures an organization’s precious data from malware and other potential email threats with the help of the following filters.
- Malware filter: Its multilayered malware protection feature helps you to secure your email messages from viruses, spyware, and ransomware.
- Spam filter: Junk or fraudulent emails can be easily filtered out by EOP’s anti-spam technology.
- Connection: It recognizes the emails based on their source IP addresses to verify the email servers’ authenticity.
- Anti-phishing: Users can avoid email threats by creating customized anti-phishing policies.
- Anti-spoofing: Anti-spoofing technology of EOP analyzes emails “From” header to verify their authenticity.
EOP blocks email messages if any email fails to comply with standard email authentication.
Quarantine and submission features
Users can carry out specific actions on quarantined messages and submit email messages for review. Let’s understand them better:
- Quarantine: It allows users to configure quarantine policies to define the most appropriate actions on quarantine messages. Administrators have the right to manage these messages.
- Submissions: Users can submit the suspected emails, URLs, and attachments on the Submissions portal for evaluation.
Mail flow features
Users can set up mail flow rules to identify and define the particular actions on the received emails. Here are the different filters that come under mail flow features:
- Mail flow rules: You can manage email messages by setting up conditions, exceptions, and actions.
- Accepted domains: All the added domains to Microsoft 365 are known as accepted domains. Users can easily send or receive emails to these accepted domains.
- Connectors: It is a collection of instructions that defines the way your email flows within an organization known as Connectors.
Monitoring features
EOP provides different filters to monitor, report, and trace email messages. These are as follows:
- Message trace: Users can identify the type of action that was taken to a specific email message with this feature. It shows the message was received, delivered, rejected, or deferred.
- Email and collaboration reports: It provides complete information about the anti-spam, anti-malware, and encryption features and how they are helpful in protecting your organization’s mailbox.
- Alert policies: Users can create or set up default alert policies to monitor activities, such as unusual file deletion, phishing attacks, or external sharing. It notifies you when certain activities match and helps you to take necessary actions to protect your mailbox.

Detailed explanation of Microsoft Exchange Online Protection working

Online protection for exchange works in a sequential order to filter unwanted emails. Let’s discuss its detailed process in the following section.
Detailed explanation of Microsoft Exchange Online Protection working

Connection Filtering – Connection filtering is the initial step of EOP, which checks the sender’s reputation. If the system detects the email messages as spam emails, then they are rejected by EOP.
Anti-Malware – In the second step, EOP scans the email message for malware. Once the malware is detected in the email message or in its attachment, the message goes to quarantine. Only admins have the right to view and deal with malware-quarantined messages. They can also create and utilize quarantine policies to define what users can do with these email messages.
Mail flow rules- Policy Filtering – After that, the message passes through policy filtering, where it is reviewed based on mail flow rules, which are created by you.
Content Filtering- Finally, the email message goes through content filtering, and on the basis of their harmfulness, they are classified as spam, high confidence spam, phishing, high confidence phishing, or spoofing. Admins can define the certain actions that can be taken based on their classification.
Lastly, an email message is delivered to the recipients when it passes through all these Office 365 mail protection layers.

How to set up Microsoft Exchange Online Protection?

After knowing the importance of Exchange Online security, you want to set it up for your organization. If so, then follow the provided steps to the same:

Points to remember:

One hour is the calculated time to complete the process.
Assign the following permissions before proceeding with the process:
- Exchange Online Protection: Remote and Accepted Domains role must be assigned to you. Organization Management and Mail Flow Administrator are assigned to this role by default.
- Microsoft Entra Permissions: You need to have membership in the Global Administrator role. However, Microsoft recommends using roles with the fewest permissions to improve security for your organization.

Step 1. Add and verify domain in Microsoft 365 admin center

Go to office.com and log in with your account credentials.
Under Microsoft 365 admin center, expand Setting options and click Domains.
Tap on +Add domain option to add and verify domain.
Then, add a domain to Office 365 and verify DNS records.

Step 2. Add recipients and enable DBEB

Microsoft recommends that users must add recipients before proceeding to mail flow configuration. Users have different ways to add recipients and manage mail users in Exchange Online (and EOP).

Besides that, users can set their domain type to Authoritative to implement recipient verification by enabling Directory Based Edge Blocking (DBEB) to reject messages sent to invalid recipients.

Step 3. Set up mail flow using the EAC

You have to create connectors in the Exchange admin center (EAC) that facilitate mail flow between EOP and on-premises mail servers. In order to do that user, need to set up connectors to route mail between Microsoft 365 and mail servers.

Users can verify mail flow between EOP and on-premises environment by validating Microsoft 365 connectors.

Step 4. Enable inbound port 25 SMTP access

DNS records will take 72 hours to update after configuring connectors. Once it is done, restrict inbound port-25 SMTP traffic on mail servers to allow mail from the EOP datacenters that are listed at Microsoft 365 URLs and IP address ranges. It secures your on-premises environment by limiting the inbound messages that you can receive. Also, enable mail server settings that control the IP addresses allowed to connect.

Note: It is necessary to configure an SMTP server with a connection time out of 60 seconds, which is the most suitable setting.

Step 5. Make sure that spam is routed to every user’s Junk Email folder

You can make sure that spam (junk) email is routed to each user’s Junk Email folder in on-premises Exchange by configuring steps to translate EOP spam verdicts. Follow the steps to configure standalone EOP in hybrid environments to deliver spam to the Junk Email folder.

Also, you can set up anti-spam policies in case you don’t want to move messages to each user’s Junk Email folder.

Step 6. Point MX record to EOP using the Microsoft 365 admin center

Use the domain configurations to update the MX record for your domain so that your email flows through EOP. Also, confirms that your MX records are pointed towards EOP.

You can execute the following tests to verify that your MX records point to EOP or not.

Review the mail flow between the service and your environment by validating your Microsoft 365 connectors.
Send a test mail using any web-based email account that matches the added domains to confirm the delivery of your email messages.
Create and send an email message from a user in your organization to an external email service to test outbound email.

Are there any best practices available to configure standalone Exchange Online Protection services?

Best practices allow users to avoid configuration errors and successfully set up online protection for Exchange Server. Here is the list of practices that you can implement for EOP services.

Utilize a test domain
It is recommended that you initially use a test domain, subdomain, or low-volume domain for testing purposes. Once you are fully satisfied with the service, you can implement it for your higher-volume domains.
Sync recipients to Microsoft Entra ID
Users can synchronize the user accounts that are available in an on-premises Active Directory environment to Microsoft Entra ID in the cloud. By doing so, users can avail different benefits of directory synchronization.
Make changes in recommended settings
Standard and Strict are the two security levels in EOP and Microsoft Defender for Office 365. However, admins can customize the security based on the needs of their organizations. For detailed information, you can refer to the recommended settings for EOP and Microsoft Defender for Office 365 security.
Other settings
You can also set up other settings to avail the wide range of features. These settings are:
- Schedule Malware and Spam Reports
- Verify that audit logging is enabled
- IMAP connectivity to mailbox
- POP connectivity to mailbox
- Authenticated SMTP submission and many more.
Troubleshoot the issues
You can view email security reports in the Microsoft 365 Defender portal to troubleshoot general issues. It will help you to operate your EOP services smoothly.
Report false positives and negatives
It is a feedback service provided by Microsoft to its users for better spam filtering. By reporting false positives (legit email marked as bad) and false negatives (bad email allowed) to Microsoft users can contribute to the improvement process of the service.
Create mail flow rules
Users can create mail flow rules or customize filters as per their needs. It provides users with the flexibility to apply the most suitable rules for their organizations.

What is the additional approach to safeguard my Exchange Online data?

Now, you are fully aware of the Microsoft Exchange Online Protection. By using the above-mentioned guide, you can implement it for your organization without any difficulties. But sometimes, even the Office 365 mail protection services fail to secure your mailbox from email threats. There can be multiple reasons behind this, including misconfiguration of Microsoft EOP services or improper testing of the overall security environment.

So, experts recommend taking regular backups to avoid these situations. Although there are native solutions to do so, they are tedious and time-consuming procedures. Hence, the best approach will be opting for automated solutions like Recoveryfix Microsoft 365 Backup software. Office 365 backup tool simplifies the entire backup process for all users. Also, its advanced data filtering options allow users to take selective backups of their data.

FAQs

Q1- How can I access the Exchange Online Protection portal?
Ans- You can access the Exchange Online Protection portal using the Microsoft 365 admin center. Go to Security and Compliance section to manage spam filters, policies, and reports.

Q2- Where can I find the details about the Exchange Online Protection pricing?
Ans- You can find Exchange Online Protection pricing details on Microsoft’s official website. It includes costs, features, and integration options with other services.

Q3- Is Exchange Online Protection included in Office 365 by default?
Ans- Yes, Exchange Online Protection is included in Office 365 subscriptions like Business and Enterprise plans, which provide built-in email filtering and anti-malware capabilities.

Q4- How do I activate and manage my Exchange Online Protection license?
Ans- You can activate and manage your Exchange Online Protection license using the Microsoft 365 admin center. Also, you can assign licenses to the users and configure policies for your organization.

Q5- Which provides better security: Exchange Online Protection Vs Defender for Office 365?
Ans- Defender for Office 365 provides advanced threat protection, phishing detection, and post-breach investigation, whereas EOP comes with spam and malware filtering options. All in , Defender for Office 365 is better than EOP in terms of security.

Wrap up

Microsoft EOP service is well known for its mailbox protection features. Here, we have tried to provide a complete overview of EOP, including its benefits, how it works, and its best practices for effective utilization. If you want to add an extra layer of security, then you can opt for the recommended solution. It helps you to backup Microsoft 365 emails with accurate precision.