Exchange Online Protection Enhancement 1: Customized and Scheduled Mail Protection Reports

By using mail protection reports, you can easily analyze your mail flow to determine how much spam and malware you receive, how many of your e-mails are benign, and who the top senders and recipients are. Mail protection reports can generate summaries of all the messages that Office 365 delivered or rejected based on spam or malware characteristics. You can choose to schedule weekly or monthly mail protection reports to be sent to your inbox automatically, or you can view them directly at any time in the Office 365 Security and Compliance Dashboard.

Exchange Online Protection: Mail Traffic Report Graph Image

 

Exchange Online Protection: Mail Traffic Report Summary Image

 

 

Exchange Online Protection: Mail Traffic Report Dashboard Image

Exchange Online Protection Enhancement 2: Domain-specific e-mail Traffic Reports

Mail protection reports provide quick summaries of all the messages that Office 365 delivered or rejected based on spam or malware characteristics, but these reports are shown for all domains that are configured in your environment. If you run a multi-tenant organization with several accepted domains, how can you access reports for only certain domains?

With Exchange Online PowerShell, admins can easily generate reports for specific domain levels. This feature is indispensable for large organizations that have many accepted domains, as it makes easy to view a domain-level aggregation of mail traffic. To break down traffic by domain, you need to use the ‘Domain’ parameter with Get-MailTrafficReport and Get-MailTrafficPolicyReport in Exchange Online PowerShell. For example, if we have the three domains of contoso.com, rmi.edu.pk, and rmcd.edu.pk configured in our Exchange Online tenant and we’d like to get messages only from the rmi.edu.pk domain, we can do so by running the following cmdlet:

Exchange Online Protection: Domain-specific e-mail traffic reports cmdlts

Exchange Online Protection: Domain-specific e-mail traffic reports cmdlts

Exchange Online Protection Enhancement 3: Simplified Block and Allow Lists

Before this feature, admins had to write complex transport rules to bypass spam filtering or mark e-mails as spam for senders or domains. Microsoft Office 365 has since then simplified the process so Exchange Online Protection admins can block and allow e-mails from individual senders or entire domains with greater ease. All you need to do is locate the Spam Filter section of the Office 365 Exchange Admin Center, click on the Protection link, select the Spam filter, and Edit the default list. You can create, edit, and maintain block-and-allow lists for senders and domains in this area.

Exchange Online Protection: Simplified Block and Allow Lists Block list Image

 

Exchange Online Protection: Simplified Block and Allow Lists Allow list Image

 

Exchange Online Protection Enhancement 4: Quarantined Message Preview and Bulk Release

Previously, you could only view basic information about a quarantined message, such as its sender, the recipient, and the date on which it was sent, but you couldn’t actually view the message itself to determine whether it was a false positive or spam. Now, as an Exchange Online Protection admin, you can use the quarantined message preview feature to safely view a message’s body without triggering any malicious content it may contain.

Exchange Online Protection: Quarantined Message Preview and Bulk Release Message details Image

Exchange Online Enhancements: Quarantined Message Preview and Bulk Release TT copy Image

 

Exchange Online or Exchange Online Protection admins can also easily select up to 500 quarantined messages to Release, Release & report, or Delete. This bulk release feature can be accessed through either Exchange Online PowerShell or the Office 365 Security and Compliance area.

 

Exchange Online Protection: Quarantined Message Preview and Bulk Release Quarantine Image

Exchange Online Protection: Quarantined Message Preview and Bulk Release Quarantine Email Image

Exchange Online Protection Enhancement 5: Improved Backscatter Spam Detection with Boomerang and NDR Storm Prevention

Backscatter spam is a growing source of irritation for users and admins. Essentially, spammers can send thousands of messages on your behalf to nonexistent e-mail addresses of real domains. The mail processing servers of these domains then bounce the messages back to the sender (your inbox) with non-delivery reports (NDRs), since the recipients that the spammer listed don’t actually exist.

If you’ve ever received an e-mail with a bounce notification along the lines of “Your e-mail could not be delivered”, but you never sent an e-mail in the first place, you were likely a victim of backscatter spam. Though it may seem harmless at first, backscatter spam can easily render your inbox unusable by flooding it with non-delivery reports (NDRs) that consume the limited space you have. Fortunately, Exchange Online Protection is a malware and spam filtering service, and it’s recently stepped up its game to fight backscatter spam with two new protection features.

Backscatter detection with Boomerang

Simply put, Boomerang fights backscatter spam by marking NDR messages and quarantining them in your spam folder. This helps keep your inbox clean. Of course, the NDRs will still fill up your spam folder, so this is only a partial fix. To fully address this issue, Microsoft has coupled its use of Boomerang with NDR backscatter storm protection.

NDR backscatter storm protection

The NDR backscatter storm protection feature automatically detects a flood of backscatter NDRs, marking the first 10 NDRs as spam and deleting the rest of the “storm”. As a result, these messages won’t land in your inbox or spam folder. Instead, you’ll only see 10 NDRs in your spam folder.

Exchange Online Protections: NDR backscatter storm protection advanced options image

 

Exchange Online Protection: NDR Backscatter schema image

These are only a few of the new Exchange Online Protection features that help protect your Office 365 and On-Premises Exchange Server against spam, viruses, and malware. Overall, these new Exchange Online Protection features provide greater ease of mind for end users and equip administrators with the proper tools to ward off intruders and protect organizational assets.