Comments on: Admin Annoyances with Exchange Online Protection https://practical365.com/admin-annoyances-exchange-online-protection/ Practical Office 365 News, Tips, and Tutorials Thu, 01 Apr 2021 07:36:01 +0000 hourly 1 https://wordpress.org/?v=6.3.2 By: LionC https://practical365.com/admin-annoyances-exchange-online-protection/#comment-234138 Thu, 01 Apr 2021 07:36:01 +0000 https://www.practical365.com/?p=40488#comment-234138 Great Article, feeling the pain as well.

]]>
By: Mohave https://practical365.com/admin-annoyances-exchange-online-protection/#comment-212687 Mon, 10 Jun 2019 12:32:46 +0000 https://www.practical365.com/?p=40488#comment-212687 You can’t even easy submit a junk or phishing scam message to Microsoft. Crazy!

Create a blank email message.
Address the message to the Microsoft team that reviews messages, as follows:
For junk messages: junk@office365.microsoft.com
For phishing scam messages: phish@office365.microsoft.com
Copy and paste the junk or phishing scam message into the new message as an attachment.

]]>
By: Mohan https://practical365.com/admin-annoyances-exchange-online-protection/#comment-208147 Thu, 09 May 2019 01:15:48 +0000 https://www.practical365.com/?p=40488#comment-208147 It’s more than a year since this blog is released but still the UI gripe on the standard/custom switch issue is still there. This is very annoying. Does it mean the custom setting will not apply if the switch is off?

]]>
By: robert https://practical365.com/admin-annoyances-exchange-online-protection/#comment-193942 Fri, 08 Mar 2019 18:19:20 +0000 https://www.practical365.com/?p=40488#comment-193942 Hey Paul,

When you have multiple anti-spam policies configured, such as for users @domain.com, domain2.com, domain3.com. I noticed that each policy has its own allow/block list, does that mean that if you wanted to truly whtelist a sending email address that you would have to add it to all the domains you have configured with custom policies?

Thanks

]]>
By: John Pike https://practical365.com/admin-annoyances-exchange-online-protection/#comment-191999 Fri, 22 Feb 2019 13:33:43 +0000 https://www.practical365.com/?p=40488#comment-191999 When analyzing spam email headers to blacklist, I’m pulling the CIP address, sometimes the originating IP address and any available domain names to add to my spam filter block list. I have not been adding any IP’s to the Connection Filter. Should I be adding CIP’s (or anything else) to the Connection Filter? I guess this brings me to my main question: What is the difference between the Spam Filter and the Connection Filter?

]]>
By: Paul Wallace https://practical365.com/admin-annoyances-exchange-online-protection/#comment-189022 Fri, 01 Feb 2019 19:01:39 +0000 https://www.practical365.com/?p=40488#comment-189022 I have been and Email Admin for a long time, EOP falls short of any real solutions. Ironport or Proofpoint. After using this for a few months, If I was writing the checks, I would go back to a premium solution. We are constantly getting hit by phishing and spam now that we switched over.

]]>
By: Mee https://practical365.com/admin-annoyances-exchange-online-protection/#comment-160732 Thu, 09 Aug 2018 06:12:43 +0000 https://www.practical365.com/?p=40488#comment-160732 eh, just popped a few Panadol to deal with this flipping UI mess that is not as inconsistent as you say, but much much worse! I won’t bash it this time round (ok why not – Pop up after pop up!, never ending scrolls in admin & drop down showing items per page in eac (more inconsistencies!), scattered UI, DIRSYNC!!!, FLAT FSKNG UI!) more Panadol.
Anyways, I am here because I found this article useful in that I am not the only one sharing these grievances. Everything MS is ARPITA to admin these days. It gets much much worse.

Also, just wondering if there are exchange online powershell commands to block emails coming from server ip addresses in the mail header? Set-HostedConnectionFilterPolicy is not working because we use messagelabs to apply spam policy. I just want to block CIDR ranges if found ANYWHERE in the header. I can’t seem to find a way to do this.

]]>
By: Jeremy https://practical365.com/admin-annoyances-exchange-online-protection/#comment-157906 Tue, 27 Mar 2018 12:07:03 +0000 https://www.practical365.com/?p=40488#comment-157906 In reply to Paul Cunningham.

I’m looking forward to the time that hopefully comes where they just remove the controls from Exchange Online’s ECP. That’ll make things easier to work with.

]]>
By: Paul Cunningham https://practical365.com/admin-annoyances-exchange-online-protection/#comment-157893 Mon, 26 Mar 2018 23:50:13 +0000 https://www.practical365.com/?p=40488#comment-157893 In reply to Jeremy.

Phishing email is emails identified as likely phishing emails (I know right?) by the spam/content filter, based on whatever algorithm they have detecting that for them. I assume it uses SPF and other domain auth mechanisms as signals for that algorithm, but also other things (e.g. links, phrases, etc).

The control for taking action on phishing email is only available in the SCC, not in EXO/EOP. I assume thats because the SCC is where most of the development effort for these policy UI’s is being invested.

]]>
By: Jeremy https://practical365.com/admin-annoyances-exchange-online-protection/#comment-157886 Mon, 26 Mar 2018 18:26:05 +0000 https://www.practical365.com/?p=40488#comment-157886 Has anybody any idea what setting wins between these two things:

1.) EXO’s ECP -> Protection -> Spam Filter -> Edit a policy -> Advanced Options -> SPF record: hard fail [On | Off]
2.) S&CC’s -> Threat management -> Policy -> Anti-Spam -> Phishing Email

I actually just found that the SPF record: hard fail setting is actually available in S&CC under “Mark as spam” settings when editing a custom policy. Makes me wonder what all “Phishing email” entails.

]]>