Comments on: Admin Annoyances with Exchange Online Protection

By: LionC

LionC — Thu, 01 Apr 2021 07:36:01 +0000

Great Article, feeling the pain as well.

By: Mohave

Mohave — Mon, 10 Jun 2019 12:32:46 +0000

You can’t even easy submit a junk or phishing scam message to Microsoft. Crazy!

Create a blank email message.
Address the message to the Microsoft team that reviews messages, as follows:
For junk messages: junk@office365.microsoft.com
For phishing scam messages: phish@office365.microsoft.com
Copy and paste the junk or phishing scam message into the new message as an attachment.

By: Mohan

Mohan — Thu, 09 May 2019 01:15:48 +0000

It’s more than a year since this blog is released but still the UI gripe on the standard/custom switch issue is still there. This is very annoying. Does it mean the custom setting will not apply if the switch is off?

By: robert

robert — Fri, 08 Mar 2019 18:19:20 +0000

Hey Paul,

When you have multiple anti-spam policies configured, such as for users @domain.com, domain2.com, domain3.com. I noticed that each policy has its own allow/block list, does that mean that if you wanted to truly whtelist a sending email address that you would have to add it to all the domains you have configured with custom policies?

Thanks

By: John Pike

John Pike — Fri, 22 Feb 2019 13:33:43 +0000

When analyzing spam email headers to blacklist, I’m pulling the CIP address, sometimes the originating IP address and any available domain names to add to my spam filter block list. I have not been adding any IP’s to the Connection Filter. Should I be adding CIP’s (or anything else) to the Connection Filter? I guess this brings me to my main question: What is the difference between the Spam Filter and the Connection Filter?

By: Paul Wallace

Paul Wallace — Fri, 01 Feb 2019 19:01:39 +0000

I have been and Email Admin for a long time, EOP falls short of any real solutions. Ironport or Proofpoint. After using this for a few months, If I was writing the checks, I would go back to a premium solution. We are constantly getting hit by phishing and spam now that we switched over.

By: Mee

Mee — Thu, 09 Aug 2018 06:12:43 +0000

eh, just popped a few Panadol to deal with this flipping UI mess that is not as inconsistent as you say, but much much worse! I won’t bash it this time round (ok why not – Pop up after pop up!, never ending scrolls in admin & drop down showing items per page in eac (more inconsistencies!), scattered UI, DIRSYNC!!!, FLAT FSKNG UI!) more Panadol.
Anyways, I am here because I found this article useful in that I am not the only one sharing these grievances. Everything MS is ARPITA to admin these days. It gets much much worse.

Also, just wondering if there are exchange online powershell commands to block emails coming from server ip addresses in the mail header? Set-HostedConnectionFilterPolicy is not working because we use messagelabs to apply spam policy. I just want to block CIDR ranges if found ANYWHERE in the header. I can’t seem to find a way to do this.

By: Jeremy

Jeremy — Tue, 27 Mar 2018 12:07:03 +0000

In reply to Paul Cunningham. I'm looking forward to the time that hopefully comes where they just remove the controls from Exchange Online's ECP. That'll make things easier to work with.

By: Paul Cunningham

Paul Cunningham — Mon, 26 Mar 2018 23:50:13 +0000

In reply to Jeremy. Phishing email is emails identified as likely phishing emails (I know right?) by the spam/content filter, based on whatever algorithm they have detecting that for them. I assume it uses SPF and other domain auth mechanisms as signals for that algorithm, but also other things (e.g. links, phrases, etc). The control for taking action on phishing email is only available in the SCC, not in EXO/EOP. I assume thats because the SCC is where most of the development effort for these policy UI's is being invested.

By: Jeremy

Jeremy — Mon, 26 Mar 2018 18:26:05 +0000

Has anybody any idea what setting wins between these two things:

1.) EXO’s ECP -> Protection -> Spam Filter -> Edit a policy -> Advanced Options -> SPF record: hard fail [On | Off]
2.) S&CC’s -> Threat management -> Policy -> Anti-Spam -> Phishing Email

I actually just found that the SPF record: hard fail setting is actually available in S&CC under “Mark as spam” settings when editing a custom policy. Makes me wonder what all “Phishing email” entails.