Forum Discussion
Quality of Exchange Online Protection
We currently run a third party antispam solution in front of Exchange Online and find that we don't get much spam in our mail boxes. Now the agreement on this third party solution is up for renewal and it prompts the question of whether this is necessary at all. Can we just use Exchange Online Protection or will we start getting lots of spam and malware delivered?
What's the opinion and the experience of people running just EOP?
For mail, EOP is very good and doing the job. Make sure to learn about Transport Rules. Experience in REGEX is a plus enabling you to create moe challenging Rules.
SPAM filter has recently been improved with known attachments filter. Now, you can quickly and easily block 96 known attachments. If you want others, use the transport rules.
Malware filter is excellant, but like everything else, zero day is still a challenge although EOP seems to catch up quickly
ZAP is my favorite. Mail (even that which has been delivered to Inbox) is continously and dynamically protected. If the reputaton of a sender exceeds limits, and the mail has not yet been read, it moves it out of Inbox into Junk.
Combine all of this with SCL setting, Personal Quarantine (user viewable) and System Quarantine (admin only) and it is doing its job.
Using another vendor as desktop/server protection will enhance your security umbrella.
But, make no mistake, you need to do your part and learn/administer it all - David
10 Replies
We deploy EOP as well as advanced threat protection. The malware filters and ZAP are good, and safe attachments works well, but we find safelinks fails for the majority of phishing stuff that makes it through. and we also have to supplement the filter with transport rules to catch a lot of phishing material that makes it through due to the phishers doing due diligence.
EOP works fine for our customers. And if they want (extra) protection against zero-day exploits have a look at https://products.office.com/en-us/exchange/online-email-threat-protection
I believe it provides a solid alternative to most solutions on the market right now, but like any anti-spam solution, they are hard to compare apples to apples. One of our biggest challenges right now with EOP is ensuring it meets the client requirements in order to move away from their in place solution. While EOP is a fully fledged product, they are still adding capabilities to it that other competitors already have in place. If EOP meets your requirements, I would say it is well worth the switch as you are already paying for it. If there is a hard requirement for a feature that your current product has, you may have to stick with it for a bit longer, but MS is adding capabilities all the time.
We've been using Exchange Online with it's built-in protection for nearly a year and a half now without any additional third-party anti-spam service and I'm quite pleased with it. We're a mid-sized government agency, and before going to Exchange Online we ran a pair of on-prem Barracuda Spam Firewall's which did a very good job of catching and filtering spam.
But really, EOP is one of the better features with Office 365. We've actually seen a reduction from the Barracuda in what actually gets through. It's been nice.
For mail, EOP is very good and doing the job. Make sure to learn about Transport Rules. Experience in REGEX is a plus enabling you to create moe challenging Rules.
SPAM filter has recently been improved with known attachments filter. Now, you can quickly and easily block 96 known attachments. If you want others, use the transport rules.
Malware filter is excellant, but like everything else, zero day is still a challenge although EOP seems to catch up quickly
ZAP is my favorite. Mail (even that which has been delivered to Inbox) is continously and dynamically protected. If the reputaton of a sender exceeds limits, and the mail has not yet been read, it moves it out of Inbox into Junk.
Combine all of this with SCL setting, Personal Quarantine (user viewable) and System Quarantine (admin only) and it is doing its job.
Using another vendor as desktop/server protection will enhance your security umbrella.
But, make no mistake, you need to do your part and learn/administer it all - David
Hello
thank you for the detailed answer. We are basically at the same point right now and thinking if we need a third party or not. Since topic is ~about 2 years old I would like to know what changes are there.
Thank you in advance
- I too have seen EOP catch things even after it has gone through a Barracuda filter. I do want to say that it would not surprise me to have a Barracuda catch a few things after going through EOP either though.
