SOLVED

Quality of Exchange Online Protection

Deleted
Not applicable

We currently run a third party antispam solution in front of Exchange Online and find that we don't get much spam in our mail boxes. Now the agreement on this third party solution is up for renewal and it prompts the question of whether this is necessary at all. Can we just use Exchange Online Protection or will we start getting lots of spam and malware delivered?

 

What's the opinion and the experience of people running just EOP?

10 Replies

We've been using Exchange Online with it's built-in protection for nearly a year and a half now without any additional third-party anti-spam service and I'm quite pleased with it.  We're a mid-sized government agency, and before going to Exchange Online we ran a pair of on-prem Barracuda Spam Firewall's which did a very good job of catching and filtering spam.

 

But really, EOP is one of the better features with Office 365.  We've actually seen a reduction from the Barracuda in what actually gets through.  It's been nice.

I believe it provides a solid alternative to most solutions on the market right now, but like any anti-spam solution, they are hard to compare apples to apples. One of our biggest challenges right now with EOP is ensuring it meets the client requirements in order to move away from their in place solution. While EOP is a fully fledged product, they are still adding capabilities to it that other competitors already have in place. If EOP meets your requirements, I would say it is well worth the switch as you are already paying for it. If there is a hard requirement for a feature that your current product has, you may have to stick with it for a bit longer, but MS is adding capabilities all the time. 

I too have seen EOP catch things even after it has gone through a Barracuda filter. I do want to say that it would not surprise me to have a Barracuda catch a few things after going through EOP either though.

Thank you, Rick and Paul. This is very interesting and it seems like we can do without the third party solution. We'll try it out and see if it works.

 

 

EOP works fine for our customers. And if they want (extra) protection against zero-day exploits have a look at https://products.office.com/en-us/exchange/online-email-threat-protection

best response
Solution

For mail, EOP is very good and doing the job.  Make sure to learn about Transport Rules.  Experience in REGEX is a plus enabling you to create moe challenging Rules.

SPAM filter has recently been improved with known attachments filter. Now, you can quickly and easily block 96 known attachments.  If you want others, use the transport rules.

Malware filter is excellant, but like everything else, zero day is still a challenge although EOP seems to catch up quickly

ZAP is my favorite. Mail (even that which has been delivered to Inbox) is continously and dynamically protected.  If the reputaton of a sender exceeds limits, and the mail has not yet been read, it moves it out of Inbox into Junk.

Combine all of this with SCL setting, Personal Quarantine (user viewable) and System Quarantine (admin only) and it is doing its job.

Using another vendor as desktop/server protection will enhance your security umbrella.

 

But, make no mistake, you need to do your part and learn/administer it all - David

Hello 
thank you for the detailed answer. We are basically at the same point right now and thinking if we need a third party or not.  Since topic is ~about 2 years old I would like to know what changes are there.
Thank you in advance

Victor,

Definitely a lot of changes in the last few months and all for the better.  EOP and ATP (add-on or E5) have been adding features and protection.  While I am saying it is far better, I do recommend you engage your Microsoft Account team for better and more accurate informations.

 

Phishing is a new tag in the headers, and EOP has sensing it better and sending to Junk/Quarantine.   More features are being added to GUI based programming and away from Transport rules making it easier to administer.

 

Lastly, the newly updated Security And Compliance Center have added a lot of features for EOP and ATP.  Reporting has also increased with more realtime reports than previous.  All in all, lets of improvement in 6plus months and worth looking it. - David

David, 

Thanks a lot for update. We are already working with MS team and definitely seeing lots of benefits and new features. 
regards  

We deploy EOP as well as advanced threat protection. The malware filters and ZAP are good, and safe attachments works well, but we find safelinks fails for the majority of phishing stuff that makes it through. and we also have to supplement the filter with transport rules to catch a lot of phishing material that makes it through due to the phishers doing due diligence.

1 best response

Accepted Solutions
best response
Solution

For mail, EOP is very good and doing the job.  Make sure to learn about Transport Rules.  Experience in REGEX is a plus enabling you to create moe challenging Rules.

SPAM filter has recently been improved with known attachments filter. Now, you can quickly and easily block 96 known attachments.  If you want others, use the transport rules.

Malware filter is excellant, but like everything else, zero day is still a challenge although EOP seems to catch up quickly

ZAP is my favorite. Mail (even that which has been delivered to Inbox) is continously and dynamically protected.  If the reputaton of a sender exceeds limits, and the mail has not yet been read, it moves it out of Inbox into Junk.

Combine all of this with SCL setting, Personal Quarantine (user viewable) and System Quarantine (admin only) and it is doing its job.

Using another vendor as desktop/server protection will enhance your security umbrella.

 

But, make no mistake, you need to do your part and learn/administer it all - David

View solution in original post