cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Defender for Office 365 filtering-only scenario protection for your on-premises Exchange Server

stewartkennedy83
Copper Contributor

‎Jul 09 2021 07:03 AM

‎Jul 09 2021 07:03 AM

Defender for Office 365 filtering-only scenario protection for your on-premises Exchange Server

Do you anyone help me by guiding me to some documents as to how you deploy/configure Defender for Office 365 filtering-only scenario for your on-premises Exchange Server?

3,267 Views
0 Likes
7 Replies
Reply
7 Replies
Joe Stocker

‎Jul 31 2021 11:03 AM

‎Jul 31 2021 11:03 AM

RE: Defender for Office 365 filtering-only scenario protection for your on-premises Exchange Server

There is really very little difference. Here are some tips: Don't enable Dynamic Delivery for the Safe Attachment Policy, since this requires the mailbox to be in the cloud. Instead use the "Block" policy. And understand the ZAP feature will not work. Lastly, understand that if the Accepted Domain is set to Internal, then the Directory-based-edge filtering feature will not work (you need to set it to Authoritative for that feature to work). However, before setting it to Authoratative, you should first make sure that all your mail enabled objects on-premises are represented as mailuser object types in the cloud otherwise inbound mail flow won't reach the on-premises object if it is not found in the directory. In the past this used to be a problem for mail-enabled public folders, but there is now a checkbox to enable that in Azure AD Connect.
0 Likes
Reply
leohming

‎Aug 04 2022 06:56 AM

‎Aug 04 2022 06:56 AM

RE: Defender for Office 365 filtering-only scenario protection for your on-premises Exchange Server

Hi Joe, how about the Defender for Office 365 filtering-only scenario for any other on-premises SMTP email solution? What function of MDO will not work in this scenario?
0 Likes
Reply
ExMSW4319

‎Aug 05 2022 02:12 AM

‎Aug 05 2022 02:12 AM

RE: Defender for Office 365 filtering-only scenario protection for your on-premises Exchange Server

For some technologies, you can add headers using Exchange Online mail flow rules to be read by the on-premises system. The same concept can work in reverse if you have a third-party gateway technology adding headers to be read by an on-premises Exchange transport rule. Disclaimer: I rarely use the latest version of Exchange.
0 Likes
Reply
leohming

‎Aug 05 2022 02:33 AM

‎Aug 05 2022 02:33 AM

RE: Defender for Office 365 filtering-only scenario protection for your on-premises Exchange Server

Hi ExMSW4319, my customer wants to use MDO in front of a third-party on-premises email system such as postfix mail server. What function of MDO will not work in this scenario? Are there any differences between using a third-party mailbox and a local Exchange?

0 Likes
Reply
ExMSW4319

‎Aug 05 2022 02:51 AM

‎Aug 05 2022 02:51 AM

RE: Defender for Office 365 filtering-only scenario protection for your on-premises Exchange Server

@leohming 

 

In MDO delivery will appear as on-premises/external, effectively beyond the reach of Microsoft. So as Don says, no Zero-hour Automated Purge or manual remediations from the security portal. I think those restrictions apply equally to on-premises Exchange and third-party on-premises gear. You definitely want to decide what else will be allowed to talk directly to your on-premises equipment, and whether the on-premises system will be sending directly or back out through MDO. In the latter scenario, I think Exchange Online product limits will apply. However, if you allow on-premises to send directly then you lose the MDO anti-virus tripwire for an internal infection and you lose any outbound compliance / auditing controls you might otherwise gain from the Microsoft cloud.

 

If you have Outlook clients served by the on-premises system then the Report Message add-in will still work, but that will only help vs later attacks because you have no ZAP.

 

Hybrid is a fairly big topic and I have probably left a few things out.

1 Like
Reply
leohming

‎Sep 02 2022 07:12 AM

‎Sep 02 2022 07:12 AM

Re: RE: Defender for Office 365 filtering-only scenario protection for your on-premises Exchange Ser

Hi @ExMSW4319, does the MDO Attack Simulation capabilities work for thrid-party email systems such as Gmail or on-premises 3rd-party email system?
0 Likes
Reply
ExMSW4319

‎Sep 02 2022 07:29 AM

‎Sep 02 2022 07:29 AM

Re: RE: Defender for Office 365 filtering-only scenario protection for your on-premises Exchange Ser

I do not know for certain, but the attacks are dropped directly into the target mailboxes and do not appear on any message trace. That probably means that the attacks could not be forwarded out to an external mailbox. A quick Google suggests that it does not even work for on-premises Exchange recipients, though I cannot see an authoritative MS resource at first sight.
1 Like
Reply