Anti-spam and anti-malware protection[EOP]
Microsoft Exchange Online Protection (EOP) provides built-in malware and spam filtering capabilities that help protect inbound and outbound messages from malicious software and help protect your network from spam transferred through email. Administrators do not need to set up or maintain the filtering technologies, which are enabled by default. However, administrators can make company-specific filtering customizations in the Exchange admin center (EAC).
Looking for information about all EOP features? See the Exchange Online Protection service description.
Using multiple anti-malware engines, EOP offers multilayered protection that's designed to catch all known malware. Messages transported through the service are scanned for malware (viruses and spyware). If malware is detected, the message is deleted. Notifications may also be sent to senders or administrators when an infected message is deleted and not delivered. You can also choose to replace infected attachments with either default or custom messages that notify the recipients of the malware detection.
For Exchange Online Protection standalone customers, the service only scans inbound and outbound messages that are routed by the service, and does not scan messages sent from a sender in your organization to a recipient in your organization. However, for another layer of defense, you can pair the service with the built-in anti-malware protection capabilities of Exchange Server 2013, which scans internal messages for malware.
For Exchange Online and Exchange Enterprise CAL with Services customers, the service scans inbound and outbound messages that are routed by the service, as well as internal messages sent from a sender in your organization to a recipient in your organization.
Customize anti-malware policies
You can customize anti-malware policies in the EAC. You can configure the default policy for company-wide settings. For greater granularity, you can also create custom content filter policies and apply them to specified users, groups, or domains in your organization. Custom policies always take precedence over the default policy, but you can change the priority (that is, the running order) of your custom policies. For more information, see Configure Anti-Malware Policies.
EOP uses proprietary anti-spam technology to help achieve high accuracy rates. The service provides strong connection filtering and content filtering on all inbound messages. Outbound spam filtering is also always enabled if you use the service for sending outbound email, thereby helping to protect organizations using the service and their intended recipients.
Customize anti-spam policies
Spam filtering is automatically enabled for all inbound and outbound email messages processed by EOP. Spam filtering cannot be completely disabled, but certain company-wide settings can be modified by editing your default anti-spam policies. For greater granularity, you can also create custom content filter policies and apply them to specified users, groups, or domains in your organization. By default, custom policies take precedence over the default policy, but you can change the priority (running order) of your custom policies. For more information, see Configure the Anti-Spam Policies.
For EOP standalone customers: The default content filter action is to move spam messages to the recipients' Junk Email folder. For this to work with on-premises Exchange mailboxes, you also need to configure two transport rules in your on-premise Exchange organization to detect spam headers added by EOP. For more information, see Ensure that spam is routed to each user's Junk Email folder.
Messages identified by the Office 365 service as spam, bulk mail, phishing mail, containing malware, or because they matched a mail flow rule can be sent to quarantine. By default, Office 365 sends phishing messages and messages containing malware directly to quarantine. Other filtered messages are sent to the user's Junk Email folder unless an administrator sets up a policy to send these messages to quarantine instead.
Administrators can manage quarantined email messages in the Security & Compliance Center and the Exchange Admin Center (EAC). Administrators can search for and view details about quarantined messages. They can also delete messages or release messages to specific users. Administrators must use the Security & Compliance Center, not the EAC, to work with messages that were quarantined because they were identified as containing malware.
End users can manage messages that were sent to quarantine instead of sent to them in one of two ways: by responding to spam notifications sent to the end user directly (if the administrator has set this up), or by using the Security & Compliance Center. If enabled by an administrator, end users receive an end-user spam notification message that contains information about how to work with the quarantined message. End users can only manage messages that were originally sent to them and that were sent to quarantine because they were identified as spam, bulk mail, or phishing mail. End-users cannot work with messages sent to other people or messages that were sent to quarantine if the messages were identified as containing malware or because the messages matched a mail flow rule.
Both end users and administrators can report a quarantined email as a false positive (not junk) message to the Microsoft Spam Analysis Team if it was misidentified and sent to quarantine by mistake.
For more information about quarantine, see Quarantine email messages in Office 365.
Report Message add-in for Outlook
The Report Message add-in for Outlook lets EOP users easily report junk (spam) email to Microsoft for analysis to help reduce the number and impact of future junk email messages filtered by the service. For more information about installing and using this tool, see Enable the Report Message add-in.
Junk email reporting in Outlook on the web
The Junk email reporting feature in Outlook on the web (formerly known as Outlook Web App) lets users easily report junk (spam) email to Microsoft for analysis by using its built-in junk email reporting options. Depending on the results of the analysis, we can then adjust the anti-spam filter rules for our EOP service. For more information, see Report junk email and phishing scams in Outlook on the web.
To view feature availability across Office 365 plans, standalone options, and on-premises solutions, see Exchange Online Protection service description.