Exchange Online Protection Service Description
Obtain information about features and requirements for Exchange Online Protection. Included is a list of plans that provide Exchange Online Protection as well as a comparison of features across those plans.
Microsoft Exchange Online Protection (EOP) is a cloud-based email filtering service that helps protect your organization against spam and malware, and includes features to safeguard your organization from messaging-policy violations. EOP can simplify the management of your messaging environment and alleviate many of the burdens that come with maintaining on-premises hardware and software.
The following are the primary ways you can use EOP for messaging protection:
In a standalone scenario EOP provides cloud-based email protection for your on-premises Exchange Server 2013 environment, legacy Exchange Server versions, or for any other on-premises SMTP email solution.
As a part of Microsoft Exchange Online By default, EOP protects Exchange Online cloud-hosted mailboxes. To learn more about Exchange Online, see the Exchange Online Service Description.
In a hybrid deployment EOP can be configured to protect your messaging environment and control mail routing when you have a mix of on-premises and cloud mailboxes.
To compare features across plans, see Compare Office 365 for Business plans.
To buy Exchange Online Protection, see Exchange Online Protection.
You can export, save, and print pages in the Office 365 Service Descriptions. Learn how to export multiple pages.
EOP replaces Forefront Online Protection for Exchange (FOPE). All FOPE customers will be transitioned to EOP. EOP delivers the protection and control provided by FOPE, and also includes additional features. For more information about transitioning from FOPE to EOP, go to the Forefront Online Protection for Exchange (FOPE) Transition Center.
What's new in Exchange Online Protection (EOP)
Exchange Online Protection (EOP) plans
EOP is available through the following subscription plans:
||Where EOP protects your on-premises mailboxes.
|EOP features in Exchange Online
||Where EOP protects your Exchange Online cloud-hosted mailboxes.
|Exchange Enterprise CAL with Services
||Where EOP protects your on-premises mailboxes, like EOP standalone, and includes data loss prevention (DLP) and reporting using web services.
Exchange Enterprise CAL with Services features
Microsoft Exchange Enterprise CAL with Services provides the email protection features of EOP for your on-premises messaging environment, along with the following features:
For more information regarding Exchange Enterprise CAL with Services licensing, see Exchange Server 2013 licensing.
If you have Exchange Enterprise CAL with Services licenses and you want to provision the service, follow the instructions in Set Up Your EOP Service. The setup steps are the same as the steps for setting up EOP standalone.
New features for Exchange Enterprise CAL with Services are deployed at the same time as Exchange Online, not EOP standalone. Be advised that the deployment schedules for EOP standalone and Exchange Online/Exchange Enterprise CAL with Services may be slightly different.
Requirements for Exchange Online Protection (EOP)
EOP can be used with any SMTP mail transfer agent, such as Microsoft Exchange Server 2013. For information about the operating systems, web browsers, and languages that are supported by EOP, see the "Supported browsers" and "Supported languages" sections in Exchange Admin Center in Exchange Online Protection.
For limits in EOP, see Exchange Online Protection Limits.
Feature availability across Exchange Online Protection (EOP) plans
Each feature is listed below. For more detailed information about EOP features, click the links in the table. When Exchange Online is mentioned, it typically refers to the Office 365 Enterprise service family.
1 Mail users are defined as "Mailboxes," and, along with external mail contacts, can be added, removed, and otherwise managed directly in the Exchange admin center (EAC).
2 No RBAC customization. Admin roles only.
3 Managed domains can be viewed and domain types can be edited in the EAC. All other domain management must be done in the Microsoft 365 admin center.
4 The available flexible criteria and actions differ between EOP and Exchange Online. For a list of available criteria and actions in EOP, see Transport Rule Criteria and Transport Rule Actions. For a list of available criteria and actions in Exchange Online, see Transport Rule Criteria and Transport Rule Actions.
5 EOP auditing reports are a subset of Exchange Online auditing reports that exclude information about mailboxes.
6 DLP policy tips are not available for Exchange Enterprise CAL with Services customers.
7 The default content filter action is to move spam messages to the recipients' Junk Email folder. For this to work with on-premises mailboxes, you must also configure two Exchange Transport rules on your on-premises servers to detect spam headers added by EOP. For more information, see Ensure that Spam is Routed to Each User's Junk Email Folder.
8 This feature is available to Exchange Server 2013 Service Pack 1 (SP1) customers whose mailboxes are being filtered by EOP, and will soon be available to Exchange Online customers.
9 EOP reports are a subset of Exchange Online reports that exclude information about mailboxes.
10 Includes DLP reports.
11 Exchange Enterprise CAL with Services customers should install the workbook by selecting the Exchange Online service rather than the Exchange Online Protection service.
12 Supported for on-premises customers who purchase Azure Information Protection and use Exchange Online Protection to route email through Exchange Online.
13 Scans inbound and outbound messages, but does not scan internal messages sent from a sender in your organization to a recipient in your organization.
14 The available predicates and actions differ between EOP and Exchange Online.
15 Hybrid setup is not available through Hybrid Wizard, but can be set up manually if you have Exchange SP1.
We'd love to hear your thoughts. Choose the type you'd like to provide:
Our feedback system is built on GitHub Issues. Read more on our blog.