Exchange Online Protection Service Description

Obtain information about features and requirements for Exchange Online Protection. Included is a list of plans that provide Exchange Online Protection as well as a comparison of features across those plans.

Microsoft Exchange Online Protection (EOP) is a cloud-based email filtering service that helps protect your organization against spam and malware, and includes features to safeguard your organization from messaging-policy violations. EOP can simplify the management of your messaging environment and alleviate many of the burdens that come with maintaining on-premises hardware and software.

The following are the primary ways you can use EOP for messaging protection:

  • In a standalone scenario EOP provides cloud-based email protection for your on-premises Exchange Server 2013 environment, legacy Exchange Server versions, or for any other on-premises SMTP email solution.

  • As a part of Microsoft Exchange Online By default, EOP protects Exchange Online cloud-hosted mailboxes. To learn more about Exchange Online, see the Exchange Online Service Description.

  • In a hybrid deployment EOP can be configured to protect your messaging environment and control mail routing when you have a mix of on-premises and cloud mailboxes.

To compare features across plans, see Compare Office 365 for Business plans.

To buy Exchange Online Protection, see Exchange Online Protection.

You can export, save, and print pages in the Office 365 Service Descriptions. Learn how to export multiple pages.

Important

EOP replaces Forefront Online Protection for Exchange (FOPE). All FOPE customers will be transitioned to EOP. EOP delivers the protection and control provided by FOPE, and also includes additional features. For more information about transitioning from FOPE to EOP, go to the Forefront Online Protection for Exchange (FOPE) Transition Center.

What's new in Exchange Online Protection (EOP)

For information about new features in EOP, see What's New in Exchange Online Protection. For a feature comparison between FOPE and EOP, see FOPE vs. EOP Feature Comparison.

Exchange Online Protection (EOP) plans

EOP is available through the following subscription plans:

Plan Description
EOP standalone
Where EOP protects your on-premises mailboxes.
EOP features in Exchange Online
Where EOP protects your Exchange Online cloud-hosted mailboxes.
Exchange Enterprise CAL with Services
Where EOP protects your on-premises mailboxes, like EOP standalone, and includes data loss prevention (DLP) and reporting using web services.

Exchange Enterprise CAL with Services features

Microsoft Exchange Enterprise CAL with Services provides the email protection features of EOP for your on-premises messaging environment, along with the following features:

For more information regarding Exchange Enterprise CAL with Services licensing, see Exchange Server 2013 licensing.

If you have Exchange Enterprise CAL with Services licenses and you want to provision the service, follow the instructions in Set Up Your EOP Service. The setup steps are the same as the steps for setting up EOP standalone.

Note

New features for Exchange Enterprise CAL with Services are deployed at the same time as Exchange Online, not EOP standalone. Be advised that the deployment schedules for EOP standalone and Exchange Online/Exchange Enterprise CAL with Services may be slightly different.

Requirements for Exchange Online Protection (EOP)

EOP can be used with any SMTP mail transfer agent, such as Microsoft Exchange Server 2013. For information about the operating systems, web browsers, and languages that are supported by EOP, see the "Supported browsers" and "Supported languages" sections in Exchange Admin Center in Exchange Online Protection.

Limits

For limits in EOP, see Exchange Online Protection Limits.

Feature availability across Exchange Online Protection (EOP) plans

Each feature is listed below. For more detailed information about EOP features, click the links in the table. When Exchange Online is mentioned, it typically refers to the Office 365 Enterprise service family.

Feature
EOP standalone
EOP features in Exchange Online
Exchange Enterprise CAL with Services
Mail recipients
Yes1
Yes1
Yes
Admin role group permissions
Yes2
Yes
Yes
Domain management
Yes3
Yes3
Yes3
Match subdomains
Yes
Yes
No
Directory Based Edge Blocking (DBEB)
Yes
Yes
Yes
Transport rules
Yes3, 4, 14
Yes3, 4, 14
Yes
Audit logging
Yes5
Yes
Yes
Data loss prevention (DLP)
No
Yes
Yes6
Office 365 Message Encryption
Yes12
Yes
Yes12
Anti-spam protection (built-in)
Yes
Yes
Yes
Customize anti-spam policies
Yes7
Yes
Yes
Anti-malware protection (built-in)
Yes13
Yes
Yes
Customize anti-malware policies
Yes
Yes
Yes
Quarantine: administrator management
Yes
Yes
Yes
Quarantine: end-user self-management
Yes
Yes
Yes
Junk Email Reporting Add-in for Microsoft Office Outlook
Yes
Yes
Yes
Junk Email Reporting in Outlook Web App
Yes8
No8
No8
Routing email between Office 365 and your own email servers
Yes
Yes
Yes
Secure messaging with a trusted partner
Yes
Yes
Yes
Safe listing a partner's IP address
Yes
Yes
Yes
Conditional mail routing
Yes
Yes
Yes
Hybrid mail routing
Yes
Yes
Yes
Office 365 admin center reports
Yes9
Yes10
Yes 9, 10
Excel download application reports
Yes
Yes
Yes11
Reporting using web services
No
Yes
Yes
Message trace
Yes15
Yes15
Yes
Access to the Office 365 admin center
Yes
Yes
Yes
Access to the Exchange admin center (EAC)
Yes
Yes
Yes
Remote Windows PowerShell access
Yes2
Yes
Yes

Note

1 Mail users are defined as "Mailboxes," and, along with external mail contacts, can be added, removed, and otherwise managed directly in the Exchange admin center (EAC).
2 No RBAC customization. Admin roles only.
3 Managed domains can be viewed and domain types can be edited in the EAC. All other domain management must be done in the Office 365 admin center.
4 The available flexible criteria and actions differ between EOP and Exchange Online. For a list of available criteria and actions in EOP, see Transport Rule Criteria and Transport Rule Actions. For a list of available criteria and actions in Exchange Online, see Transport Rule Criteria and Transport Rule Actions.
5 EOP auditing reports are a subset of Exchange Online auditing reports that exclude information about mailboxes.
6 DLP policy tips are not available for Exchange Enterprise CAL with Services customers.
7 The default content filter action is to move spam messages to the recipients' Junk Email folder. For this to work with on-premises mailboxes, you must also configure two Exchange Transport rules on your on-premises servers to detect spam headers added by EOP. For more information, see Ensure that Spam is Routed to Each User's Junk Email Folder.
8 This feature is available to Exchange Server 2013 Service Pack 1 (SP1) customers whose mailboxes are being filtered by EOP, and will soon be available to Exchange Online customers.
9 EOP reports are a subset of Exchange Online reports that exclude information about mailboxes.
10 Includes DLP reports.
11 Exchange Enterprise CAL with Services customers should install the workbook by selecting the Exchange Online service rather than the Exchange Online Protection service.
12 Supported for on-premises customers who purchase Azure Information Protection and use Exchange Online Protection to route email through Exchange Online.
13 Scans inbound and outbound messages, but does not scan internal messages sent from a sender in your organization to a recipient in your organization.
14 The available predicates and actions differ between EOP and Exchange Online.
15 Hybrid setup is not available through Hybrid Wizard, but can be set up manually if you have Exchange SP1.