Exchange Online Protection service description
Obtain information about features and requirements for Exchange Online Protection. Included is a list of plans that provide Exchange Online Protection, as well as a comparison of features across those plans.
Microsoft Exchange Online Protection (EOP) is a cloud-based email filtering service that helps protect your organization against spam and malware, and includes features to safeguard your organization from messaging-policy violations. EOP can simplify the management of your messaging environment and alleviate many of the burdens that come with maintaining on-premises hardware and software.
The following list describes the primary ways you can use EOP for messaging protection:
In a standalone scenario: EOP provides cloud-based email protection for your on-premises email environment (Exchange Server or other on-premises SMTP email solutions).
As a part of Microsoft Exchange Online: By default, EOP protects Exchange Online cloud-hosted mailboxes. To learn more about Exchange Online, see the Exchange Online service description.
In a hybrid deployment: EOP can be configured to protect your messaging environment and control mail routing when you have a mix of on-premises and cloud mailboxes.
For detailed plan information on subscriptions that enable users for Exchange Online Protection, see the full subscription comparison table.
To buy Exchange Online Protection, see Exchange Online Protection.
EOP replaced Forefront Online Protection for Exchange (FOPE). All FOPE customers have been transitioned to EOP.
What's new in Exchange Online Protection (EOP)
The Microsoft 365 roadmap is a good resource for finding out information about upcoming new features.
Exchange Online Protection (EOP) plans
EOP is available through the following subscription plans:
|EOP standalone||A separate cloud-based service that protects your on-premises email organization.|
|EOP features in Exchange Online||The built-in protection for your Exchange Online cloud-hosted mailboxes.|
|Exchange Enterprise CAL with Services||Add-on licenses you purchase for your on-premises Exchange organization that include EOP and other cloud-based features (see the next section for details).|
Exchange Enterprise CAL with Services features
Microsoft Exchange Enterprise CAL with Services provides the email protection features of EOP and the following additional cloud-based features:
For more information about Exchange Enterprise CAL with Services licensing, see Exchange licensing FAQs.
If you have Exchange Enterprise CAL with Services licenses and you want to provision EOP, follow the instructions in Set up your EOP service. The setup steps are the same as the steps for setting up EOP standalone.
New features for Exchange Enterprise CAL with Services are deployed at the same time as Exchange Online, not EOP standalone. Be advised that the deployment schedules for EOP standalone and Exchange Online/Exchange Enterprise CAL with Services may be slightly different.
Requirements for Exchange Online Protection (EOP)
EOP can be used with any SMTP mail transfer agent, such as Microsoft Exchange Server. For information about the operating systems, web browsers, and languages that are supported by EOP, see the "Supported browsers" and "Supported languages" sections in Exchange admin center in Exchange Online Protection.
For limits in EOP, see Exchange Online Protection limits.
Feature availability across Exchange Online Protection (EOP) plans
Each feature is listed below. For more detailed information about EOP features, click the links in the table. When Exchange Online is mentioned, it typically refers to the Office 365 Enterprise service family.
1 Mail users are defined as "Mailboxes," and, along with external mail contacts, can be added, removed, and otherwise managed directly in the Exchange admin center (EAC).
2 No RBAC customization. Admin roles only.
3 Managed domains can be viewed and domain types can be edited in the EAC. All other domain management must be done in the Microsoft 365 admin center.
4 Mail flow rules (also known as transport rules) in EOP are described in Mail flow rules (transport rules) in Exchange Online Protection. The available mail flow rule conditions, exceptions, and actions differ slightly between EOP and Exchange Online. These differences are noted in Mail flow rule conditions and exceptions (predicates) in Exchange Online and Mail flow rule actions in Exchange Online.
5 EOP auditing reports are a subset of Exchange Online auditing reports that exclude information about mailboxes.
6 DLP policy tips are not available for Exchange Enterprise CAL with Services customers.
7 The default content filter action is to move spam messages to the recipients' Junk Email folder. For this to work with on-premises Exchange mailboxes, you also need to configure two transport rules in your on-premises Exchange organization to detect spam headers added by EOP. For more information, see Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments.
9 EOP reports are a subset of Exchange Online reports that exclude information about mailboxes.
10 Includes DLP reports.
12 Supported for on-premises customers who purchase Azure Information Protection and use Exchange Online Protection to route email through Exchange Online.
13 Scans inbound and outbound messages, but does not scan internal messages sent from a sender in your organization to a recipient in your organization.
15 Hybrid setup is not available through Hybrid Wizard, but can be set up manually if you have Exchange SP1.