EOP 功能EOP features

重要

改进的 Microsoft 365 安全中心现已提供公共预览版。The improved Microsoft 365 security center is now available in public preview. 此新体验将 Defender for Endpoint、Defender for Office、365 Microsoft 365 Defender 等引入了 Microsoft 365 安全中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新增功能Learn what's new. 本主题可能同时适用于 Microsoft Defender for Office 365 和 Microsoft 365 Defender。This topic might apply to both Microsoft Defender for Office 365 and Microsoft 365 Defender. 请参阅 适用对象 部分,并查找本文中可能存在差异的特定标注。Refer to the Applies To section and look for specific call-outs in this article where there might be differences.

适用对象Applies to

下表提供了 Exchange Online Protection (EOP) 托管的电子邮件筛选服务中可用的功能列表。The following table provides a list of features that are available in the Exchange Online Protection (EOP) hosted email filtering service.

提示

Microsoft 365 商业版路线图是一个很好的资源,用于查找有关即将推出的新功能的信息。The Microsoft 365 for business roadmap is a good resource for finding out information about upcoming new features. 有关不同 EOP 订阅计划中的可用功能的更全面介绍,请参阅 Exchange Online Protection 服务说明For a broader view about what features are available with the different EOP subscription plans, see Exchange Online Protection Service Description.


功能Feature 说明Description
反垃圾邮件保护Anti-spam protection
入站垃圾邮件检测Inbound spam detection 有关详细信息,请参阅 Microsoft 365中的反垃圾邮件保护。For more information, see Anti-spam protection in Microsoft 365.

在 EOP 保护本地 Exchange 邮箱的独立 EOP 环境中,需要在本地 Exchange 中配置邮件流规则(亦称为“传输规则”),以转换 EOP 垃圾邮件筛选裁定,这样垃圾邮件规则才能将邮件移动到“垃圾邮件”文件夹。In standalone EOP environments where EOP protects on-premises Exchange mailboxes, you need to configure mail flow rules (also known as transport rules) in on-premises Exchange to translate the EOP spam filtering verdict so the junk email rule can move the message to the Junk Email folder. 有关详细信息,请参阅 配置独立 EOP 以将垃圾邮件发送到混合环境中垃圾邮件文件夹For details, see Configure standalone EOP to deliver spam to the Junk Email folder in hybrid environments

出站垃圾邮件检测Outbound spam detection 如果您使用出站反垃圾邮件保护服务发送出站邮件,则始终启用。Outbound anti-spam protection is always enabled if you use the service for sending outbound mail. 有关详细信息,请参阅出 站垃圾邮件保护For more information, see Outbound spam protection.
退退保护Backscatter protection 有关详细信息,请参阅退市和 EOP。For more information, see Backscatter and EOP.
批量邮件筛选Bulk mail filtering EOP 使用 BCL (批量) 批量电子邮件标记为垃圾邮件。EOP uses the bulk complaint threshold (BCL) to mark bulk email messages as spam. 有关详细信息,请参阅下列主题:For more information, see the following topics:

垃圾邮件和批量邮件之间有什么差异?What's the difference between junk email and bulk email?

EOP 中的批量 (BCL) 级别Bulk complaint level (BCL) in EOP

配置反垃圾邮件策略Configure anti-spam policies

恶意 URL 阻止列表Malicious URL block lists EOP 使用多个 URL 阻止列表,帮助检测邮件中的已知恶意链接。EOP uses several URL block lists that help detect known malicious links within messages.
防钓鱼保护Anti-phishing protection EOP 包括 750,000 个已知垃圾邮件制造者的域。EOP includes 750,000 domains of known spammers.
防欺骗保护Anti-spoofing protection 有关详细信息,请参阅 反欺骗保护For more information, see Anti-spoofing protection.
垃圾邮件管理Spam management
配置安全发件人和阻止发件人Configure safe senders and blocked senders 有关详细信息,请参阅创建安全发件人列表和创建阻止的发件人列表For more information, see Create safe sender lists and Create blocked sender lists.
创建自定义反垃圾邮件策略Create custom anti-spam policies 更精细地说明,您可以创建自定义反垃圾邮件策略,并应用于组织中指定的用户、组或域。For greater granularity, you can create custom anti-spam policies and apply them to specified users, groups, or domains in your organization. 虽然自定义策略的优先级始终高于默认策略,但可以更改自定义策略的优先级(即运行顺序)。Custom policies always take precedence over the default policy, but you can change the priority (that is, the running order) of your custom policies. 有关详细信息,请参阅配置反垃圾邮件策略For more information, see Configure anti-spam policies.
配置对垃圾邮件筛选邮件的操作Configure the actions on spam-filtered messages 例如,您可以删除内容筛选的邮件或将其发送到"垃圾邮件"文件夹或隔离区。For example, you can delete content-filtered messages or send them to the Junk Email folder or the quarantine. 有关详细信息,请参阅配置反垃圾邮件策略For more information, see Configure anti-spam policies.
国际垃圾邮件筛选International spam filtering 您可以配置反垃圾邮件筛选,以筛选以特定语言编写或来自特定国家/地区的邮件。You can configure anti-spam filtering to filter messages written in specific languages or sent from specific countries or regions. 有关详细信息,请参阅配置反垃圾邮件策略For more information, see Configure anti-spam policies.
通过 Outlook 或 Web 上的 Outlook 管理 (以前称为"Outlook Web App) Manage spam via Outlook or Outlook on the web (formerly known as Outlook Web App) 管理员和最终用户可以创建安全发件人列表和阻止发件人列表。Admins and end users can create safe sender lists and blocked sender lists. 有关详细信息,请参阅关于 Outlook 中的垃圾邮件设置For more information, see About junk email settings in Outlook.

如果使用 EOP 帮助保护内部部署邮箱,请务必使用目录同步来帮助确保将这些设置同步到服务。If you're using EOP to help protect on-premises mailboxes, be sure to use directory synchronization to help ensure that these settings are synced to the service. 有关如何设置目录同步的详细信息,请参阅在 EOP 中管理邮件用户中的"使用目录同步管理邮件用户"。For more information about setting up directory synchronization, see "Use directory synchronization to manage mail users" in Manage mail users in EOP.

向 Microsoft 报告误报和漏报。Report false positives and false negatives to Microsoft. 有关详细信息,请参见向 Microsoft 报告邮件和文件For more information, see Report messages and files to Microsoft.
最终用户垃圾邮件隔离通知End-user spam quarantine notifications 有关详细信息,请参阅最终用户垃圾邮件通知和配置最终用户垃圾邮件通知For more information, see End-user spam notifications and Configure end-user spam notifications.
在隔离门户中查看、查找和管理邮件。View, find, and manage messages in the quarantine portal. 有关详细信息,请参阅在 EOP 中以管理员角色管理隔离的邮件和文件或以用户角色查找并 释放隔离邮件For more information, see Manage quarantined messages and files as an admin in EOP or Find and release quarantined messages as a user.
查看垃圾邮件隔离邮件头View spam-quarantined message headers 在隔离中查看邮件头后,还可以将邮件头文本复制并粘贴到邮件头分析器中,以找出邮件发生了什么。After you view the message header in the quarantine, you can also copy and paste the header text into the Message Header Analyzer to find out what happened to the message.
反恶意软件保护Anti-malware protection
多引擎反恶意软件保护Multiple engine anti-malware protection 多引擎反恶意软件保护可始终自动保护我们的客户。Multiple anti-malware engines help to automatically protect our customers at all times.
禁用恶意软件筛选的能力The ability to disable malware filtering 无法禁用恶意软件筛选。You can't disable malware filtering. 我们相信,为我们的所有客户提供一致且严格的保护级别是深度防御策略的关键部分,该策略是保护电子邮件环境所必需的。We believe that helping to provide a consistent and rigorous level of protection for all of our customers is a critical part of the defense-in-depth strategy necessary to help protect your email messaging environment. 因此,对所有客户自动启用恶意软件筛选。As a result, malware filtering is automatically enabled for all customers.
邮件正文和附件的恶意软件检查Malware inspection of the message body and attachments 服务可检测邮件正文中的活动有效负载和所有邮件附件是否存在恶意软件。The service inspects the active payload in the message body and all message attachments for malware.
默认或自定义恶意软件警报通知Default or custom malware alert notifications 你可以向发件人或管理员发送通知邮件。You can send a notification message to senders or admins. 有关详细信息,请参阅配置 反恶意软件策略For more information, see Configure anti-malware policies.
收件人通知Recipient notifications 以静默方式隔离邮件或隔离邮件,同时传递邮件时,所有附件都替换为包含标准或自定义文本的单个文本文件。Silently quarantine the message or quarantine the message and also deliver it with all attachments replaced by a single text file containing standard or custom text. 有关详细信息,请参阅配置 反恶意软件策略For more information, see Configure anti-malware policies.
常见附件筛选Common Attachment Filtering 你可以启用和自定义始终被认为是恶意软件的文件类型列表。You can enable and customize a list of file types that are always presumed to be malware. 有关详细信息,请参阅 EOP 中的反 恶意软件保护For more information, see Anti-malware protection in EOP.
反间谍软件保护Anti-spyware protection 反恶意软件保护包括反病毒保护和反间谍软件保护。Anti-malware protection encompasses anti-virus protection and anti-spyware protection.
创建自定义恶意软件筛选器策略Create custom malware filter policies 更精确地讲,您可以创建自定义恶意软件筛选策略,并将其应用到组织中的特定用户、组或域。For greater granularity, you can create custom malware filter policies and apply them to specified users, groups, or domains in your organization. 自定义策略的优先级总是高于默认策略,但您可以更改自定义策略的优先级(即运行顺序)。Custom policies always take precedence over the default policy, but you can change the priority (that is, the running order) of your custom policies. 有关详细信息,请参阅配置 反恶意软件策略For more information, see Configure anti-malware policies.
邮件路由与连接器Mail routing and connectors
有条件的邮件路由Conditional mail routing 有关详细信息,请参阅方案: Exchange Online 中的条件邮件路由For more information, see Scenario: Conditional mail routing in Exchange Online.
机会型或强制 TLSOpportunistic or forced TLS 机会型或强制 TLS 在连接器中可用。Opportunistic or forced TLS is available with connectors. 机会型 TLS 尝试建立 TLS 连接,当 TLS 连接失败时,则使用 SMTP 连接。Opportunistic TLS attempts a TLS connection but uses an SMTP connection if the TLS connection is unsuccessful. 强制 TLS 强制建立 TLS 连接,这意味着当 TLS 连接失败时,邮件将被拒绝。Force TLS enforces TLS connections, meaning that the message is rejected if the TLS connection is unsuccessful. 有关 TLS、安全性以及连接器的详细信息,请参阅Set up connectors for secure mail flow with a partner organizationFor more information about TLS, security, and connectors, see Set up connectors for secure mail flow with a partner organization.
区域路由(将邮件流限制到指定区域)Regional routing (the restriction of mail flow to a specific region) 有关详细信息,请参阅 Exchange Online Protection 概述中的"EOP 数据中心"部分。For more information, see the "EOP datacenters" section in the Exchange Online Protection overview.
SMTP 连接检查程序工具The SMTP Connectivity Checker tool 有关使用此工具测试邮件流的信息,请参阅通过验证 Microsoft 365连接器测试邮件流。For more information about using this tool to test your mail flow, see Test mail flow by validating your Microsoft 365 connectors.
Match subdomainsMatch subdomains 有关启用发送到接受域的子域和从这些子域发送邮件流的信息,请参阅 Mail flow in EOPFor more information about enabling mail flow to and from subdomains of your accepted domains, see Mail flow in EOP.
邮件流规则Mail flow rules
基于策略的筛选和操作Policy-based filtering and actions 自定义策略基于 Exchange 邮件流规则 (也称为传输规则) 。Custom policies are based on Exchange mail flow rules (also known as transport rules). 您可以通过域、关键字、文件名、文件类型、主题行、邮件正文、发件人、收件人、邮件头和 IP 地址进行筛选。You can filter by domain, keyword, file name, file type, subject line, message body, sender, recipient, header, and IP address. 有关详细信息,请参阅 Mail flow rules (transport rules) in Exchange Online ProtectionFor more information, see Mail flow rules (transport rules) in Exchange Online Protection.
按文本模式进行筛选Filter by text patterns 邮件流规则可以使用数组或正则表达式来匹配文本。Mail flow rules can use an array or regular expressions to match text. 您也可以使用一个字符串或字符串数组匹配多个邮件属性,例如地址、主题、正文或附件名称。You can also use one string or an array of strings to match many message properties, such as the address, subject, body, or attachment names. 有关详细信息,请参阅 Mail flow rules (transport rules) in Exchange Online ProtectionFor more information, see Mail flow rules (transport rules) in Exchange Online Protection
自定义词典Custom dictionaries 邮件流规则可以包含文本和关键字的长列表,提供与自定义词典相同的功能。Mail flow rules can include long lists of text and keywords, providing the same functionality as a custom dictionary.
每个域策略规则Per-domain policy rules 可以自定义邮件流规则的范围,以匹配发件人或收件人域名、IP 地址范围、地址关键字或模式、组成员身份和其他条件。The scope of a mail flow rule can be customized to match sender or recipient domain names, IP address ranges, address keywords or patterns, group memberships, and other conditions.
附件扫描Attachment scanning 可以创建规则,以扫描附件的文件名、扩展名和内容。Rules can be created to scan the file name, extension, and content of the attachment.
向发件人发送策略规则通知Send policy rule notifications to the sender 可以通过"拒绝包含说明的邮件"或"拒绝包含增强状态代码的邮件"操作拒绝邮件,并将未送达报告 (也称为 NDR 或退回邮件) 发送给发件人。You can reject messages and send a non-delivery report (also known as an NDR or bounce message) to the sender via the Reject the message with the explanation or Reject the message with the enhanced status code action. 有关详细信息,请参阅 Mail flow rule actions in Exchange Online。For more information, see Mail flow rule actions in Exchange Online.
重定向或复制邮件Redirect or copy messages 邮件流规则可以重定向收件人、按抄送或密件抄送添加收件人、仅添加收件人和其他选项。Mail flow rules can redirect, add recipients by Cc or Bcc, simply add recipients, and other options. 有关详细信息,请参阅 Mail flow rule actions in Exchange Online。For more information, see Mail flow rule actions in Exchange Online.
跨多个规则调整规则优先级Adjust rule priority across multiple rules 使用 Exchange 管理中心更改规则的处理顺序。Use the Exchange admin center to change the order in which rules are processed.
筛选邮件,然后更改邮件的路由或属性Filter messages and then change the routing or attributes of a message 您可以根据多种条件筛选邮件,然后对每个邮件应用一系列操作。You can filter messages based on a wide variety of conditions and then apply a series of actions to each message. 有关详细信息,请参阅 Mail flow rules (transport rules) in Exchange Online ProtectionFor more information, see Mail flow rules (transport rules) in Exchange Online Protection.
按规则更改 (SCL) 邮件的垃圾邮件可信度。Change the spam confidence level (SCL) of a message by rule. 您可以检测传输中的邮件并根据您选择条件,向其分配垃圾邮件可信度。You can inspect an in-transit message and assign a spam confidence level to it based on criteria that you choose. 有关详细信息,请参阅使用邮件 流规则在邮件中设置 (SCL) 垃圾邮件可信度For more information, see Use mail flow rules to set the spam confidence level (SCL) in messages.
检查邮件附件Inspect message attachments 您可以检查附件内容或附加文件的特性,并根据结果定义要采取的操作。You can examine the content of an attachment or the characteristics of an attached file and define an action to take based on what is found. 有关详细信息,请参阅 使用邮件流规则检查 Exchange Online 中的邮件附件For more information, see Using mail flow rules to inspect message attachments in Exchange Online.
管理Administration
基于 Web 的管理Web-based administration 管理员可以在 Exchange 管理中心管理服务 (EAC) ,支持 60 种语言。Admins can manage the service in the Exchange admin center (EAC), which is supported in 60 languages. 有关详细信息,请参阅独立 EOP 中的 Exchange 管理中心For more information, see Exchange admin center in standalone EOP.
目录同步Directory synchronization 目录同步通过 Azure Active Directory 同步工具提供。有关详细信息,请参阅在 EOP 中管理邮件用户中的"使用目录同步管理邮件用户"部分。 Directory synchronization is available via the Azure Active Directory Sync tool. For more information, see the "Use directory synchronization to manage mail users" section in Manage mail users in EOP.
基于目录的边缘阻止 (DBEB)Directory Based Edge Blocking (DBEB) 通过 DBEB 功能,您可以在服务网络外围拒绝发送至无效收件人的邮件。The DBEB feature lets you reject messages for invalid recipients at the service network perimeter. DBEB 允许管理员将启用邮件的收件人添加到 Microsoft 365,并阻止发送到 Microsoft 365 中不存在的电子邮件地址的所有邮件。DBEB lets admins add mail-enabled recipients to Microsoft 365 and block all messages sent to email addresses that aren't present in Microsoft 365. 有关配置 DBEB 的信息,请参阅使用基于目录的边缘阻止拒绝 发送给无效收件人的邮件For more information about configuring DBEB, see Use Directory Based Edge Blocking to reject messages sent to invalid recipients.
PowerShellPowerShell 独立 EOP PowerShell 中提供完整的 EOP 功能。Full EOP functionality is available in standalone EOP PowerShell. 有关详细信息,请参阅 Exchange Online Protection PowerShellFor more information, see Exchange Online Protection PowerShell.
报告和日志记录Reporting and logging
邮件跟踪Message trace 管理员可以在通过服务时关注电子邮件。Admins can follow email messages as they pass through the service. 您可以确定目标电子邮件是接收、拒绝、延迟还是由服务传递。You can determine whether a targeted email message was received, rejected, deferred, or delivered by the service. 这使得您可以有效回答用户的问题,解决邮件流问题,验证策略更改,并减少联系技术支持寻求帮助的需要。This lets you efficiently answer your users' questions, troubleshoot mail flow issues, validate policy changes, and alleviates the need to contact technical support for assistance. 有关详细信息,请参阅“安全与合规中心中的邮件跟踪”。For more information, see Message trace in the Security & Compliance Center.
基于 Web 的报告Web-based reports 安全与合规中心内的邮件&提供邮件数据。The mail protection reports in the Security & Compliance Center provide messaging data. 例如,您可以监视检测到多少垃圾邮件和恶意软件或匹配邮件流规则多久。For example, you can monitor how much spam and malware is being detected or how often your mail flow rules are being matched. 通过这些交互式报告,您可以快速获取摘要数据的可视报告,并进一步了解每封邮件的详细信息(可回溯 90 天)。With these interactive reports, you can quickly get a visual report of summary data and drill down into details about individual messages, for as far back as 90 days. 有关详细信息,请参阅使用 邮件保护报告查看有关恶意软件、垃圾邮件和规则检测的数据For more information, see Use mail protection reports to view data about malware, spam, and rule detections.
审核日志记录Audit logging 向 EOP 管理员提供管理员角色组报告和管理员审核日志。有关详细信息,请参阅EOP 中的审核报告The administrator role group report and the administrator audit log are available for EOP admins. For more information, see Auditing reports in EOP.
服务级别协议 (SLA) 及支持Service Level Agreements (SLAs) and support
垃圾邮件有效性 SLASpam effectiveness SLA > 99%> 99%
误报率 SLAFalse positive ratio SLA < 1:250,000< 1:250,000
病毒检测和阻止 SLAVirus detection and blocking SLA 100% 的已知病毒100% of known viruses
每月运行时间 SLAMonthly uptime SLA 99.999%99.999%
24 小时全天候电话和网络技术支持Phone and web technical support 24 hours a day, seven days a week 有关 EOP 帮助和支持选项的详细信息,请参阅 EOP 帮助与支持For more information about EOP help and support options, see Help and support for EOP.
其他功能Other features
服务器的地理位置冗余全局网络A geo-redundant global network of servers EOP 在数据中心的全球网络中运行,旨在提供最好的可用性。有关详细信息,请参阅 Exchange Online Protection 概述中的"EOP 数据中心"一节。 EOP runs on a worldwide network of datacenters that are designed to help provide the best availability. For more information, see the "EOP data centers" section in Exchange Online Protection overview.
内部部署服务器无法接受邮件时的邮件队列Message queuing when the on-premises server cannot accept mail 延期的邮件将在我们的队列中保留一天。Messages in deferral remain in our queues for one day. 重试发送邮件的依据为从收件人的邮件系统返回的错误。Message retry attempts are based on the error we get back from the recipient's mail system. 邮件一般每 5 分钟重试发送一次。On average, messages are retried every 5 minutes. 有关详细信息,请参阅 EOP 排队、延迟以及退回邮件的常见问题For more information, see EOP queued, deferred, and bounced messages FAQ.
Office 365 邮件加密可作为附加服务使用Office 365 Message Encryption available as an add-on service 有关详细信息,请参阅 Office 365 中的加密For more information, see Encryption in Office 365.