An Introduction to Exchange Online Protection (EOP)

Posted on September 16, 2014 by J. Peter Bruzzese in Exchange Server with 0 Comments

In a previous post we compared Exchange Online Protection (EOP) and Forefront Online Protection for Exchange (FOPE), its predecessor. That discussion helped explain how EOP has grown and is growing from lame to fame as new features are added and it becomes more enterprise grade. There is still quite a bit of room to grow, and there are plenty of items on the roadmap to be developed in the year ahead, but it’s getting a solid amount of attention from Microsoft development and that warrants a nod. In this article, however, we thought we would take a step back and go to the heart of what EOP is and how it works with follow-up articles on how to use it more fully through your Office 365 dashboard experience.

Exchange Online Protection 101

One important component of any email solution is how it protects your users from unwanted and malicious email content. Whether it’s a virus, spam, script, or some other form of malware you will want to be sure that your users are as protected as possible. You may also want to keep better track of the mail flowing in and out of your organization so that you can better monitor problems as they happen and respond to them as needed. To that end, Microsoft offers Exchange Online Protection, a cloud-based service that helps protect your organization from malware and spam.

EOP Filtering Types

EOP consists of four types of filtering: connection, anti-malware, transport rules and policy filtering, and content filtering. The majority of spam messages will be detected and deleted as messages as they pass through the first two filters: connection and anti-malware. These filters use built-in safe-sender lists and anti-malware definitions that are provided through Microsoft by trusted third-parties. You can even add custom filter policies of your own to block certain senders or to alert you when a message is blocked because of attachments found to contain malware.

Connection Filter settings via the protection feature of the Exchange admin center.

Connection Filter settings via the protection feature of the Exchange admin center. (Image: J. Peter Bruzzese)

Transport rules and content filtering allow for further email policy customization. Transport rules can be used to put further restrictions in place to protect your organization from malware. For example, you could use a transport rule to completely block messages that have attachments with executable content. Content filtering allows you to create your own policies for filtering spam while being careful not to filter out legitimate messages.


If your organization does not usually receive legitimate messages in multiple languages, then you could create a content filter policy that would deliver messages sent in another language with a note to the user that the message appears to be spam, which is shown in the image below. Only after passing through all of these layers of filters and rigorous protection does a message get delivered to the recipient mailbox. Using the tools provided as part of EOP you should be able to keep malicious and unwanted email to a minimum.

International spam filtering through the Content Filter settings.

International spam filtering through the Content Filter settings. (Image: J. Peter Bruzzese)

Integrating Exchange Online protection with your on-premises or cloud email solution is easy. If you are using or planning to migrate to Microsoft Exchange Online, then EOP will automatically be configured to protect your email. Of course, you can use EOP’s cloud-based protection in a standalone setup if you are currently using an on-premises Exchange server, whether it’s the latest 2013 version of Exchange or an older version.

It can even work with a non-Exchange email server. EOP also works well if you have configured a hybrid deployment with a mix of Exchange Online and on-premises mail servers. Keep in mind, EOP is given to all Office 365 users for free, regardless of the plan. However, if using it for an alternative solution, such as Exchange on-premise, then there is a $1 per mailbox charge, as outlined by Microsoft.


As more large companies and small businesses move from on-premises email servers to cloud-based email, a lot is changing with how we get our email and where it is stored, along with how the infrastructure works. Although you may not have an email server in your office any longer, you can be sure that suspicious email attachments and spam are not going anywhere. Exchange Online Protection is a good solution* for combating email threats and annoyances. Now that you know the basics consider taking a closer look at it as we look explore it in future articles.

*Note: We say a “good solution.”  It’s good to have a final hurdle for spam before mail hits a persons Inbox.  At the same time, you may find it valuable to have another solution with additional enterprise grade features in place to provide stronger protection from spam and malware as well. Each organization will have to make that decision for themselves. Some choose to go with a cloud-based security solution and on-premise email. Some look to an on-premise perimeter based Edge Transport server for anti-spam with Exchange 2013 running anti-virus and anti-spam agents. It all depends on how much security you need or desire.