![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 76%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECB%3C/text%3E%3C/svg%3E)
Microsoft Exchange Online
A Microsoft email and calendaring hosted service.
2,095 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
Hi @crib bar
Please kindly note that due to policy, we cannot make recommendations of third-party products for you.
In this case I would suggest we mainly focus on EOP and its features.
Thanks for your understanding.
For features in EOP please refer to this link:
Exchange Online Protection overview
If the main purpose to prevent your organization from malware, spam and phishing, EOP is a powerful product for that.
Secondly, are the security features & rules in Exchange Online Protection (EOP) configurable/customisable to each customer, or are they an out-of-the-box set of protections that cannot be readily altered?
Most features you can see in the Microsoft Defender portal are customizable.
Let's take anti-spam policies for example.
Direct link to the page (require admin permission): https://security.microsoft.com/antispam
We can see there are three default policies:
Anti-spam inbound policy applies to inbound emails to your organization.
Connection filter policy checks the senders' reputation to determine if the sender sends spam messages.
Anti-spam outbound policy applies to outbound emails to external sent from your organization.
These default policies are all customizable and by default applied to all users in your organization.
You can also create new policies which override the default policies.
For example, you can create a new inbound anti-spam policy with stricter criteria and apply it to specific users to offer them better protection from spam.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.