EOP & Defender 365 questions

Alextheonlyone 196 Reputation points
2022-02-08T11:39:27.047+00:00

Hi all,

I'm trying to get to know more about EOP and Defender, and I have two questions.

1) Where I can see, which protection (EOP or Defender) activates when we get any malware to my O365 mailbox? I did some test, I sent a false malware email from my Gmail to my O365 Outlook mailbox, and the protection worked (the infected attachment was deleted from the letter), but I cannot see which protection's policy stopped it.

2) The protection worked, but it seems to me that my Gmail address was forbidden somewhere in the EOP or Defender policy, because now I don't get any emails from my Gmail. I get emails from other mailbox, and my colague gets emails from my Gmail, so probaly I can't send emails only from my Gmail account to my O365 mailbox.

Many thanks in advance,
Alex

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
35,752 questions
{count} votes

Accepted answer
  1. Andy David - MVP 140.8K Reputation points MVP
    2022-02-08T12:15:49.267+00:00

    Hi there,
    You wont be able to tell whether EOP or Defender handled a message with any logs, but know that Defender is really a set of enhanced tools on top of EOP:
    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide#anti-phishing-policy-settings-in-microsoft-defender-for-office-365

    Specifically anti-phishing, safe links and attachments etc..

    1) If you are testing anti-malware, thats something EOP handles:

    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide#eop-anti-malware-policy-settings

    2) Check the quarantine and see why its blocked. You can unblock or add to your safe sender list.
    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files?view=o365-worldwide

    If you do not see it in quarantine, check the message tracking logs:

    https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/message-trace-scc?view=o365-worldwide

    2 people found this answer helpful.

0 additional answers

Sort by: Most helpful