EOP & Defender 365 questions

Question

Hi all,

I'm trying to get to know more about EOP and Defender, and I have two questions.

1) Where I can see, which protection (EOP or Defender) activates when we get any malware to my O365 mailbox? I did some test, I sent a false malware email from my Gmail to my O365 Outlook mailbox, and the protection worked (the infected attachment was deleted from the letter), but I cannot see which protection's policy stopped it.

2) The protection worked, but it seems to me that my Gmail address was forbidden somewhere in the EOP or Defender policy, because now I don't get any emails from my Gmail. I get emails from other mailbox, and my colague gets emails from my Gmail, so probaly I can't send emails only from my Gmail account to my O365 mailbox.

Many thanks in advance,
Alex

Answer 1

Hi there,
You wont be able to tell whether EOP or Defender handled a message with any logs, but know that Defender is really a set of enhanced tools on top of EOP:
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide#anti-phishing-policy-settings-in-microsoft-defender-for-office-365

Specifically anti-phishing, safe links and attachments etc..

1) If you are testing anti-malware, thats something EOP handles:

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365?view=o365-worldwide#eop-anti-malware-policy-settings

2) Check the quarantine and see why its blocked. You can unblock or add to your safe sender list.
https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files?view=o365-worldwide

If you do not see it in quarantine, check the message tracking logs:

https://learn.microsoft.com/en-us/microsoft-365/security/office-365-security/message-trace-scc?view=o365-worldwide