Recently we have migrated our Exchange on-prem mailboxes to EXO (Hybrid Environment),and also have set MX record to ext-xxxxxxxx-xx.mail.protection.outlook.com. Therefor Emails, now are delivered through Exchange Online. Everything works fine so far, but I wonder because in Quarantine since several days there is not a single email with Quarantine Reason "Malware" or Policy Type "Anti-malware policy". Before, while we where on-prem, our AntiMalware Filter (Sophos) detected every day a few malware infected emails. Normally it can't be that since one week no infected emails did arrive our EXO.
From what I understand spam, phishing but also malware detected emails should be available in https://security.microsoft.com/quarantine and visible at least for admins.
Also "Notify an admin about undelivered messages from external senders" is set to yes and even Notification Policy is the same as for Spam, users get a quarantine list every day.
Am I completely wrong, or what might here be the point? IN the quarantine we have Spam, High Confidence Phish and Phish Quarantine Reason emails, even a few Transport Rule (what I configured as BlackList), but no Malware.
Any idea? I mean I could also be happy that we do not get malware, but honestly I am not quite sure about this fact. We are talking about 80 mailboxes.
On the other hand, I just did some more detailed tests, have sent me the eicar test virus and also have grabbed for an email with malware on my old scanning gateway and forwarded it to me. Both emails then have properly been detected as malware by EXO. So, basically it works indeed. But I still wonder how it come that within a whole week no other infected emails wehre detected, obviously we really got none, hmmm.
Or does eventually EXO have another more sophisticated malware detection which doesn't even deliver to quarantine regular viruses from the outside world? And my real infected (not the eicar one) email was just delivered into quarantine because it came from the hybrid peer?