Summary
This module examined the anti-malware and anti-spam protection that Exchange Server and Exchange Online Protection provides. Anti-malware and anti-spam defenses are a critical part of any modern messaging system. Exchange Server and Exchange Online provide highly effective tools for minimizing the number of unwanted messages that reach user mailboxes. They also provide strong defenses against malicious software. In this module, you learned how to configure spam and malware filters, policies, and settings to provide protection for your users.
The anti-spam and anti-malware protection that's included in Exchange Server and Exchange Online provide a set of default rules for protection from malware and spam. This module explored the different message hygiene options that are available in Exchange Server and Exchange Online:
- Exchange Online uses Exchange Online Protection (EOP), which is continuously updated with new features and fueled by AI and machine learning.
- Exchange Server uses built-in protection features, but these features are only used for basic tasks.
You learned that providing anti-spam protection is a balancing act between blocking unwanted messages and allowing legitimate messages. Anti-spam features that are configured too aggressively will likely block too many legitimate messages (false positives). Anti-spam features that are configured too loosely will likely allow too much spam into your organization.
You also learned that anti-malware policies are configured in the Exchange admin center. As messages travel through the Transport service on a Mailbox server, the Malware agent scans the messages and applies these policies to them. This process is referred to as malware filtering.
This module then explored spoofing, which is the term used for the creation of email messages with a forged sender address. Attackers use spoofing to convince the recipient that the email was sent by somebody else. The following technologies, all supported by Microsoft 365, ensure that your domain can't be spoofed by attackers:
- Sender Policy Framework (SPF)
- DomainKeys Identified Mail (DKIM), and
- Domain-based Message Authentication, Reporting, and Conformance (DMARC)
You also learned that attackers use phishing attacks in an attempt to steal sensitive information through emails, websites, text messages, or other forms of electronic communication that often look to be official communication from legitimate companies or individuals. Phishing and email spoofing work together, where spoofing is the term used for the creation of email messages with a forged sender address. The idea is to convince the recipient the email was sent by somebody else.
The module concluded by reviewing anti-phishing policies, which provide extra protection against impersonation and phishing attacks. You learned that anti-phishing protection was originally available only for Microsoft Defender, but now it's available for all EOP users.