Examine anti-spam and anti-malware protection
The anti-spam and anti-malware protection that's included in Exchange Server and Exchange Online provide a set of default rules for protection from malware and spam. Exchange Server and Exchange Online slightly differ in the message hygiene options that are available.
- Exchange Online uses Exchange Online Protection (EOP), which is continuously updated with new features and fueled by AI and machine learning.
- Exchange Server uses built-in protection features, but these features are only used for basic tasks.
If you need the features of a modern anti-spam and anti-malware protection, you can also use EOP standalone or hybrid with Exchange Server by routing your mail flow through EOP, or you can use a third-party solution on your on-premises perimeter network.
Microsoft 365 also includes Microsoft Defender for Office 365, which extends the protection provided by EOP. Microsoft Defender filters targeted attacks that could pass through EOP’s line of defenses, including:
- Advanced threats such as zero-day attacks in email attachments and Office documents.
- Time-of-click protection against malicious URLs.
Because Exchange Online Protection and Microsoft Defender for Office 365 are covered in other modules, this module examines the built-in Exchange Server features for anti-spam and anti-malware protection.
Anti-spam and anti-malware filtering in Exchange Server
The basic protection in Exchange Server is provided by the following two features:
Feature name
Description
Used at…
Anti-spam protection
Exchange uses transport agents to provide anti-spam protection, and the built-in agents that are available in Exchange Server are relatively unchanged from Exchange Server 2010. In modern Exchange deployments, configuration and management of these agents is available only in the Exchange Management Shell.
These agents are enabled by default on Edge Transport servers, and you can enable them on Exchange Mailbox servers.
Anti-malware protection
Anti-malware protection in Exchange Server helps combat viruses and spyware in your email messaging environment. Viruses infect other programs and data, and they spread throughout your computer looking for programs to infect. Spyware gathers personal information (for example, sign in information and personal data) and sends it back to its author. The anti-malware protection in Exchange Server was introduced in Exchange 2013 and is provided by the Transport agent titled Malware Agent. The agent scans messages as they travel through the Transport service on a Mailbox server. Anti-malware protection is configured and managed through anti-malware policies, server settings, and scripts.
The Malware agent is available and enabled by default on Exchange Mailbox servers.
Knowledge check
Choose the best response for the following question. Then select “Check your answers.”