EOP Part2
After preparing the onprem environment for EOP in previous post, this post is on configuring EOP scan engines to filter mails.
This roughly how an inbound email flows within in EOP
Content filter is where action is taken on mails detected as spam, high confidence spam etc.
It would helpful to set the action as above. For mails detected as SPAM, you can route it to user’s junk folder so that if required user can add the sender to his/her safe sender list. This info is set at user’s mailbox level in exchange and next time the message comes, it would go into inbox instead of junk folder. At the same time if the mail is marked to another user, it would still delivery for him into junk folder if he/she has not added the sender to safe sender list. Set-MailboxJunkEmailConfiguration cmdlet also gives the option to set “ContactsTrusted” to TRUE, making the exchange trust address in user’s contact and deliver the mail to inbox instead of Junk folder.
Get-MailboxJunkEmailConfiguration pkpanda
RunspaceId : bfa778de-aefa-46ea-bb7b-73d8329c
Enabled : True
TrustedListsOnly : False
ContactsTrusted : True
TrustedSendersAndDomains : {pkpnotes.com}
BlockedSendersAndDomains : {}
MailboxOwnerId : pkpanda
Identity : pkpanda
IsValid : True
ObjectState : Unchanged
Likewise storing the High confidence SPAMs in quarantine give ability to check their header, to understand why the email was detected as high confidence SPAM. In case of false positive to release them to user. In this situation quarantine folder should not be exposed to user i.e. it would be an admin only quarantine.
Content filter also gives the ability to use advance filters like Bulk email detection for the email. Some of them would mark the email as SPAM, where others would increase the SCL value. Once SCL value crosses SCLJunkThreshold i.e. 4, it would get into SPAM category in case was not earlier
Few of them can be tested before taking a call on enforcement
With the above setting, every email would have the test header indicating what the test filter has found in the email, giving an idea what would happen once the filter is changed to on position in dropdown.
In a large enterprise challenge arises when few user start complaining about certain advance filter making their mails detected as SPAM and adding to safe sender list option is not feasible. EOP content filter allows to have addtional content filter then the default, that can be set to a specific set of user or group.
This is my default content filter policy for the domain. Now to have a separate one for the sales team
Where sales group is a group created in O365 and required users are added into that.
The next post would be on using exchange transport rule (ETR) for custom filter of mails
Great article Sir.PKP..