Exchange Online – A new enhanced filtering settings

As you are aware, properly configured inbound connectors to Exchange Online is very important to ensure proper and secure mail flow (including capability to fight against spam and phishing emails).

While the trusted source is usually identified as the IP address(es), in complex scenario – such as third party hygiene solution, Exchange Hybrid implementation or managed appliance – this IP address is not always to correct indicator.

To help you increase your mail hygiene implementation while ensuring mail flow continue to works, Office 365/Exchange Online now has an enhanced filtering capability.

How does it works?

In complex routing scenarios where you must point your MX record to something other than Office 365, Enhanced Filtering for Connectors allows EOP to overlook, or skip, your internal (trusted) IP addresses to find the last known external (untrusted) IP address of the message. This previous IP should be the actual source IP address of the message. This feature is known as skip listing.

To start implementing this enhanced filtering feature, logon to your Security and Compliance portal (https://protection.office.com/) and reach out the Threat management\Policy blade

image_thumb

There you will find the new Enhanced Filtering option

image_thumb[1]

When you access the Enhanced Filtering it will list your existing inbound connector and the status of the filtering option – default is Disabled

image_thumb[2]

When you click on one of these connectors, you will then have the ability to configure the enhanced filtering as well as to which users this will apply

It is recommended to first apply to a subset of your users to monitor and learn how it goes

image_thumb[3]

You can also use the Security and Compliance PowerShell command

Set-InboundConnector -Identity <inboundconnector> [-EFSkipLastIP <$true | $false>] [-EFSkipIPs <IPAddresses>] [-EFUsers “emailaddress1″,”emailaddress2”]

The Security and Compliance portal can help you identify if you have domain(s) failing under such complex scenario by checking the Threat Management\Dashboard using the Domains where email isn’t routed to Office 365 widget which then gives you the list of ‘impacted’ domains and where there are pointing to

NOTE this checks if the MX record is set to point to Office 365; if you point it to a CNAME which then point to Office 365, the domain will be identified as in the ‘complex routing’ scenario

image  image

Benoit Hamet
Benoit Hamet
Benoit is working on Microsoft collaborative technologies He has been awarded as MVP for more than 12 years Currently MVP on Office 365 after being awarded on SharePoint (2011-2012) and Windows client & server (2002-2007) Speaker at various Microsoft events (TechDays, TechNet seminars) and Quest Software He works on on-premises (Active Directory, RADIUS/NPS, Exchange, Skype for Business, SharePoint, SQL, Terminal Server, Windows client and Windows Server) or online (Azure, Intune, Office 365, Exchange Online, SharePoint Online, Skype for Business Online, Teams) technologies

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Get in touch

Your Name (required)

Your Email (required)

Subject

Your Message

Book a Demo

Your Name (required)

Your Email (required)

Phone Number(Optional)

Ask a Question

Your Name (required)

Your Email (required)

Phone Number(Optional)

Your Message

Book Assessment

Evaluate your modern workplace security posture and validate it against current best practices with a Microsoft Secure Score Assessment, from cubesys

Your Name (required)

Your Email (required)

Phone Number(Optional)

Book your Windows Analytics Deployment

Your Name (required)

Your Email (required)

Phone Number(Optional)