Approximately 40% of incoming emails consist of spam or contain potentially harmful content like phishing attempts or malware. To ensure the cleanliness of our inboxes and the security of our systems against viruses, it is essential to filter incoming emails. This filtration process needs to occur before malicious emails reach your end users.

This is where Exchange Online Protection (EOP) comes into play. EOP is a cloud-based mail filtering service provided by Microsoft 365. It is automatically enabled for all Microsoft 365 plans that include Exchange Online.

In this blog post, we will delve into the features and benefits of Exchange Online Protection and explore how it can effectively safeguard your Exchange Online accounts. So how good is Exchange Online Protection?

What is Exchange Online Protection?

Exchange Online Protection (EOP) is a cloud-based email security service offered by Microsoft. It plays a crucial role in filtering your emails to safeguard your organization against various email-based threats, including spam, malware, and other malicious content.

Initially developed by FrontBridge Technologies Inc., it went through name changes and updates, ultimately becoming EOP in March 2013. EOP has since served as Microsoft’s primary email security solution, helping organizations combat email-based risks effectively.

Exchange Online Protection (EOP) is a built-in feature included in all Microsoft 365 Enterprise plans. Additionally, for smaller organizations, EOP is included in Microsoft 365 Business packages that come with an Exchange Online mailbox.

EOP Deployment Scenarios

EOP holds significant role when an organization adopts Microsoft Office 365 email services, emphasizing the need for robust protection against spam. Opting for cloud-based email protection services becomes a logical choice. Exchange Online Protection offers support for various deployment scenarios:

  1. Standalone Deployment: EOP can be utilized to safeguard on-premises Exchange servers, whether they run on physical or virtual machines. By implementing EOP, cloud-based protection can be extended to these servers.
  2. Cloud-Only Usage: For organizations utilizing Office 365 email services, leveraging the native Exchange Online Protection is essential to secure Exchange Online and protect users’ mailboxes hosted in the cloud.
  3. Hybrid Deployment: In a hybrid setup, where both Exchange Online and on-premises Exchange servers coexist, Exchange Online Protection can be configured in the cloud to safeguard both environments. This ensures comprehensive protection across cloud and on-premises components.

How does EOP Work?

Microsoft EOP thoroughly analyzes both inbound and outbound email messages. It employs various sophisticated filtering techniques to accurately detect and prevent the influx of undesirable messages, thereby safeguarding organizations’ email environments from a broad spectrum of threats.

Source: Exchange Online Protection overview

When an external sender sends an email to a user within your organization, the email follows a series of routers and mail servers until it reaches your mail server based on the MX records configured for your domain. If you utilize Exchange Online as part of your Microsoft 365 subscription, your virtual mail server is distributed across datacenters within the Microsoft cloud. Notably, numerous spam emails are intercepted and dropped before they even reach your Exchange Online email servers. However, once an email message arrives at an Exchange datacenter designated for your organization, Exchange Online Protection springs into action.

Exchange Online Protection initiates a thorough examination, evaluating various factors such as the sender’s reputation, IP address, domain name, and the content within the subject or message body. This data is then cross-referenced with the configured filtering parameters. If the email satisfies the conditions specified in the “allow” settings (for instance, no blacklisted phrases, IP addresses, email addresses, or domains), it proceeds to be delivered to the recipient’s mailbox. Additionally, if a sender’s IP address, email account name, or domain is present in a whitelist, the message bypasses the filtering process. Moreover, Exchange Online Protection performs rigorous malware inspections to ensure that the messages are free from any malicious content.

In summary, Exchange Online Protection plays a crucial role in scrutinizing incoming emails, considering various factors and configurations, and employing filters and malware checks to deliver safe and legitimate messages to users’ mailboxes within your organization.

EOP Key Features

Exchange Online Protection (EOP) encompasses a range of powerful security features aimed at effectively combating email-related threats. Here are some key features provided by EOP:

  1. Malware Filter: EOP employs multilayered malware protection to safeguard your email messages. It identifies and prevents viruses, spyware, and ransomware from infiltrating your organization’s systems.
  2. Spam Filter: EOP’s anti-spam technology is designed to filter out junk emails and mitigate the risks associated with fraudulent email threats. It helps ensure that unwanted and unsolicited emails do not clutter your inbox.
  3. Connection Filter: The EOP connection filter plays a crucial role in identifying the source of email servers based on their IP addresses. By evaluating the connections, it helps prevent emails originating from suspicious or malicious sources from reaching your organization’s mailbox.
  4. Anti-Phishing: With EOP, you can establish customized anti-phishing policies to counter sophisticated threats. These policies assist in detecting and blocking phishing attempts, including user impersonation and spoofing, thereby enhancing your organization’s email security.
  5. Anti-Spoofing: EOP employs anti-spoofing technology to verify the authenticity of the “From” header in email messages. By utilizing various authentication methods and sender reputation techniques, EOP identifies and blocks messages that fail to meet validation criteria, offering an additional layer of protection against spoofed emails.

By leveraging these key features of Exchange Online Protection, organizations can strengthen their defenses against malware, spam, phishing, and email spoofing, ensuring a safer and more secure email environment for their users.

What are the limitations of EOP?

While Exchange Online Protection (EOP) offers a range of email security features, it’s important to be aware of its limitations. These limitations include:

  1. End-user Control: EOP provides filtering and quarantine features to prevent spam and malicious messages from reaching user inboxes. However, once quarantined, users still have access to these messages. This can increase the risk of potential harmful messages being released accidentally or intentionally, undermining the effectiveness of the filtering process.
  2. Addressing Emerging Threats: While EOP is designed to address common email threats, the rapidly evolving nature of cyber threats means that new and sophisticated attacks may emerge that are not effectively detected or mitigated by EOP alone. It is crucial to regularly assess and update your organization’s security posture to stay ahead of emerging threats.
  3. Email Data Breaches: Despite the security measures provided by EOP, email data breaches can still occur. In a report by Egress, it was found that a significant number of organizations using Microsoft 365, including EOP, experienced email data breaches in 2020. This highlights the importance of implementing additional layers of protection beyond EOP to enhance security.

Considering these limitations, it may be prudent for organizations to evaluate their specific security needs and consider supplementing EOP with additional services such as Defender for Office 365 (formerly Advanced Threat Protection) to provide enhanced protection against a broader range of threats and mitigate the risks of email data breaches.



Exchange Online Protection (EOP) offers a good protection against various threats, including spam, viruses, malware, ransomware, and spyware. As part of Microsoft 365, EOP seamlessly integrates with Microsoft Exchange Online. It provides default mail filtering services for baseline protection while allowing customization to meet specific requirements. Implementing EOP helps mitigate the risk of data loss by shielding email users from spam and malware, reducing the likelihood of critical data compromise.

Given the ever-evolving cybersecurity landscape, relying solely on Exchange Online Protection (EOP) may not provide comprehensive protection. To enhance your organization’s email security, it is recommended to consider implementing additional defenses such as Defender for Office 365.

Defender for Office 365 offer advanced security features that augment EOP’s capabilities. These solutions provide added layers of defense against sophisticated threats, including advanced anti-phishing measures, real-time threat detection, automated incident response, and proactive threat intelligence.

If you want to learn more on how you can bolster your email security, reach out to Softlanding!



What is the difference between EOP and Defender for Office 365?

EOP, or Exchange Online Protection, is the default security service provided with Microsoft 365. On the other hand, Defender for Office 365, is an additional service that can be purchased separately for an extra cost. Defender for Office 365 is already included in Microsoft 365 Enterprise E5 and Microsoft 365 Business Premium plans.

While EOP serves as the baseline email security solution, Defender for Office 365 enhances and complements it by adding an extra layer of protection. Defender for Office 365 works in conjunction with EOP and Microsoft 365 Threat Intelligence, providing advanced security features and capabilities to further safeguard against sophisticated threats. By combining these services, organizations can benefit from comprehensive protection against a wide range of email-based risks.

Is EOP good enough?

While EOP provides a good baseline protection, it is important to note that the threat landscape is constantly evolving, and new types of sophisticated attacks are emerging. Depending on your organization’s specific security needs and risk tolerance, you may consider additional layers of protection beyond EOP. Microsoft offers Defender for Office 365 as an add-on service, which further enhances the security capabilities provided by EOP. Defender for Office 365 includes features such as advanced anti-phishing protection, safe links and attachments, and rich reporting and tracking capabilities.



Written By:


Softlanding is a long-established IT services provider of transformation, professional services and managed IT services that helps organizations boost innovation and drive business value. We are a multi-award-winning Microsoft Gold Partner with 13 Gold Competencies and we use our experience and expertise to be a trusted advisor to our clients. Headquartered in Vancouver, BC, we have staff and offices in Toronto, Montreal and Calgary to serve clients across Canada.

More By This Author