In today’s digital age, email security is of paramount importance. Cyber threats are constantly evolving, and organizations must protect their sensitive data from attacks. Microsoft’s 365 suite offers a range of email protection features designed to safeguard your organization’s communication. This guide will provide you with an in-depth understanding of Microsoft 365 email protection, help you implement the right security measures, and troubleshoot any issues that may arise. We’ll also cover best practices to ensure optimal email security for your organization. Let’s dive in and unlock the power of email protection!


Email is a critical communication tool for businesses, but it also presents a significant risk. Cybercriminals use sophisticated phishing, malware, and ransomware attacks to compromise email systems, steal data, and disrupt operations. Microsoft 365 email protection offers a comprehensive set of features to secure your organization’s email communication, including Exchange Online Protection (EOP), Advanced Threat Protection (ATP), Data Loss Prevention (DLP), email encryption, and Multi-Factor Authentication (MFA). By understanding and implementing these features, you can greatly reduce the risk of email-related cyber threats and protect your organization’s valuable data.

Understanding Microsoft 365 Email Protection Features

Exchange Online Protection (EOP)

Exchange Online Protection (EOP) is a built-in feature of Microsoft 365 that helps protect your organization from spam, malware, and phishing attacks. EOP uses multiple filtering technologies, such as Microsoft’s SmartScreen technology, to analyze email messages and identify potential threats. Some key features of EOP include:

  • Malware filtering: Scans email attachments for known malware signatures and blocks potentially harmful messages.
  • Spam filtering: Detects and removes unsolicited email messages, reducing the risk of phishing attacks.
  • Connection filtering: Blocks email messages from known malicious IP addresses.
  • Transport rules: Allows you to create custom rules to filter and manage email messages based on specific criteria, such as keywords or sender domains.

Advanced Threat Protection (ATP)

Advanced Threat Protection (ATP) is an additional layer of security that provides advanced protection against sophisticated threats, such as zero-day malware and targeted phishing attacks. ATP uses machine learning, behavioral analysis, and threat intelligence to detect and block advanced threats in real-time. Some key features of ATP include:

  • Safe Attachments: Scans email attachments for unknown malware and sandboxing potentially malicious files.
  • Safe Links: Rewrites URLs in email messages and checks them for malicious content when users click on them.
  • Anti-phishing protection: Uses machine learning algorithms to detect and block phishing emails that impersonate users or domains within your organization.
  • Threat investigation and response: Provides tools to investigate and respond to security incidents, such as the Attack Simulator and Threat Explorer.

Data Loss Prevention (DLP)

Data Loss Prevention (DLP) helps prevent the accidental or intentional leakage of sensitive data, such as credit card numbers or Social Insurance Numbers, through email. DLP policies can be configured to automatically detect sensitive information in email messages and take appropriate actions, such as blocking the message, notifying the sender, or encrypting the content. Some key features of DLP include:

  • Predefined templates: Offers a set of predefined templates based on common regulatory standards, such as PIPEDA and HIPAA, to help you quickly create and implement DLP policies.
  • Custom policies: Allows you to create custom DLP policies based on your organization’s unique data protection requirements.
  • Policy tips: Provides real-time feedback to users when they attempt to send an email containing sensitive information, helping to educate them on data protection policies.

Email Encryption

Email encryption ensures the confidentiality and integrity of your email messages by encrypting their content during transit and storage. Microsoft 365 offers several email encryption options, including:

  • Office Message Encryption (OME): Automatically encrypts email messages that meet specific criteria, such as containing sensitive information or being sent to external recipients.
  • Secure/Multipurpose Internet Mail Extensions (S/MIME): Allows users to digitally sign and encrypt email messages, ensuring the authenticity and confidentiality of the communication.
  • Transport Layer Security (TLS): Encrypts the connection between email servers, protecting email messages during transit.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) adds an extra layer of security to your organization’s email accounts by requiring users to provide two or more forms of identification during the login process. MFA can significantly reduce the risk of unauthorized access to email accounts, even if a user’s password is compromised. Some key features of MFA include:

  • Various authentication methods: Allows users to choose from a variety of authentication methods, such as a mobile app, phone call, or text message.
  • Conditional access: Allows you to create rules that require MFA only under specific conditions, such as when users are accessing email from outside the corporate network.
  • App passwords: Enables users to create unique passwords for non-browser applications that do not support MFA, such as mobile email clients.
Feature Exchange Online Protection (EOP) Microsoft Defender for Office 365 (Plan 1) Microsoft Defender for Office 365 (Plan 2)
Antivirus, antimalware, and ransomware protection for devices Yes Yes Yes
Next-generation protection (antivirus/antimalware protection on devices together with cloud protection) No Yes Yes
Attack surface reduction (network protection, firewall, and attack surface reduction rules) Yes Yes Yes
Antiphishing Yes Yes Yes
Advanced protection for internal mail No Yes Yes
Automation, investigation, and response No Yes Yes
Email authentication (SPF, DKIM, and DMARC) Yes Yes Yes
Advanced protection against zero-day threats No No Yes
Automated investigation and remediation No No Yes
Threat and vulnerability management No No Yes
Attack simulation training No No Yes

Key takeaways:

  • Microsoft 365 email protection includes a range of features designed to safeguard your organization’s email communication, such as EOP, ATP, DLP, email encryption, and MFA.
  • Understanding and implementing these features can significantly reduce the risk of email-related cyber threats and protect your organization’s sensitive data.

Block Legacy Authentication

Legacy authentication refers to older user authentication protocols used in Azure cloud services, including SMTP, IMAP, POP, and MAPI. These protocols lack support for modern security measures, such as multi-factor authentication (MFA), making them vulnerable to attacks by malicious actors. To enhance email access security, it is recommended to replace these outdated protocols with more secure alternatives.

Microsoft has recently revealed plans to disable certain basic authentication methods in Exchange Online, aiming to improve email account security for all users. By transitioning to more robust authentication methods, organizations can better protect their email communication and reduce the risk of unauthorized access.

Key Takeaways:

  • Legacy authentication protocols lack modern security features like MFA, increasing vulnerability.
  • Microsoft is disabling basic authentication methods in Exchange Online to enhance security.
  • Organizations should replace outdated protocols with secure alternatives to protect email communication.

Unified Audit Log (UAL)

The Unified Audit Log records various events from Exchange Online, Azure Directory, Teams, and other Microsoft 365 services. The log gives you an overview of past and ongoing activities in the Azure environment. It also allows for the reversal of various actions such as mass file renames and file restorations. Learn more about enabling and using UAL here.

Key Takeaway:

  • Utilizing the Unified Audit Log helps monitor and manage activities across Microsoft 365 services, enhancing security and control over your organization’s environment.


When configured correctly, (1) Sender Policy Framework, (2) DomainKeys Identified Mail, and (3) Domain-based Message Authentication, Reporting and Conformance can block impersonation attacks, significantly reducing the risk of phishing and spoofing.

Key Takeaway:

  • Configuring SPF, DKIM, and DMARC is essential to protect against impersonation attacks, phishing, and spoofing.

Disabled mailbox auto-forwarding to remote domains

Auto-forwarding mail to external domains indiscriminately risks sensitive data leaving the secure corporate environment. Hackers can also use this feature to automatically receive data from unsuspecting users.

Key Takeaway:

  • Disabling mailbox auto-forwarding to remote domains helps prevent data leakage and potential cyberattacks.

Alerts for suspicious activities

Configure alert policies in the Security Compliance Center to track user activities and quickly notify the relevant admins of unusual activities. Abnormal user or system behaviour might indicate an imminent or progressing attack.

Key Takeaway:

  • Timely alerts for suspicious activities enable swift action to mitigate potential threats.

Microsoft 365 Secure Score

Microsoft 365 Secure Score measures your organization’s security posture across Microsoft 365 services by assigning it a numeric value when you first log in. The tool also provides actionable recommendations on sealing off security loopholes and assigns a numeric value to each that can be totaled to form an overall maximum score for your organization. You can also see how your organization’s score compares to the average scores across all Microsoft 365 customers.

Key Takeaway:

  • Microsoft 365 Secure Score helps evaluate and improve your organization’s security posture.

Reporting Message add-in

When fighting phishing attacks, your users are in the frontline as they truly see what is happening in their mailboxes. In some cases, they might receive and identify a phishing message and by enabling the Report Message and Report Phishing add-ins for Outlook, they can report it easily instead of deleting it quietly. This feature allows your users to report both spam and phishing emails and these reported messages are tracked in Microsoft 365 backend and displayed in the Security Dashboard to allow administrators to follow up or take action before the same phishing emails are sent to other users and cause damage.

Key Takeaway:

  • Empower users to report phishing emails with the Report Message add-in, strengthening your organization’s defense against phishing attacks.

Implementing Microsoft 365 Email Protection

To effectively protect your organization’s email communication, it’s essential to properly implement Microsoft 365 email protection features. This section will guide you through the process of assessing your organization’s needs, choosing the right plan, and configuring email protection settings.

Assessing your organization’s needs

Before implementing Microsoft 365 email protection, it’s crucial to assess your organization’s specific security requirements. Consider the following factors:

  • The size of your organization: Larger organizations may require more advanced email protection features, such as ATP, to effectively safeguard their communication.
  • Regulatory compliance: Organizations subject to regulatory standards, such as PIPEDA or HIPAA, may need to implement specific email protection measures, such as DLP and email encryption, to maintain compliance.
  • Risk tolerance: Determine your organization’s risk tolerance to help guide your email protection strategy. For example, organizations that handle sensitive data may require more stringent email security measures.

Choosing the right plan

Microsoft 365 offers several subscription plans that include different email protection features. To choose the right plan for your organization, compare the features and pricing of each plan, and select the one that best aligns with your organization’s needs and budget. Some popular Microsoft 365 plans that include email protection features are:

  • Microsoft 365 Business Basic: Includes EOP, DLP, and email encryption.
  • Microsoft 365 Business Standard: Includes all the features of Business Basic, plus MFA.
  • Microsoft 365 E5: Includes all the features of Business Standard, plus ATP and advanced compliance features.

Configuring Office 365 email protection settings

Once you’ve chosen the appropriate Microsoft 365 plan, you’ll need to configure the email protection settings for your organization. Follow the steps below to configure each feature:

  • Exchange Online Protection: Configure EOP settings by accessing the Exchange admin center and navigating to the “protection” section. Here, you can create and manage malware, spam, and connection filtering policies, as well as configure transport rules.
  • Advanced Threat Protection: Configure ATP settings by accessing the Microsoft 365 security center and navigating to the “Threat management” section. Here, you can configure Safe Attachments, Safe Links, anti-phishing policies, and threat investigation and response tools.
  • Data Loss Prevention: Configure DLP settings by accessing the Microsoft 365 compliance center and navigating to the “Data loss prevention” section. Here, you can create and manage DLP policies using predefined templates or custom rules.
  • Email Encryption: Configure email encryption settings by accessing the Exchange admin center and navigating to the “mail flow” section. Here, you can create and manage encryption rules based on specific criteria, such as message content or recipient domains.
  • Multi-Factor Authentication: Configure MFA settings by accessing the Microsoft 365 admin center and navigating to the “Users” section. Here, you can enable MFA for individual users or groups and configure conditional access rules and app passwords.

Key takeaways:

  • Assess your organization’s specific security requirements and choose the appropriate Microsoft 365 plan that includes the necessary email protection features.
  • Properly configure the settings for EOP, ATP, DLP, email encryption, and MFA to effectively protect your organization’s email communication.

Troubleshooting Microsoft 365 Email Protection Issues

Despite careful implementation, issues may arise with Microsoft 365 email protection features. This section will help you identify common problems and provide guidance on resolving them.

Common Issues and Solutions

False positives and negatives

False positives occur when legitimate email messages are incorrectly identified as spam or malicious. False negatives occur when spam or malicious messages are not detected by the email protection filters. To address these issues:

  • Review and adjust your EOP and ATP filtering settings to better align with your organization’s needs and risk tolerance.
  • Train your users to report false positives and negatives to help improve the accuracy of the filtering algorithms.

Email delivery delays

Email delivery delays can occur due to various factors, such as server issues, network congestion, or email protection features incorrectly blocking messages. To resolve email delivery delays:

  • Check the Microsoft 365 Service Health Dashboard for any known issues or outages affecting email delivery.
  • Review your EOP and ATP settings to ensure they are not inadvertently blocking legitimate email messages.
  • Contact Microsoft Support if the issue persists.

DLP policy violations

Users may accidentally or intentionally violate DLP policies by attempting to send sensitive information through email. To address DLP policy violations:

  • Ensure that your DLP policies are properly configured and up-to-date with your organization’s data protection requirements.
  • Educate your users on DLP policies and the importance of protecting sensitive information.
  • Monitor DLP policy violations and take appropriate actions, such as disciplinary measures or additional training, as necessary.

Monitoring and Reporting

To effectively manage and troubleshoot Office 365 email protection issues, it’s essential to monitor the performance of your email protection features and generate reports. Office 365 provides several tools and resources for monitoring and reporting, such as:

  • Microsoft 365 security center: Offers a centralized dashboard for monitoring the security of your Office 365 environment, including email protection features.
  • Threat Explorer: Provides detailed information on detected threats, such as phishing, malware, and spam, as well as the actions taken by the email protection features.
  • DLP policy reports: Displays the number of DLP policy violations, the type of sensitive information involved, and the actions taken to protect the data.

Escalating and resolving issues with Microsoft Support

If you encounter issues with Microsoft 365 email protection features that you cannot resolve independently, you can escalate the problem to Microsoft Support. Microsoft offers a variety of support options, such as online resources, community forums, and direct contact with support representatives. To escalate an issue:

  • Visit the Microsoft Support website and search for relevant articles or resources that may help resolve your issue.
  • Access the Microsoft 365 Community to ask questions and seek assistance from other users and experts.
  • If the issue persists, submit a support request to Microsoft, providing detailed information about the problem and the steps you have taken to resolve it.

Best Practices for Microsoft 365 Email Protection

To get the most out of Microsoft 365 email protection features and ensure the security of your organization’s email communication, follow these best practices:

Regularly review and update settings

Regularly reviewing and updating your Microsoft 365 email protection settings is essential to maintain effective email security. As your organization evolves and new threats emerge, you may need to adjust your settings to maintain optimal protection. Schedule periodic reviews of your EOP, ATP, DLP, email encryption, and MFA settings, and make adjustments as necessary.

Employee education and training

A well-informed workforce is one of the most effective defenses against email-related cyber threats. Provide ongoing education and training to your employees on the importance of email security, best practices for handling sensitive information, and how to identify and report potential email threats. Regular training sessions and simulated phishing exercises can help keep email security top of mind for your employees.

Establishing and enforcing security policies

Developing clear and comprehensive security policies is crucial to ensure that your employees understand their responsibilities regarding email security. Your security policies should outline acceptable use, data handling procedures, password management, and incident reporting. Regularly review and update your security policies, and enforce them consistently to maintain a strong security posture.

Unlock the Power of Email Security 🏆

Recap of key takeaways

  • Microsoft 365 email protection includes a range of features, such as EOP, ATP, DLP, email encryption, and MFA, designed to safeguard your organization’s email communication.
  • Properly assess your organization’s needs, choose the right Microsoft 365 plan, and configure email protection settings to effectively protect your email communication.
  • Troubleshoot common issues, such as false positives and negatives, email delivery delays, and DLP policy violations, and use Microsoft 365 monitoring and reporting tools to gain insights into the effectiveness of your email protection measures.
  • Follow best practices for Microsoft 365 email protection, such as regularly reviewing and updating settings, providing employee education and training, and establishing and enforcing security policies.

Encouragement to implement and optimize email protection

Now that you have a solid understanding of Microsoft 365 email protection features and best practices, it’s time to take action and implement these measures in your organization. By doing so, you’ll unlock the power of email security and provide your organization with the robust defense it needs against email-related cyber threats. Remember, the key to effective email security lies in constant vigilance, ongoing education, and proactive management. So, take the leap and empower your organization with the highest level of email protection.

Frequently Asked Questions

How often should I review my Microsoft 365 email protection settings?

It’s recommended to review your Microsoft 365 email protection settings at least quarterly, or more frequently if your organization undergoes significant changes, such as mergers or acquisitions, or if new threats emerge. Regular reviews ensure that your email protection measures remain effective and aligned with your organization’s needs and risk tolerance.

Can I customize the level of protection for different users or groups within my organization?

Yes, you can customize the level of protection for different users or groups within your organization. For example, you can create custom EOP and ATP policies that apply to specific users, groups, or domains, and you can configure MFA settings based on user roles or risk levels. This allows you to tailor your email protection measures to the unique needs and risk profiles of different parts of your organization.

How do I ensure my email protection measures are compliant with industry regulations?

To ensure your email protection measures are compliant with industry regulations, start by familiarizing yourself with the specific regulatory requirements that apply to your organization, such as PIPEDA or HIPAA. Then, implement the necessary email protection features, such as DLP and email encryption, and configure them according to the regulatory requirements. Regularly review and update your email protection settings and security policies to maintain compliance as regulations change.

What are the limitations of Microsoft 365 email protection compared to third-party solutions?

While Microsoft 365 email protection offers a comprehensive suite of features, some organizations may require additional capabilities or customization options that are not available in Microsoft 365. For example, some third-party solutions may offer more advanced threat detection and response capabilities, greater flexibility in policy configuration, or integrations with other security tools and services. When choosing an email protection solution, carefully assess your organization’s specific needs and requirements, and consider whether Microsoft 365 email protection or a third-party solution is the best fit.

Can I combine Microsoft 365 email protection with other security tools and services?

Yes, you can combine Microsoft 365 email protection with other security tools and services to enhance your organization’s overall security posture. Many third-party security tools and services offer integrations with Microsoft 365, allowing you to streamline your security management and gain additional insights into the effectiveness of your email protection measures. When selecting additional security tools and services, ensure they are compatible with Microsoft 365 and complement its email protection features.

Sources and Additional Resources

Maintaining strong cybersecurity on the cloud is an ongoing process whose success hinges on the time and effort you put into it. But you don’t have to go at it alone – Softlanding is here to help. We guide organizations across Canada in leveraging various Microsoft solutions, including Azure, Office 365, and Microsoft Exchange, efficiently and safely. Contact Softlanding to learn more.

Written By:


Softlanding is a long-established IT services provider of transformation, professional services and managed IT services that helps organizations boost innovation and drive business value. We are a multi-award-winning Microsoft Gold Partner with 13 Gold Competencies and we use our experience and expertise to be a trusted advisor to our clients. Headquartered in Vancouver, BC, we have staff and offices in Toronto, Montreal and Calgary to serve clients across Canada.

More By This Author