MS-203 Microsoft 365 Messaging – Manage message hygiene using Exchange Online and Office 365 Part 2

  • By
  • June 19, 2023
0 Comment

3. Connection Filters

Now I want to jump into Exchange online. We’re going to take a look at the EOP Exchange Online protection and look at Connection filters. So we’re going to click here on Portal Microsoft. com. I’m going to click Show All and we’re going to go down to Exchange, all right? And then I’m going to click on the protection blade and you’ll see Connection Filter. So we’re going to click on Connection Filter and we have a default policy. See, that’s already here. I can edit that policy if I want and expand this out and go to Connection Filter. And this is where I can set connection filters at. So I can have an IP allow list here if I want. And it says Always accept messages from the following IP.

So if I wanted, I can click the plus sign there and I can set up a subnet address here that I want. Whatever the subnet address is of addresses in my network, they give an example like 1921-681-8026. Okay, one other little thing of note there also you can do IP version six addresses here as well, so it supports that also. Now down here I can do the opposite.

I can basically support a block list if I want. So if I want to go here and have a list of addresses that I want to block, it’s basically the exact same syntax. So 191-6818 and then whatever the Cider notation is, classless center domain routing notation or prefix that you’re going to use there for the subnet range. Of course you do kind of have to have a little bit of an understanding of TCP IP and that’s kind of expected of you here, but pretty easy to go in there and do that if you want down here.

They also tell you that you can enable what’s called a safe list, all right, and this will allow you to use basically they tell you that Microsoft utilizes some of the various third party sources for trusted senders. And essentially if you do this by selecting this checkbox, it’s going to skip any spam filtering on messages sent from senders that are considered part of a safe list. And that way they’re not mistaken to be any type of spam or something like that. So that’s what the enable Safe list is going to do. Not really a whole lot here you can configure as far as connection filters go, very easy to turn on. You have an Allow list, you have a block list, and then you’re just going to base that based upon IP ranges.

4. Configuring Malware Filters

Let’s now jump into Exchange Online and take a look at the malware filtering side of Exchange Online protection. So we’re here on portal, microsoft. com going to drop down, show all click Exchange, that’s going to bring us back into Exchange Online. All right, we’re now going to go over here to protection and we’re on malware filtering. So we have an existing malware filter here that it’s set up automatically. This is all part of trying to have good message hygiene and all that. We could create a new one if we want or we can edit the existing one. The default one is the lowest priority. So if you create another filter, it’ll have a higher priority than this one by default. And of course you can create as many of those as you want and associate those any way you want as far as who’s going to receive those. So I’m going to click edit, click settings and here’s our options.

So the first option you’ve got is it says if malware is detected in an email attachment, the message will be quarantined and can be released only by an admin. Do you want to notify recipients if their messages are quarantined? Right now it says no. I could say yes and use the default notification. I could say yes and use a custom if I want. Okay, so I’m just going to use the default then. I’ve got common attachment type filters says turn this feature on to block attachment types that may harm your computer. So right now that’s turned off. If I want to turn this on, says emails with attachments of filtered file types will be triggered, will trigger the malware detection response. So this is recommended if I want, I can choose all these. These are the common ones that show up. If I wanted to add an additional type of file type, I could. So here’s a whole list of different file types that you can add. All right. Down here you’ve got the zero hour auto purse. Now that is also referred to as Zap.

Zap is a really great feature just because what will happen is if an email gets delivered to somebody’s mailbox and then later Exchange finds out that that’s actually a harmful email, exchange will go and remove it out of their inbox and throw it into spam. Or you can have it deleted. So zero hour auto purge is built in by default. The Microsoft security team could find out about a threat that got by to people’s inboxes and zero hour auto purge gives them a way to have that email removed even after it’s been delivered. Okay, so that is turned on by default. I’ve got notifications sender.

Notifications sends a message to the sender of the undelivered message. So you could say notify internal senders. Notify external senders. That’s just going to send a message. If it was an undelivered message, didn’t go through, administrator notifications sends a message to the administrator of an undelivered message. So if you want it to notify an administrator’s email address, you can, you just got to select that and then you just put in the address of whoever you want this to go through. So I could say Jc@examlabpractice. com.

You can also do notify administrators undelivered messages for external. It’s the same thing. And then down here, except it’s same thing but set for external. And then down here you can do customize notification, create a notification text to be used in place of the default. So this lets you kind of customize what this notification is going to say if you want. All right, you can do the same thing for external down here. Okay. So that’s how you set up the malware filtering. There pretty straightforward stuff. I can save that. It takes a moment to update this in my organization. Once that’s complete, I can just click OK to that. All right. And I’ve got my updated filter here. If I wanted to create a new filter, I just click the plus sign on that and I can specify the name of the filter.

This taught test fill out all the same information that you saw before. Okay. And then the way you apply it is with these conditions, which of course we’ve seen in Exchange before. If we wanted to apply this to a specific recipient or specific domain person that’s a specific member of a group, then I can do that if I want. All right, so I wanted to apply this to, let’s say, marketing. I could add marketing, I could call this marketing filter. I could change these settings any way I want, have that applied to marketing, and then I just click Save, click OK and just notice that it’s is a higher priority. Okay? So the default is always going to have the lowest priority, but you could add another filter and then whichever one is highest in the list based on the number gets the higher priority. The lower the number, the higher the priority. So that’s how you can manage malware filters. Not too difficult there. And it works really well in our Exchange online environment.

5. Configuring Spam Filters

I now want to walk you into the spam filtering of Exchange online. So we’re here in the Microsoft 365 Admin Center. We’re at portal Microsoft. com, we’re going to click Show All and then we’re going to go to Exchange. So pull up Exchange and then we’re going to click on the protection blade here. And then we’re going to go to Spam Filter. So right here we have the default spam filtering. If we wanted to create another spam filter we could and it would have a priority system. So we just click edit here. We can edit the default one. We have the default name here and then we’ll click on Spam and Bulk Actions. So here is our options. The first option says Spam and Bulk actions. Select the action to take for incoming spam and bulk email. So Spam says move messages to the junk mail folder. If you want to do some of these additional options like add an X header you could or pretend a subject line, delete the message. You want to quarantine it. You can so it goes into a quarantine state and then you got the spam confidence level. Okay, this will involve the spam score and how sure Exchange is that it’s spam. So if it’s got a high confidence level, vitafall is just going to throw that in junk mail as well. But you could change the option right here. Okay. Bulk email. So it says mark bulk email as spam. Select the threshold, one marks the most bulk emails as spam and nine allows the most bulk email to be delivered. So you can kind of set this numeric value here and it makes a decision on how many emails here are coming through and marks it expand at a certain point.

Again, one being the thing that’s going to mark the most email as most bulk email spam, nine being kind of on the low end. You want more email to be delivered. It’s just going to use a little formula based on that. Quarantine is down here. Quarantine says retain spam for a certain amount of days, okay, 15 days by default. And depending upon your actions, you can also have it at X headers and all that depending upon your actions up here. You’ve also got a block list over here. So I can have a sender block list. I can add a list of emails here. It shows you the syntax for that. You can add multiple emails names there if you want, just by putting a semicolon there. Okay.

You can do the same thing down here. You can block an entire domain name though instead of just a sender. So it shows you an example there. If I wanted to block contoso. com semicolon fabricam. com, I would put in that in the list there. Same thing for the allow list. Kind of works the same way there. You got a sender, you got a domain allow list. You can also do international spam so you can select this, checkbox here and you got filter email messages written in the following languages. You click plus sign, you can select the languages that you want to add a spam there. And then down here, filter email messages sent from the following country so you could select that and then at that point you can do country codes if you want.

Okay, so that’s going to be your international spam options that you’ve got just built right in and the last thing you got is advanced options. So this is going to have to do with the spam score. And the spam score essentially makes it where depending upon certain attributes of the email, it’s going to mark it as spam or there’s a higher chance that it’s spam. So here’s some of the things that you can adjust. Image, image links to remote sites, you can have that mark as spam, numeric, IP address in the URL, redirect to other ports, URLs to Biz or info websites, those are pretty commonly spam. And then down here you got mark as spam specify whether to mark messages that include these properties, empty messages, JavaScript. Iframes all these options here, I can also if I want, I can go into test mode here, so I can say with test mode, with test mode you’ll notice that some of these options say test. If you click on test, then you can have it run a test on those particular items.

So it says to configure the test mode options for when a match is made to a test enabled advanced option. So I can have it add a header to the email or I could just have it blind copy, carbon copy me. So that’s what the advance is going to do for you. Okay, so that is how we can create and configure our spam filter. We also can create a new one if we want and we’re just going to specify the name of it and then come down here and we would set the options we want and add a condition. And again, just like normally in exchange when you do that, it will have a lower priority than the default. The default is always the lowest priority and if you created multiple these filters, you can adjust the priority levels. Okay, so that’s how you configure your spam filters in your exchange environment.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img