Brian Reid – Microsoft 365 Subject Matter Expert

Category: EOP

  • Unexpected Security and Compliance Center Changes

    In the last few days the layout of the Security and Compliance Center with regard to the Threat Management section appears to have changed. In the middle of the week just gone, and for a long while previously, you could access Mail Filtering, Anti-malware, and DKIM from Security and Compliance > Threat Management and see…

  • DMARC Quarantine Issues

    I saw the following error with a client the other day when sending emails from the client to any of the Virgin Media owned consumer ISP email addresses (virginmedia.com, ntlworld.com, blueyonder.com etc.) mx3.mnd.ukmail.iss.as9143.net gave this error:vLkg1v00o2hp5bc01Lkg9w DMARC validation failed with result 3.00:quarantine In the above, the server name (…as9143.net) might change as will the value…

  • Forcing Transport Level Secure Email With Exchange Online

    In Exchange Online there are a few different options for forcing email to require an encrypted connection. These depend upon the level of licence you have, and some of them are user based (Office 365 Message Encryption for example), but there are two ways to force TLS (transport layer security) for the email between when…

  • XOORG, Edge and Exchange 2010 Hybrid

    So you have found yourself in the position of moving to Exchange Online from a legacy version of Exchange Server, namely Exchange 2010. You are planning to move everyone, or mostly everyone to Exchange Online and directory synchronization plays a major part (can it play a minor part?) in your plans. So you have made…

  • Malware Filter Policy Updates in Office 365

    Updated August 2022 In March 2017 I wrote a blog post that showed how to take the attachment filter list from Edge Server and add those attachment block types to EOP, as EOP had a very small list of attachments. In June 2017 in one of my client tenants I noticed this precanned list of…

  • OWA and Conditional Access: Inconsistent Error Reports

    Here is a good error message. Its good, because I could not find any references to it on Google and the fault was nothing to do with the error message: The error says “something went wrong” and “Ref A: a long string of Hex Ref B: AMSEDGE0319 Ref C: Date Time”. The server name in…

  • Exchange Edge Server and Common Attachment Blocking In Exchange Online Protection

    Both Exchange Server Edge role and Exchange Online Protection have an attachment filtering policy. The default in Edge Server is quite long, and the default in EOP is quite short. There is also a few values that are common to both. So, how do you merge the lists so that your Edge Server attachment filtering…

  • Get-SpoofMailReport in EOP

    Using Office 365 or EOP to protect your email and worried about spoofed emails? Then try this cmdlet in Remote PowerShell for EOP: PS C:\Users\brian.reid> Get-SpoofMailReport Date                Event Type Direction Domain Action       Spoofed Sender              True Sender     Sender IP—-                ———- ——— —— ——       ————–              ———–     ———14/04/2016 00:00:00 SpoofMail  Inbound          GoodMail     no-reply@domain.com         mandrillapp.com 198.2.186.0/2418/04/2016 00:00:00 SpoofMail  Inbound         …

  • Advanced Threat Protection via PowerShell

    I discussed the newly released Advanced Threat Protection product in Office 365 on my blog, and in this article I want to outline the cmdlets that can be used to set this product up from Remote PowerShell to Office 365. To connect to Office 365 via PowerShell take a search on your favourite search engine…

  • Getting Started with Office 365 Advanced Threat Protection

    Announced a few months ago, Advanced Threat Protection became generally available on 1st June. I have been involved with trialling this product during the beta and so I thought I would note down a few thoughts on setting this up and what to expect now that it is publicly available. Advanced Threat Protection is an…

  • Speaking at TechEd Europe 2014

    I’m please to announce that Microsoft have asked me to speak on “Everything You Need To Know About SMTP Transport for Office 365” at TechEd Europe 2014 in Barcelona. Its going to be a busy few weeks as I go from there to the MVP Summit in Redmond, WA straight from that event. My session…

  • Updating Exchange 2013 Anti-Malware Agent From A Non-Internet Connected Server

    In Forefront Protection for Exchange (now discontinued) for Exchange 2010 it was possible to run the script at http://support.microsoft.com/kb/2292741 to download the signatures and scan engines when the server did not have a direct connection to the download site at forefrontdl.microsoft.com. To achieve the same with Exchange 2013 and the built-in anti-malware transport agent you…

  • Exchange DLP Rules in Exchange Management Shell

    This one took a while to work out, so noting it down here! If you want to create a transport rule for a DLP policy that has one data classification (i.e. data type to look for such as ‘Credit Card Number’) then that is easy in PowerShell and an example would be as below. New-TransportRule…

  • Highly Available Office 365 to On-Premises Mail Routing

    This article looks at how to configure mail flow from Office 365 (via Exchange Online Protection – EOP) to your On Premises organization to ensure that it is highly available and work in disaster recovery scenarios with no impact. It is based on exactly the same principle to that which I blogged about in 2012:…

  • Cannot Send Emails To Office 365 or Exchange Online Protection Using TLS

    I have found this is a common issue. You set up an Exchange Online Hybrid or Exchange Online Protection (EOP) stand alone service and follow all the instructions for the creating of the connectors needed, only to find that your emails queue in your Exchange Server. If you turn on protocol logging you get this…

  • Whitelisting Salesforce Emails in Exchange Online Protection

    In this article, Salesforce list three IP address ranges (by way of CIDR notation) where their emails can come from when you are a Salesforce.com user. To ensure these emails come to all users of your organization if you are using Exchange Online Protection (EOP) then you have to create a transport rule to attempt…

  • What is X-Forefront-Antispam-Report-Untrusted?

    When a message arrives in Exchange Online Protection (EOP) with an existing X-Forefront-Antispam-Report header, it is renamed to X-Forefront-Antispam-Report-Untrusted. If the message is then detected as spam and stored in the optional quarantine, upon release it will go back into EOP. Upon entering EOP the previously set X-Forefront-Antispam-Report header is renamed to X-Forefront-Antispam-Report-Untrusted.

  • Moving Exchange Online Protection Junk Mail to the Junk Email Folder

    If you use Exchange Online Protection (EOP) to filter your email in the cloud and to remove spam and malware before onward delivery to you, and if you use Exchange 2007 or later on-premises, then you need to configure Exchange to move detected spam to the Junk Email folder in Outlook. By default EOP detects…

  • Forefront Online Protection for Exchange Spam Filtering to Outlook’s Junk E-Mail Folder

    Forefront Online Protection for Exchange (FOPE) is a cloud hosted email anti-spam and antivirus filtering system. Amongst the options to filter away your spam, one of the options to to allow the email to be flagged and sent on into your on-premises email system, and then managing it there. If you have Exchange 2007 or…