What is the standard Office 365 spam filtering product?

[thecomputerguy]

I'm pretty sure their basic spam filtering product before was called "Advanced Threat Protection"

It looks like that has been replaced with "Microsoft Defender for Office 365"

Is that correct?

It's $2 per mailbox per month but there is also the "Exchange Online Protection" for $1 per box per month.

Do I need BOTH of these products or just one to help cut back on all the phishing emails clients get?

@YeOldeStonecat

 

[britechguy]

There is no product that is going to even come close to being a 100% phish catcher.

If someone is getting lots of phishing messages on a routine basis they should be complaining to their email service provider about the spam filtering they're providing these days before a message even gets presented to the end user.

But because phishing has become so much more sophisticated, there will always be some that gets past all filters. It's way more important that end users receive education about how to recognize such messages, report them, and safely dispose of them.

 

[SAFCasper]

Exchange Online Protection is included as standard with any Exchange Online mailbox. If your mailbox is hosted on Exchange Online, you already have it.

The only reason it's sold as a separate product is for hybrid deployments. You can protect on-premise mailboxes by routing mail through Exchange Online Protection first.

Microsoft Defender for Office 365 was previously named Office 365 Advanced Threat Protection. It gives some added features like Safe Links and Safe Attachments but the main features are more aimed a protecting SharePoint, Teams, OneDrive etc.

 

[thecomputerguy]

Exchange Online Protection is included as standard with any Exchange Online mailbox. If your mailbox is hosted on Exchange Online, you already have it.

The only reason it's sold as a separate product is for hybrid deployments. You can protect on-premise mailboxes by routing mail through Exchange Online Protection first.

Microsoft Defender for Office 365 was previously named Office 365 Advanced Threat Protection. It gives some added features like Safe Links and Safe Attachments but the main features are more aimed a protecting SharePoint, Teams, OneDrive etc.

So is there any product MS offers to help with the phishing, I know there is no 100% solution but these people are constantly forwarding me garbage asking whether it's spam or not and it almost always 100% spam, they are using me as a human spam filter and I'm over it.

 

[britechguy]

There is nothing. And if they're asking, "Is this spam?," then they needed to learn, long ago, that it is. I have never had anyone ask this question about an email message that they recognize as directly connected to something they know they've bought or otherwise made some sort of web interaction that would elicit a legitimate response on the other end. The very question being raised gives the answer, "Yes," 99.999999% of the time and, were they to get it wrong, they'll receive something else, later.

It is not up to any of us to be human spam filters and end users need to learn how to do the very simple checks, that take seconds, to make that determination surely and independently. We do them no favors by continuing to be human spam/security filters.

They also need to know, no matter what security/spam filtering software they're using, that it will never be 100% and they need to know how to take the few easy steps to determine what's phishing and what's not. How difficult is it to look at the From: address to see if it makes any sense as to what the source should be or to hover over links/buttons contained in a message to see at the bottom of their e-mail/webmail client where these would lead. If it's not somewhere that's directly to the entity that purports to have sent the message, nuke it and rest assured that's what you should do.

 

[Sky-Knight]

Defender Advanced does add some extra knobs to turn, but I find the built in protection suite to be more than enough once it's tuned.

There are several 3rd party options that are less expensive than what Microsoft offers. Barracuda has one that also does archival while it's at it.

So if I was to buy something, I'd be looking 3rd party for anti-spam / anti- phish / anti-malware for M365.

 

[Porthos]

people are constantly forwarding me garbage asking whether it's spam or not and it almost always 100% spam, they are using me as a human spam filter and I'm over it.

Charge a sub for your human spam service.

 

[Sky-Knight]

Yeah... I let my MSP clients do that because I'd rather take 5 seconds to confirm that pay for the cleanup. But if you've got break fix people doing that, you need to charge.

 

[Archon Prime]

I offer ZeroSpam for my business-class email clients (G Suite, O365, and other domain-based accounts). It works so well.

 

[trevm999]

Looks like the only additional thing you get specifically for anti-phishing policies with MD4O365 is the advanced phishing thresholds

Anti-phishing policies - Microsoft Defender for Office 365

Admins can learn about the anti-phishing policies that are available in Exchange Online Protection (EOP) and Microsoft Defender for Office 365.

docs.microsoft.com

If you go to the P2 level, you do get the attack simulator and advanced threat tracking and automated response tools.

 

[YeOldeStonecat]

Learn to tune the built in features.
Most people just...don't look at it closely, make the mistake of leaving it at defaults...and then complain it doesn't work well.

//smacks someone across the face with a fish

Here is ATP....what you can add it to, and what already includes it. <must read>

Microsoft Defender for Office 365 service description - Service Descriptions

Microsoft Defender for Office 365 is a cloud-based email filtering service that helps protect your organization against unknown malware and viruses by providing robust zero-day protection, and includes features to safeguard your organization from harmful links in real time.

docs.microsoft.com

The default spam filtering has extra settings you can crank up to make it more effected.
ATP has settings you go in and crank up...you don't just add it..you need to roll up your sleeves and adjust things. Just like ANY spam filter...default isn't optimal...learning it and tweaking it is much more effective.

I don't like adding a 3rd party spam filter/bastion host..it's another black hole to waste time looking for something that went missing. Rather keep it all in the same ecosystem.

 

[britechguy]

Learn to tune the built in features.
Most people just...don't look at it closely, make the mistake of leaving it at defaults...and then complain it doesn't work well.
.
.
I don't like adding a 3rd party spam filter/bastion host..it's another black hole to waste time looking for something that went missing. Rather keep it all in the same ecosystem.

Amen to both of those points! I'll still be the contrarian, though, and say that no matter what it is you do as far as what the automated filtering, the best thing you can do is to create an educated user base that is capable of making the determination of what's phishing for stuff that slips through the net, as stuff will always slip through the net.

 

[YeOldeStonecat]

the best thing you can do is to create an educated user base that is capable of making the determination of what's phishing for stuff that slips through the net, as stuff will always slip through the net.

Totally agree...I give classes to our managed clients on this.

 

[britechguy]

Totally agree...I give classes to our managed clients on this.

You don't have any hope of fixing the real problem unless you fix the human part. And it's just so darned easy to fix the human part if the humans involved are willing to listen for about 30 seconds and take action on the simple things they've learned. Everyone recognizes spam on sight, and most, whether they realize it or not, are doing the same with phishing when they have a, "What's this about?," moment when they see it. All they need to do is to learn to look at a couple of specific things after that, "What's this about?," moment to confirm (or, potentially, refute) their suspicions.

If they don't want to take that effort, then making it standard practice to NEVER act on anything contained in e-mails, but instead logging in to the site of the purported sender, is the way to go. If you got an e-mail notice from company X, that notice will be in your private inbox (or whatever they call it), in the communication system for that company.

Two very, very easy options to identify and avoid phishing scams.