Defender for Office 365 filtering-only scenario protection for your on-premises Exchange Server

%3CLINGO-SUB%20id%3D%22lingo-sub-2532120%22%20slang%3D%22en-US%22%3EDefender%20for%20Office%20365%20filtering-only%20scenario%20protection%20for%20your%20on-premises%20Exchange%20Server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2532120%22%20slang%3D%22en-US%22%3E%3CP%3EDo%20you%20anyone%20help%20me%20by%20guiding%20me%20to%20some%20documents%20as%20to%20how%20you%20deploy%2Fconfigure%20Defender%20for%20Office%20365%20filtering-only%20scenario%20for%20your%20on-premises%20Exchange%20Server%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2596939%22%20slang%3D%22en-US%22%3ERE%3A%20Defender%20for%20Office%20365%20filtering-only%20scenario%20protection%20for%20your%20on-premises%20Exchange%20Server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2596939%22%20slang%3D%22en-US%22%3EThere%20is%20really%20very%20little%20difference.%20Here%20are%20some%20tips%3A%20Don't%20enable%20Dynamic%20Delivery%20for%20the%20Safe%20Attachment%20Policy%2C%20since%20this%20requires%20the%20mailbox%20to%20be%20in%20the%20cloud.%20Instead%20use%20the%20%22Block%22%20policy.%20And%20understand%20the%20ZAP%20feature%20will%20not%20work.%20Lastly%2C%20understand%20that%20if%20the%20Accepted%20Domain%20is%20set%20to%20Internal%2C%20then%20the%20Directory-based-edge%20filtering%20feature%20will%20not%20work%20(you%20need%20to%20set%20it%20to%20Authoritative%20for%20that%20feature%20to%20work).%20However%2C%20before%20setting%20it%20to%20Authoratative%2C%20you%20should%20first%20make%20sure%20that%20all%20your%20mail%20enabled%20objects%20on-premises%20are%20represented%20as%20mailuser%20object%20types%20in%20the%20cloud%20otherwise%20inbound%20mail%20flow%20won't%20reach%20the%20on-premises%20object%20if%20it%20is%20not%20found%20in%20the%20directory.%20In%20the%20past%20this%20used%20to%20be%20a%20problem%20for%20mail-enabled%20public%20folders%2C%20but%20there%20is%20now%20a%20checkbox%20to%20enable%20that%20in%20Azure%20AD%20Connect.%3C%2FLINGO-BODY%3E
Senior Member

Do you anyone help me by guiding me to some documents as to how you deploy/configure Defender for Office 365 filtering-only scenario for your on-premises Exchange Server?

1 Reply
There is really very little difference. Here are some tips: Don't enable Dynamic Delivery for the Safe Attachment Policy, since this requires the mailbox to be in the cloud. Instead use the "Block" policy. And understand the ZAP feature will not work. Lastly, understand that if the Accepted Domain is set to Internal, then the Directory-based-edge filtering feature will not work (you need to set it to Authoritative for that feature to work). However, before setting it to Authoratative, you should first make sure that all your mail enabled objects on-premises are represented as mailuser object types in the cloud otherwise inbound mail flow won't reach the on-premises object if it is not found in the directory. In the past this used to be a problem for mail-enabled public folders, but there is now a checkbox to enable that in Azure AD Connect.
www.000webhost.com