When it comes to mail routing, every organization has different needs
Across Office 365, we see various mail routing configurations, and we know that one size does not fit all. Many customers still route email through their on-premises environment before sending it to Office 365, and others leverage a third-party solution as their first hop. This can be for a variety of reasons, like compliance regulations, or to support legacy on-premises infrastructure. We understand the need to create hybrid mail routing configurations, and regardless of where these messages have been when they arrive at Office 365, our fundamental goal is to ensure that your organization and your users stay secure.
Introducing Enhanced Filtering for Connectors
Based on feedback from our customers, we’ve introduced capabilities to support additional configurations for mail flow. Enhanced Filtering for Connectors is designed to be used in routing scenarios where your MX record does not point to Office 365.
Both Exchange Online Protection and Microsoft Defender for Office 365 provide capabilities that protect your users from impersonation attacks while ensuring that legitimate senders don’t get caught in our spam or phishing filters. Enhanced Filtering preserves authentication signals that were previously lost, which improves the accuracy for our filtering stack, including our heuristic clustering, anti-spoofing, and anti-phishing machine learning models when used in complex or hybrid routing scenarios. These capabilities make the detection of business email compromise attacks more effective, and equip your security teams with more information to more effectively hunt and investigate threats.
Take advantage of additional capabilities today
Getting started with Enhanced Filtering for Connectors is easy and only takes a couple clicks in the Security and Compliance Center. Once enabled, you’ll be able to get the most out of the included Anti-Phish and Anti-Spam protection, while reducing false-positives caused by authentication failures, and taking advantage of signals that were previously lost while your is organization is running in a hybrid mail routing flow. We’ve documented more details to help you get started with enhanced filtering here. Once configured, you can measure effectiveness by checking out the Threat Protection Status report or the Spam Detections report in the Security & Compliance center in Office 365.
Why is email authentication important?
When email is forwarded to Office 365 via a connector from a third-party, Office 365 sees that the third-party filter is the source of the message. This breaks explicit authentication signals such as SPF, DKIM, and DMARC, which allow Office 365 verify the reputation of the sending domain. Without explicit authentication, Office 365 relies on implicit authentication to protect customers from spoofing. This isn’t a limitation of Office 365; it’s simply how SMTP works. You can learn more about explicit and implicit email authentication here.
As shown here in Figure 1, the email message adopts the sending IP of the third-party filter, arriving at Office 365 with a different sending IP address than it arrived at the third-party with.
Figure 1: Mailflow with third-party filtering
As shown here in Figure 2, with Enhanced Filtering enabled, Office 365 can “see” the original sending IP address, through a process sometimes referred to as “skip listing”.
Figure 2: Mailflow with Enhanced Filtering
Enable Enhanced Filtering for Connectors today to get the most out of Office 365 security!
Do you have questions or feedback about Microsoft Defender for Office 365? Engage with the community and Microsoft experts in the Defender for Office 365 forum.