Microsoft Threat Protection and Exchange Online Protection
Microsoft Threat Protection is a unified pre- and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.
With the integrated Microsoft Threat Protection solution, security professionals can stitch together the threat signals that each of these products receive and determine the full scope and impact of the threat; how it entered the environment, whats affected, and how it’s currently impacting the organization. Microsoft Threat Protection takes automatic action to prevent or stop the attack and self-heal affected mailboxes, endpoints, and user identities.
About Threat protection
Microsoft Threat Protection suite protects:
- Firstly, Endpoints with Microsoft Defender ATP – Microsoft Defender ATP is a unified endpoint platform for preventative protection, post-breach detection, automated investigation, and response.
- Secondly, Email and collaboration with Office 365 ATP – Office 365 ATP safeguards your organization against malicious threats posed by email messages, links (URLs) and collaboration tools.
- Subsequently, Identities with Azure ATP and Azure AD Identity Protection – Azure ATP uses Active Directory signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions directed at your organization.
- Furthermore, Applications with Microsoft Cloud App security – Microsoft Cloud App security – a comprehensive cross-SaaS solution bringing deep visibility, strong data controls, and enhanced threat protection to your cloud apps.
Microsoft Threat Protection’s unique cross-product layer augments the individual suite components to:
- Firstly, Help protect against attacks and coordinate defensive responses across the suite through signal sharing and automated actions
- Secondly, Narrate the full story of the attack across product alerts, behaviors, and context for security teams by joining data on alerts, suspicious events and impacted assets to ‘incidents’
- Furthermore, Automate response to compromise by triggering self-healing for impacted assets through automated remediation
- Also, Enable security teams to perform detailed and effective threat hunting across endpoint and Office data
Exchange Online Protection overview
Exchange Online Protection (EOP) is the cloud-based filtering service that helps protect your organization against spam and malware. EOP includes all Microsoft 365 organizations with Exchange Online mailboxes.
But, EOP is also available in the following on-premises scenarios:
- In a standalone scenario: EOP provides cloud-based email protection for your on-premises Exchange organization. Or for any other on-premises SMTP email solution.
- In a hybrid deployment: EOP can be configured to protect your email environment and control mail routing when you have a mix of on-premises and cloud mailboxes.
How EOP works
To understand how EOP works, it helps to see how it processes incoming email:
- An incoming message initially passes through connection filtering, which checks the sender’s reputation and inspects the message for malware. For more information, see Configure connection filtering.
- Messages continue through policy filtering, where messages are evaluated against custom mail flow rules (also known as transport rules). With that you create or enforce from a template. For example, you can have a rule that sends a notification to a manager. It is when mail arrives from a specific sender. Data loss prevention (DLP) checks also occur at this point (Exchange Enterprise CAL with Services).
- Next, messages pass through anti-spam filtering (also known as content filtering). A message that’s determined to be spam can be sent to a user’s Junk Email folder or to the quarantine, among other options. For more information, see Configure anti-spam policies.
- After a message passes all of these protection layers successfully, it get delivered to the recipient.
Reference Documentation – Exchange Online Protection overview