Please Fix the Highlighted Areas and Then Try Saving Again Cidr

The procedure of writing a book or a preparation course forces you to spend a lot of time with the discipline that you're writing nearly. For my upcoming course on Office 365 security, I've been spending a lot of time playing with Commutation Online Protection.

It's funny how something you've configured many times before suddenly throws a few curveballs at you when yous spend hours or days with it. Little annoyances that don't bother you when you lot're doing a one-fourth dimension configuration, of a sudden become quite annoying when you're trying to create an informative demonstration for your students. In this mail I'thousand going to embrace a few of the little annoyances in Substitution Online Protection that have bothered me recently. Some of these will be well known to many of yous, but perhaps y'all'll encounter a few new ones in the list.

I'm besides conscious of the fact that having spent so much time in EOP lately, I might exist overlooking easier workarounds or solutions. And so, if you take any input on these, delight feel free to leave a comment below.

• Which Admin Portal to Use?
  • Connection Filtering
  • Bulk/Phishing Electronic mail Options
  • Linguistic communication/Region Pickers for International Spam Filtering
  • The Standard vs Custom Settings Switch
  • Spoof Intelligence and Action Center
• Unclear Terminology
• Limited Flexibility with Spam Actions
• Why This Bothers Me

Which Admin Portal to Use?

Commutation Online Protection (EOP) is included with Substitution Online plans, and is also available standalone for on-bounds customers. Initially, admin could be performed via the Commutation admin center (EAC).

Later, Microsoft adult the Security & Compliance Center (SCC) ; a split admin portal focussed on security and compliance features. The ability to manage Exchange Online Protection was added to the SCC, creating a situation where there are now two places to configure EOP.

As much every bit I dislike having the same affair available in 2 different portals, it's not the end of the world. Simply it would be nice if the admin experience was consequent betwixt them. Unfortunately, it isn't. For the most part, I stick to the EAC as I detect information technology less buggy. The simply fourth dimension I venture into the SCC is to configure the bulk electronic mail options (a quondam chore), or deal with spoof intelligence (very rare).

Here are some examples of the inconsistencies between portals.

Connection Filtering

In the Substitution admin center, the connectedness filter policy tin be accessed without touching anything else. So, if you lot want to add an IP accost to your connexion filter allow list, y'all tin can easily do information technology.

Connection filter policies are easy to detect and manage in the EAC

In the Security & Compliance Center, in that location's no obvious fashion to manage your connexion filter policy.

The Security and Compliance Center

If you brand the reasonable guess that the connection filter policy is found in the Anti-spam section, and your spam policy uses the standard settings, you lot all the same won't exist able to run across or manage the connectedness filter policy.

Where are the Connection filter policy settings?

Information technology'southward not until you drill downwards to the custom settings, and then enable custom settings (if not already enabled), that y'all're able to manage the connection filter policy.

Connectedness filter policy settings hiding in the Security and Compliance Center

In other words, settings that are decoupled in the EAC are coupled together in the SCC. A consistent admin experience would be preferable.

Majority/Phishing Electronic mail Options

Another departure between the EAC and SCC is the options for dealing with bulk and phishing email. In the EAC, if you configure the spam and bulk actions, the UI doesn't make information technology entirely articulate what will happen to majority mail. The wording "mark majority e-mail equally spam" could mean treat it every bit "Spam" (which would move information technology to the Junk Electronic mail folder in this instance), or care for it as "High confidence spam" (which would quarantine it in this case).

Spam and majority email actions configurable in the EAC

In fact, majority email handling is controlled by a setting not visible in the EAC at all. In the SCC, there is an explicit pick for how to care for bulk email when majority mail service filter is enabled. Another setting also exists for how to treat phishing email, which is also not nowadays in the EAC at all.

Spam and bulk e-mail actions configurable in the SCC

Bulk filtering is enabled by default on new tenants today, just older tenants that preceded the availability of the feature were not turned on by default. Farther complicating the admin experience, if bulk postal service filtering is non enabled in your tenant, and then turning it on via the EAC gives yous a result that is inconsistent with your existing spam actions. In the example beneath, bulk post filtering is non enabled. The spam action is ready to prepend the subject line, and the loftier confidence spam activity is fix to delete the message (I'thousand using these deportment to illustrate the point, not because I recall they're optimal settings).

What happens if bulk email filtering is enabled?

When bulk email filtering is enabled, you'd expect it to adopt the action of either prepending the subject line, or deleting the message. But, if you check in the SCC, yous'll find that majority electronic mail filtering defaults to "Move message to Junk Electronic mail binder" instead.

Bulk email filter does non inherit the activity for other spam types

Language/Region Pickers for International Spam Filtering

If the SCC has the advantage for bulk/phishing configuration, information technology loses that advantage if y'all need to configure international spam filtering. In the EAC, configuring international spam options gives yous a useful picker from which you tin select the languages/countries that y'all desire to filter mail from. This makes it little to brand bulk changes to the list (e.g. adding all languages except for English).

Like shooting fish in a barrel to bulk-select and add languages in the EAC

In the SCC, you get no such help. To add anything to the list, you need to start typing characters to perform a search, or know the specific language/country code yous want to add. This makes it far more than hard to make bulk changes.

No picker available for languages in the SCC

The Standard vs Custom Settings Switch

One of the more than irritating UI gripes with the SCC is the Standard and Custom settings switches, which are located on separate tabs on the folio. Afterward making some policy changes (i.eastward. customizing my policy), the Custom switch will be on, and the Standard switch will exist off. Leaving that page for a while, and then returning, will testify that the Standard switch has reverted to the on position, and the Custom switch is now off once again. This is despite the non-default/custom settings (e.yard. international filtering) being visible in the policy.

A customized policy that all the same thinks it isn't custom

Spoof Intelligence and Action Center

Worth a mention here, the Spoof Intelligence settings (reviewing spoofed senders and allowing/blocking them) is only available in the SCC. Meanwhile, the Action Center is available in the EAC, but not in the SCC area with the other EOP settings.

Unclear Terminology

Moving on from EAC vs SCC complaints, there are further issues in the admin UI for EOP with the terminology used. When y'all configure spam filter actions, in that location are 2 classifications:

• Spam
• High conviction spam

Elsewhere in the EOP policy settings, different terminology is used for other features. I've already covered the EAC bulk e-mail UI text of "Marker bulk email equally spam" and how that doesn't provide a articulate understanding of what action will be performed for bulk mail. Hither'south another examples.

In spam filter policy cake lists, does "Ever mark email from the following senders as spam" mean "Spam" or "High confidence spam"? You lot need to go to the TechNet documentation to larn that information technology ways treat as "High confidence spam".

Cryptic text for cake listing deportment

What well-nigh international spam? Those options use different terminology, "Filter e-mail messages…". Does that mean "Spam" or "High confidence spam"? Again, it'south necessary to cheque TechNet to acquire that information technology means "High confidence spam".

Ambiguous text for international spam actions

In the advanced spam filter options, the wording is slightly different once again. We already know that "Mark as spam" means "High confidence spam", but what does "Increase spam score" mean? The UI is unclear.

Ambiguous text for advanced spam filter options

Once more, we need to visit TechNet to learn the answer.

When enabled, these options set up the spam conviction level (SCL) of a matched message to v or 6, which is considered suspected spam. The action performed on the bulletin will lucifer the Spamsetting in your content filter policy.

So, "Increase spam score" means "suspected spam", so EOP volition take the "Spam" action.

Meanwhile, "Filter" and "Mark as spam" both mean "High confidence spam".

When yous know the answers, it's easy to know what effect your EOP policies will take. For new admins, the inconsistencies are frustrating, and add an unnecessary learning curve.

Limited Flexibility with Spam Actions

Permit's say you wanted to accomplish the following outcome in your spam filter policy:

• Tag the subject line of suspected spam (not high confidence spam) with the words "[Possible spam]"
• Tag the bailiwick line of majority electronic mail with the words "[Bulk email/Marketing]"

In the spam and majority actions, there is an option to "Prepend field of study line with text", which will allow you to tag the subject line of those emails.

Prepending subject lines for multiple spam types

Yet, if you cull that action for two or more than types of email, yous are notwithstanding limited to a unmarried string of text.

Only i text string available when prepending discipline lines for multiple spam types

As a workaround, if you want to tag the field of study lines with different text, you lot can set i of them to prepend in EOP, and other to add an X-header. And then, in your postal service flow rules, wait for that X-header and apply the other field of study tag there.

Why This Bothers Me

I saturday on this mail for a few days wondering whether I should even publish it. I don't similar to just complain about stuff, but sometimes issues need to be brought to lite. Ultimately what made me decided to publish this post was putting myself in the shoes of a new Office 365 customer, or a beginner Exchange Online admin. It's easy for me to overlook the issues considering I have institute workarounds for them, such as using one console vs the other, or because I understand the ambiguous terminology beingness used in the UI. But for someone who is new, it's a frustrating journey to go through all those things. Information technology's hard enough to deal with all of the changes in Office 365, without having to deal with all these little inconsistencies equally well.

Microsoft is obviously working hard to make client and ambassador lives easier. We see improvements every day in the products. Hopefully some of these little things will get the attention they deserve also.

Photo past Henry Hustava on Unsplash

wrightbrime1958.blogspot.com

Source: https://practical365.com/admin-annoyances-exchange-online-protection/