Mastering Outbound Spam Protection in Microsoft Defender and Exchange Online Protection (EOP)
In today’s cloud-driven landscape, protecting your organization’s email flow is not only about stopping inbound threats—it’s also about ensuring your users aren’t the source of outbound spam. Whether caused by account compromise, misconfiguration, or shadow IT, outbound spam can damage your domain’s reputation, trigger blacklists, and even lead to service throttling from Microsoft. What Is Outbound Spam? Outbound spam refers to unwanted or malicious messages sent from inside your organization to external recipients. These messages can originate from: Compromised accounts Misused shared mailboxes Automation scripts or connectors Forwarding loops Outbound spam can place your domain on blocklists, reduce deliverability, and ultimately erode trust in your brand Tools Used: Microsoft Defender + Exchange Online Protection Microsoft 365 includes built-in outbound protection via: Exchange Online Protection (EOP) for all tenants Microsoft Defender for Office 365 for advanced protection and insights Step-by-Step: Configuring Outbound Spam Protection in EOP Create and Apply Outbound Spam Policies Microsoft 365 Defender Portal → Email & Collaboration → Policies & Rules → Threat Policies → Anti-Spam Policies Select ->Create Policy → Outbound Spam Filter Policy Give the policy a clear name Apply granular scoping by selecting users, groups, or domains based on risk level Configure outbound spam policies in EOP Message limits sections Section configures the limits for outbound email messages from Exchange Online Set an external message limit Maximum number of external recipients a user can send messages to in a one-hour period Set an internal message limit Maximum number of internal recipients a user can send messages to in a one-hour period Set a daily message limit The maximum total number of recipients per day This limit encompasses both internal and external recipients Valid value is 0 to 10000 Restriction placed on users who reach the message limit Restrict the user from sending mail until the following day Email notifications are sent, and the user is unable to send any more messages until the following day, based on UTC time Restrict the user from sending mail User can't send email until they're removed from Restricted users by an admin After an admin removes the user from the list, the user won't be restricted again for that day limit reset to zero No action, alert only Email notifications are sent Forwarding rules section controls automatic email forwarding by Exchange Online mailboxes to external recipients Automatic - System-controlled - system to manage the automatic forwarding of email messages to external recipients On - Forwarding is enabled: Automatic external email forwarding isn't disabled by the policy Off - Forwarding is disabled: All automatic external email forwarding is disabled by the policy Disabling only automatic forwarding messages to external addresses Outbound spam policies don't affect the forwarding of messages between internal users Notifications section You can configure additional recipients who should receive copies and notifications of suspicious outbound email messages Send a copy of suspicious outbound messages that exceed these limits to these users and groups Specify users or groups within your organization who should receive copies of outbound email messages that exceed the defined sending limits Setting adds the specified recipients to the bcc field of suspicious outbound messages Setting works only in the default outbound spam policy. It doesn't work in custom outbound spam policies Notify these users and groups if a sender is blocked due to sending outbound spam Allow you to configure who should receive a notification when a sender is blocked for sending outbound spam This setting is in the process of being deprecated from outbound spam policies Strongly recommend that you use the alert policy rather than this setting in the outbound spam policy to notify admins and other users Remove blocked users from the Restricted entities page Email & collaboration > Review > Restricted entities The user is restricted from sending email, but they can still receive email. Alert settings for Restricted users Automatically notifies admins when users are blocked from sending email Email & collaboration > Policies & rules > Alert policy Search Policy Name: User restricted from sending email Managing outbound spam is more than configuring a few switches—it's about having a layered defense posture. Microsoft Defender for Office 365 and Exchange Online Protection give you the visibility, automation, and control to protect both inbound and outbound mail traffic Managing outbound spam isn’t just about setting limits—it’s about shaping a layered, intelligent policy landscape Detects malicious senders Alerts admins in real time Automatically blocks abuse Protects domain trust and email deliverability With Microsoft Defender for Office 365 and EOP, you have everything you need to build a resilient outbound protection framework
SC-300 exam and course content are very different
I failed my SC-300 exam with Pearson VUE on July 6th. I prepared myself with the official training course on https://learn.microsoft.com/en-us/training/courses/sc-300t00 There's a practice available on https://learn.microsoft.com/en-us/credentials/certifications/identity-and-access-administrator/?practice-assessment-type=certification where it says that this test will "provide you with an overview of the style, wording, and difficulty of the questions you're likely to experience on the exam" Therefore, I was confident going into the test with a 96% score on the practice assessments. I did about 4 or 5 runs to be sure I was able to pass different sets of questions. Once into the exam, I was shocked it didn't include none of the questions of the practice assessment. Furthermore, the question's subjects were very different from the training course. There's a huge discrepancy between the training course / practice assessment and the real exam. Now I'm trying to find the updated documentation and practice assessment, so I can have a better chance next time. Any help would be much appreciated. English is not my first language, I apologize for any grammar mistakes.
Microsoft Certification Exam Voucher - AI Skills Fest Challenge
Dear Community, I am writing to you regarding a Microsoft Certification exam voucher I received as a winner of the Microsoft AI Skills Fest Challenge Sweepstakes. I understand its expiration date was June 21, 2025. Unfortunately, due to an oversight, I was unable to schedule and take my exam before the expiration date. I would be incredibly grateful if you would consider my situation and advise if there is any possibility of an extension or a new voucher being issued. I was very much looking forward to utilizing this opportunity to achieve a Microsoft Certification. Thank you for your time and consideration.
Typos in Practice Assessment for Exam SC-200
Hi Learn Community, I am currently using the Practice Assessment for Exam SC-200. I have seen two typos and wanted to let you know about it, so you can fix them. In one question a device was named deivce3. In another question, in the solution text, riles was written instead of rules: I could not mention the issue in the learn portal and I hope I am at the correct space here. If not, it would be great, if you could provide me with an e-mail address to send these information to. Thank you and best regards Markus
When I go to Microsoft Entra ID in Azure, why does it say that I (Owner) am an External?
Hello, I am new to Azure and have been learning about Microsoft Entra now using my personal Microsoft account. While I was browsing around, I went to Azure portal -> Microsoft Entra ID -> User. I see that I am the only user in the current directory (ex: "email address removed for privacy reasons" directory) which makes sense. However, what I am confused about is that I have User Principle Name as "microsoftsutdent123_outlook.com#email address removed for privacy reasons" (although I checked that I am a global admin). I really don't get what's happening and even if this is normal, and I did deploy a very basic web app using Azure App Service if that matters... Could someone please clarify why this is the case or is this an error?
ERR taking assessment for Microsoft Applied Skills: Create agents in Microsoft Copilot Studio
When launching assessment I get error: https://learn.microsoft.com/en-us/credentials/applied-skills/create-agents-in-microsoft-copilot-studio/ I've tried corporate credentials, my personal Microsoft Account, different machines. Is this a known issue? Can you reproduce it?
GitHub Copilot Fundamentals certificate issues Part 2 of 2
I'm having issues with my GitHub Copilot Fundamentals Part 2 of 2 learning path completion certificate, as it's not generated correctly. Learning path url: https://learn.microsoft.com/en-us/training/paths/gh-copilot-2/ Evidence of problem where you can see that all modules are approved Contributor ID FCCA021D02AB33B5Struggling with Microsoft Applied Skills: Create agents in Microsoft Copilot Studio
Hi all, I'm struggling trying to pass the https://learn.microsoft.com/en-us/credentials/applied-skills/create-agents-in-microsoft-copilot-studio that was released recently. I keep getting around 50% percent, with the performance by task failing for: Manage variables and entities Configure nodes but the others as pass. I've done the test twice and not sure what I am doing wrong to be honest. I've gone through the learning path on the certification page as well. I have a feeling I maybe tackling this task wrong but not sure. You need to ensure that when a user interacts with agents, the user receives the following message: This is the agent! Then, the user must be prompted with the following question: What is your employee number? The user must be able to enter their employee number into a text field, and the employee number must be saved to a variable named employeeNumber. The employeeNumber variable must be available for topic switching. Next, you must confirm employeeNumber by asking the following yes/no question by using the Multiple choice options entity: Can you confirm that your employee number is {employeeNumber}? If the user selects No, the conversation must end. If the user selects Yes, the User. Language system variable must be set to English. Here is what logic I'm applying: Go to Topics: System -> Conversation Start -> Edit (Assumed this is the correct way due to the scenario asking for "when a user interacts with agents" rather then creating a new topic for this) Clear out the original node and replace with a message node saying "This is the agent!" Create a question node following on asking "What is your employee number?" in the text message box. Put the entity as Number (In my first attempt I did this as a text string which was set to gather user's response) Update Save User response box to Variable Number renamed to employeeNumber and updating that variable to be global, so overall name is Global.employeeNumber Create a question node following on asking Can you confirm that your employee number is {Global.employeeNumber}? in the text box. Setting the Entity field to be Multiple choice options and updating options for user to be No & Yes Save user response as Var1 (choice) Create two condition nodes to follow: For No Var1 is equal to No Follow on Node is End Conversation For Yes Var1 is equal to Yes Follow on Node is Set a variable Value -> Set Variable field configure to System.User.Language , To Value configure to English from the drop down list that appear. *End of Task* Is anyone able to advise further what I am doing wrong?
