Mastering Outbound Spam Protection in Microsoft Defender and Exchange Online Protection (EOP)
In today’s cloud-driven landscape, protecting your organization’s email flow is not only about stopping inbound threats—it’s also about ensuring your users aren’t the source of outbound spam. Whether caused by account compromise, misconfiguration, or shadow IT, outbound spam can damage your domain’s reputation, trigger blacklists, and even lead to service throttling from Microsoft. What Is Outbound Spam? Outbound spam refers to unwanted or malicious messages sent from inside your organization to external recipients. These messages can originate from: Compromised accounts Misused shared mailboxes Automation scripts or connectors Forwarding loops Outbound spam can place your domain on blocklists, reduce deliverability, and ultimately erode trust in your brand Tools Used: Microsoft Defender + Exchange Online Protection Microsoft 365 includes built-in outbound protection via: Exchange Online Protection (EOP) for all tenants Microsoft Defender for Office 365 for advanced protection and insights Step-by-Step: Configuring Outbound Spam Protection in EOP Create and Apply Outbound Spam Policies Microsoft 365 Defender Portal → Email & Collaboration → Policies & Rules → Threat Policies → Anti-Spam Policies Select ->Create Policy → Outbound Spam Filter Policy Give the policy a clear name Apply granular scoping by selecting users, groups, or domains based on risk level Configure outbound spam policies in EOP Message limits sections Section configures the limits for outbound email messages from Exchange Online Set an external message limit Maximum number of external recipients a user can send messages to in a one-hour period Set an internal message limit Maximum number of internal recipients a user can send messages to in a one-hour period Set a daily message limit The maximum total number of recipients per day This limit encompasses both internal and external recipients Valid value is 0 to 10000 Restriction placed on users who reach the message limit Restrict the user from sending mail until the following day Email notifications are sent, and the user is unable to send any more messages until the following day, based on UTC time Restrict the user from sending mail User can't send email until they're removed from Restricted users by an admin After an admin removes the user from the list, the user won't be restricted again for that day limit reset to zero No action, alert only Email notifications are sent Forwarding rules section controls automatic email forwarding by Exchange Online mailboxes to external recipients Automatic - System-controlled - system to manage the automatic forwarding of email messages to external recipients On - Forwarding is enabled: Automatic external email forwarding isn't disabled by the policy Off - Forwarding is disabled: All automatic external email forwarding is disabled by the policy Disabling only automatic forwarding messages to external addresses Outbound spam policies don't affect the forwarding of messages between internal users Notifications section You can configure additional recipients who should receive copies and notifications of suspicious outbound email messages Send a copy of suspicious outbound messages that exceed these limits to these users and groups Specify users or groups within your organization who should receive copies of outbound email messages that exceed the defined sending limits Setting adds the specified recipients to the bcc field of suspicious outbound messages Setting works only in the default outbound spam policy. It doesn't work in custom outbound spam policies Notify these users and groups if a sender is blocked due to sending outbound spam Allow you to configure who should receive a notification when a sender is blocked for sending outbound spam This setting is in the process of being deprecated from outbound spam policies Strongly recommend that you use the alert policy rather than this setting in the outbound spam policy to notify admins and other users Remove blocked users from the Restricted entities page Email & collaboration > Review > Restricted entities The user is restricted from sending email, but they can still receive email. Alert settings for Restricted users Automatically notifies admins when users are blocked from sending email Email & collaboration > Policies & rules > Alert policy Search Policy Name: User restricted from sending email Managing outbound spam is more than configuring a few switches—it's about having a layered defense posture. Microsoft Defender for Office 365 and Exchange Online Protection give you the visibility, automation, and control to protect both inbound and outbound mail traffic Managing outbound spam isn’t just about setting limits—it’s about shaping a layered, intelligent policy landscape Detects malicious senders Alerts admins in real time Automatically blocks abuse Protects domain trust and email deliverability With Microsoft Defender for Office 365 and EOP, you have everything you need to build a resilient outbound protection framework
Microsoft Teams issue.
At Chillibreeze, our team depends heavily on Microsoft 365 and Microsoft Teams to drive collaboration, communication, and productivity across departments. However, we are currently experiencing persistent performance issues with the new Teams client that are disrupting our daily workflows: Teams freezes when activating the camera or initiating screen sharing during meetings Channels and chat windows scroll automatically without any user interaction, making navigation difficult and disorienting These issues have become increasingly disruptive, especially during high-stakes meetings, client presentations, and internal project reviews. Troubleshooting Steps Taken: To date, we have attempted the following actions across multiple devices and user accounts: Cleared the Teams cache. Reinstalled the Teams app entirely (clean uninstall and reinstall) Updated BIOS and camera drivers to the latest available versions Ensured all Windows and Microsoft 365 updates are current Despite these efforts, the issues persist. We are currently using Microsoft Teams Version 25163.3611.3774.6315 (New Teams app) on Windows 11 machines with up-to-date specs. Request for Support and Community Insight: We are reaching out to Microsoft community, Microsoft 365, and the wider community to ask: Are other organizations experiencing similar issues with the New Teams app? Have any workarounds or configurations proven effective? Is there an ETA for a fix or acknowledgment of these issues from Microsoft? We value the reliability of Microsoft Teams and are hopeful that a solution can be identified promptly, as the current instability is having a tangible impact on our team’s productivity and morale. Any assistance, insights, or escalation support would be greatly appreciated.
Lost Macros
Hi, I was speaking to a tech support person in chat and they sent me here after poking around on my computer. I have lost my Macros in EXCEL 365 twice. The first time Excel froze and I had to start excel. the second time was last night. There was some sort of update on my computer over night. It didn't seem to affect Excel as I was able to continue working on it this morning. But when I went to apply a macro they were all gone. I am not very tech savvy but I read something that said it could be retrieved if I went to a folder called XLSTART but when I went there the folder was empty. I want my macros back as they took hours to make and get them right. I also want to ensure that this won't happen again. I am not sure if antivirus software has anything to do with this. I just know I never had this problem with older versions of excel. PLEASE HELP! I can't get any work done if I am constantly trying to rewrite macros.What triggers Microsoft's cloud filtering layer to assign a Spam Confidence Level (SCL) score?
Calling all Exchange and Microsoft 365 experts! I am investigating why two messages (received by the same recipient) sent from the same sender, domain, IP, and infrastructure received different Spam Confidence Level (SCL) scores from Microsoft’s cloud filtering layer (Exchange Online Protection). Message 1 (SCL 1): Delivered to Inbox Message 2 (SCL 5): Routed to Junk Both messages: Passed SPF, DKIM, DMARC, and CompAuth Had identical spam rule triggers and phishing scores Used the same HELO/EHLO and PTR records The only differences were: Slightly different routing paths and engine codes Subtle differences in message body content Question: What specific factors or heuristics in Microsoft’s cloud filtering layer could cause a change in SCL scoring for messages that appear nearly identical in infrastructure and authentication? Any insights into how SCL scoring is dynamically influenced would be greatly appreciated! Thank you in advance to whoever can shed some insight into this!!! Maxim P.S. headers can be provided, if that helps.
Sending Messages on MS Teams with Azure Bot Error
Good Day My Friends, I have just created for my university research project a Azure Bot for Teams meeting (it s not an Teams App), I can attend the meeting with meeting id, passcode, and managed to receive messages from chat, but the problem is when I m trying to send messages on Teams Chat part with bot account I m getting an error " No conversation references available at all" not sure error is because of that or not but I'm open for your offers. Thank you,How to assign admin-level permissions in Azure Purview without using Global Administrator
Hello, We have a question regarding the management of roles and permissions in Azure Purview. According to the documentation (Azure Purview permissions), it seems that Global Administrator permissions are required to access all features, which raises some security concerns for us. Is there no way to assign a more specific role — similar to how it works in Microsoft Fabric with the Fabric Administrator role — rather than having to assign the Global Administrator role? If this is indeed not possible, we understand that the proper workflow would be for someone with Global Administrator privileges to go to Azure Purview > Roles and Scopes > Role Groups, and from there assign a more granular Purview-specific role to selected users, such as a Data Curator or Data Source Administrator. Is this correct? Is this the recommended approach? Thank you in advance for your help. Best regards,
