Mastering Outbound Spam Protection in Microsoft Defender and Exchange Online Protection (EOP)
In today’s cloud-driven landscape, protecting your organization’s email flow is not only about stopping inbound threats—it’s also about ensuring your users aren’t the source of outbound spam. Whether caused by account compromise, misconfiguration, or shadow IT, outbound spam can damage your domain’s reputation, trigger blacklists, and even lead to service throttling from Microsoft. What Is Outbound Spam? Outbound spam refers to unwanted or malicious messages sent from inside your organization to external recipients. These messages can originate from: Compromised accounts Misused shared mailboxes Automation scripts or connectors Forwarding loops Outbound spam can place your domain on blocklists, reduce deliverability, and ultimately erode trust in your brand Tools Used: Microsoft Defender + Exchange Online Protection Microsoft 365 includes built-in outbound protection via: Exchange Online Protection (EOP) for all tenants Microsoft Defender for Office 365 for advanced protection and insights Step-by-Step: Configuring Outbound Spam Protection in EOP Create and Apply Outbound Spam Policies Microsoft 365 Defender Portal → Email & Collaboration → Policies & Rules → Threat Policies → Anti-Spam Policies Select ->Create Policy → Outbound Spam Filter Policy Give the policy a clear name Apply granular scoping by selecting users, groups, or domains based on risk level Configure outbound spam policies in EOP Message limits sections Section configures the limits for outbound email messages from Exchange Online Set an external message limit Maximum number of external recipients a user can send messages to in a one-hour period Set an internal message limit Maximum number of internal recipients a user can send messages to in a one-hour period Set a daily message limit The maximum total number of recipients per day This limit encompasses both internal and external recipients Valid value is 0 to 10000 Restriction placed on users who reach the message limit Restrict the user from sending mail until the following day Email notifications are sent, and the user is unable to send any more messages until the following day, based on UTC time Restrict the user from sending mail User can't send email until they're removed from Restricted users by an admin After an admin removes the user from the list, the user won't be restricted again for that day limit reset to zero No action, alert only Email notifications are sent Forwarding rules section controls automatic email forwarding by Exchange Online mailboxes to external recipients Automatic - System-controlled - system to manage the automatic forwarding of email messages to external recipients On - Forwarding is enabled: Automatic external email forwarding isn't disabled by the policy Off - Forwarding is disabled: All automatic external email forwarding is disabled by the policy Disabling only automatic forwarding messages to external addresses Outbound spam policies don't affect the forwarding of messages between internal users Notifications section You can configure additional recipients who should receive copies and notifications of suspicious outbound email messages Send a copy of suspicious outbound messages that exceed these limits to these users and groups Specify users or groups within your organization who should receive copies of outbound email messages that exceed the defined sending limits Setting adds the specified recipients to the bcc field of suspicious outbound messages Setting works only in the default outbound spam policy. It doesn't work in custom outbound spam policies Notify these users and groups if a sender is blocked due to sending outbound spam Allow you to configure who should receive a notification when a sender is blocked for sending outbound spam This setting is in the process of being deprecated from outbound spam policies Strongly recommend that you use the alert policy rather than this setting in the outbound spam policy to notify admins and other users Remove blocked users from the Restricted entities page Email & collaboration > Review > Restricted entities The user is restricted from sending email, but they can still receive email. Alert settings for Restricted users Automatically notifies admins when users are blocked from sending email Email & collaboration > Policies & rules > Alert policy Search Policy Name: User restricted from sending email Managing outbound spam is more than configuring a few switches—it's about having a layered defense posture. Microsoft Defender for Office 365 and Exchange Online Protection give you the visibility, automation, and control to protect both inbound and outbound mail traffic Managing outbound spam isn’t just about setting limits—it’s about shaping a layered, intelligent policy landscape Detects malicious senders Alerts admins in real time Automatically blocks abuse Protects domain trust and email deliverability With Microsoft Defender for Office 365 and EOP, you have everything you need to build a resilient outbound protection framework
Sharepoint WorkBooks
I currently have multiple Excel Workbooks that are at multiple locations throughout my area that feed back to my master workbook. I have them all linked. I have to do this monthly so I have to create new month workbooks. The problem is when i save a copy of the current workbooks it starts changing this months information. All I want to do is copy all the information on the workbooks, but change the date without it updating anything else.Grow your security skillset with the latest resources on Microsoft Learn
Advance your expertise with our revamped Security hub Designed for learners at all levels, this centralized hub is your go-to resource for Security technical skilling content, making it easier to pursue your unique security objectives. Find expert guidance aligned to your security journey. Whether you need to build foundational security skills, gain specialized knowledge, or prove your capabilities with Microsoft Credentials, get the guidance you need. Explore the latest resources organized by security focus area. Learn to understand advances in Zero Trust, identity and access, security operations, IT security, and much more. Connect with like-minded communities, partners, and other thought leaders. Join the conversation and get inspired to level up your skills and knowledge. Find the latest technical skilling content with the Security hub on Microsoft Learn. Hone your information security skills with Certification SC-401 Designed specifically for data security and information protection professionals, our new Microsoft Certified: Information Security Administrator Certification validates the skills needed to plan and implement information security for sensitive data by using Microsoft Purview and related services. It also validates the skills needed to mitigate risks from internal and external threats by protecting data inside collaboration environments that are managed by Microsoft 365. Plus, it verifies subject matter expertise needed to participate in information security incident responses. You can earn this new Certification by passing Exam SC-401: Administering Information Security in Microsoft 365. We’re also retiring the Microsoft Certified: Information Protection and Compliance Administrator Associate Certification and its related Exam SC-400: Administering Information Protection and Compliance in Microsoft 365. The Certification, related exam, and renewal assessments will all be retired on May 31, 2025. Learn how to better secure AI in our Learn Live Series As organizations develop, use, and increasingly rely on AI applications, they must address new and amplified security risks. Are you prepared to secure your environment for AI adoption? How about identifying threats to your AI and safeguarding data? Watch Learn Live: Security for AI with Microsoft Purview and Defender for Cloud. In this month-long webinar series, IT pros and security practitioners can hone their security skillsets with a deeper understanding of AI-centric challenges, opportunities, and best practices using Microsoft Security solutions. Learn Live dates/topics include: On Demand – Manage AI Data Security Challenges with Microsoft Purview: Microsoft Purview helps you strengthen data security in AI environments, providing tools to handle challenges from AI technology. Learn to safeguard your data and adapt to evolving security challenges in AI technology. This session will help you: Understand sensitivity labels in Microsoft 365 Copilot Secure against generative AI data exposure with endpoint Data Loss Prevention Detect generative AI usage with Insider Risk Management Dynamically protect sensitive data with Adaptive Protection On Demand – Manage Compliance with Microsoft Purview with Microsoft 365 Copilot: Use Microsoft Purview for compliance management with Microsoft 365 Copilot. You'll learn how to handle compliance aspects of Copilot's AI functionalities through Microsoft Purview. This session will teach you how to: Audit Copilot interactions within Microsoft 365 using Microsoft Purview Investigate Copilot interactions using Microsoft Purview eDiscovery Manage Copilot data retention with Microsoft Purview Data Lifecycle Management Monitor and mitigate risks in Copilot interactions using Microsoft Purview Communication Compliance On Demand– Identify and Mitigate AI Data Security Risks: Microsoft Purview Data Security Posture Management (DSPM) for AI helps organizations monitor AI activity, enforce security policies, and prevent unauthorized data exposure. Learn how to configure DSPM for AI, track AI interactions, run data assessments, and apply security controls to reduce risks associated with AI usage. You will learn how to: Explain the purpose and benefits of DSPM for AI Set up and configure DSPM for AI to monitor AI interactions Identify and analyze AI security risks using reports and insights Run and review AI data assessments to detect oversharing risks Apply security policies, such as DLP and sensitivity labels, to protect AI-referenced data May 13 at 10am PST – Enable Advanced Protection for AI Workloads with Microsoft Defender for Cloud: As organizations use and develop AI applications, they need to address new and amplified security risks. Prepare your environment for secure AI adoption to safeguard your data and identify threats to your AI. This session will help you: Understand what Defender for Cloud AI threat protection for AI is and how it works Enable threat protection workloads for AI Gain application and end user context for AI alerts Discover the latest self-guided skilling content To better support evolving Data Security needs, you can find a new learning path and several new modules on Microsoft Learn. In fact, some of these can help you prepare for our new SC-401 Certification. New learning path: Implement and manage data privacy solutions for compliance New modules: Get Started with identity and access labs Protect sensitive data in a digital world Review and analyze data classification and protection Identify and mitigate AI data security risks Understand Microsoft Purview Insider Risk Management Prepare for Microsoft Purview Insider Risk Management Create and manage Insider Risk Management policies Understand Microsoft Priva Implement and manage Microsoft Purview Privacy Risk Management Implement and manage Microsoft Priva Subject Rights Requests Manage user consent across digital platforms Use Microsoft Priva Tracker Scanning for web tracking compliance Automate privacy assessments to ensure compliance Last day for AI Skills Fest Challenges Last but not least, two new AI Skills Fest Challenges are now available to put your security skills to the test! Compete against your friends and coworkers, boost your understanding with easy-to-read instruction, and increase your marketable skills and career options. The new challenges include: Protect data in the age of AI Learn how to navigate AI data risks in this Security challenge. Discover, protect, and govern your data estate using Microsoft Purview. Prevent and respond to cyberattacks at the speed of AI Learn how to safeguard your organization against modern risks with a streamlined SecOps platform supercharged by Microsoft AI and threat intelligence in this Challenge. Explore how Microsoft Security Copilot and Microsoft Defender XDR work together to increase productivity.
