To give you enterprise-class reliability and help protect against spam and malware, we launched Exchange Online Protection (EOP) in 2013. During the past year we made improvements to EOP, including better spam management and customizing policies for specific domains, users, or groups. Today, as we complete the first year of the service launch, we‘re announcing more enhancements to EOP, including:

  • Directory-based edge blocking
  • Increased Office 365 domain limit
  • Message Trace extended for 90 days
  • Enhanced mail protection reporting
  • Remote PowerShell
  • Junk mail reporting for OWA

This is just the first set of enhancements. A second set of enhancements will be announced at the Microsoft Exchange Conference (MEC) 2014, and we’ll introduce those in another blog post, Part 2, around that time. For now, let’s look at the new capabilities we’re announcing today.

Directory-based edge blocking

Recently announced on the EHLO blog, Directory-based edge blocking (DBEB) allows you to reject messages for invalid recipients at the service network perimeter. DBEB lets admins add mail-enabled recipients to Azure Active Directory and block all messages sent to email addresses that aren’t present in Azure Active Directory.

Increased Office 365 domain limit

We increased the maximum number of domains per tenant allowed in Office 365 by 50%, from 600 domains to 900 domains. The increase is automatic, so admins don’t need to do anything to take advantage of this improvement. You can add up to 900 domains from your Office 365 admin portal or via remote PowerShell.

Message Trace extended for 90 days

Exchange Online Protection and Exchange Online admins can now obtain message trace information for the last 90 days. To access this feature, in the Exchange admin center, click Mail flow, and then click Message trace.

When you search for a message sent in the past seven days, you can view the results immediately. When searching for older messages, you have to submit a request for an extended message trace. Just choose the custom date range option and specify any date range in the past 90 days.


On the message trace page, you can create a trace for a message by entering custom dates during the last 90 days.

In addition to searching by a custom date range, you can use these search criteria for an extended message trace: date range, sender, recipient, status, message ID, and sender client IP address.

When you create a new extended trace request, you can provide a friendly report title for the request. If you want to receive an email notification when the trace has been completed, you just enter your email address.


When you create an extended message trace request, you can give it a friendly title and provide an email address to receive a notification when the request has been completed.


When you’re creating a new extended trace request, you can choose to receive a summary list report or a detailed message trace report.

  • Summary list report. A summary list report displays basic information about the messages you traced, such as time, whether the message was delivered, the subject of the message, number of bytes, and so on.
  • Detailed message trace report. When you need more details about messages than a summary list report provides, you can get a detailed trace of the events logged for the messages. To get a detailed report, when you’re creating a new trace request, select the Include message events and routing details with report check box. In a detailed trace, all key events with all details that are available in the message tracking logs are exposed, providing a rich data source for detailed investigations.

We recommend that Exchange Online administrators use the extended detailed message trace rather than delivery reports for investigating message delivery. Delivery reports are intended for end users and is limited to recent messages only.

Typically, trace requests are processed within hours. The list of submitted requests and their status is displayed on the pending or completed traces page in the Exchange admin center, making it easy to check if your request has been completed.


You can easily check the status of requests by checking the list of extended message trace requests displayed on the pending or complete traces page in the Exchange admin center.


Once a message trace request has completed processing, you can click Download this report in the right-hand nav to view the results in a downloadable CSV file.

Enhanced mail protection reporting

Beginning in the early spring of 2014, mail protection reports will include a more interactive reporting experience for Exchange Online and Exchange Online Protection admins. The reports can be accessed from the Office 365 admin center, just as they are today. When you click a report link, such as the spam detections report, a new window opens and displays an interactive chart with summary level information.


Reports, like this spam detections report, now include interactive charts and summary information. 

You can select the appropriate date range to see up to 90 days of summary data. You can also change the view to see only messages that match specific criteria, by altering the series slicers located on the right side of the graph. For example, if you want to view only content-filtered spam detections, select only Content filtered from the slicers options. Some reports may also have parameters above the graph that let you further narrow your criteria.

For detailed message data, click a specific data point in the graph. When you select a point, the message details are displayed below the graph in a table. The table allows you to page through the detailed messages if there are more records than can be displayed on one page.


Click a point on a Spam detections report chart to see more detailed data.

Detailed data for messages that are older than 7 days is also available for download. This is displayed as the area in the graph with a light gray background. When you select a data point in the summary graph for data older than 7 days, a Request this report link is displayed on the page.


When you click a point on a Spam detections report chart that is older than 7 days, a link to request an extended detailed report appears.

When you click the Request this report link, a new page opens that lets you provide notification information and further filter the request.


When you create an extended report from a chart, you can specify the information you want and whether you want to be notified when the report is completed.

When you click Submit, the query is submitted for processing. If you provided a notification address, the specified recipient will receive an email notification when it has completed. To view the status of requests, click the Report request queue link from the main page. This opens the pending or completed queries page, where you can see the status of any of your outstanding requests. From here you can cancel pending requests or download a completed request.


You can view the status of your extended report requests on the pending or completed queries page.

Remote PowerShell

We’re currently deploying an update that will allow EOP standard tenants to use remote PowerShell to manage their EOP settings. After deployment, EOP standard tenants can use the extensive scripting power of PowerShell to automate a wide variety of management tasks. Learn more about PowerShell in Exchange Online Protection

For example, you can use remote PowerShell to:

  • Add or modify transport rules.
  • Add or modify connectors.
  • Search through all transport rules to find every rule that references a particular domain or user.
  • Modify anti-malware and anti-spam filtering settings.
  • Manage users and groups—coming soon.


EOP standard tenants can now use remote Windows PowerShell to manage their EOP settings.

Junk mail reporting for OWA

OWA Junk mail reporting will now allow OWA users to move missed spam in the inbox or legitimate mail in the junk mail folder to the correct location and report the message to Microsoft with a few clicks. Exchange Online Protection (EOP), the mail protection service included with Office 365, relies on these submissions to improve the accuracy of the junk mail filter, which means less junk in your inbox in the future.

Report a false negative or false positive by clicking the ellipsis in the upper right hand corner of a message and selecting mark as junk or mark as not junk. Alternatively, you can right-click a message to get the same options (OWA Desktop only).

EOP_enhancements_10        EOP_enhancements_11

You can easily report junk mail in OWA on your computer.

EOP_enhancements_12_cropped        EOP_enhancements_13_cropped

And just as easily report junk mail in OWA for devices.

Closer to the time of MEC 2014, when more new capabilities and enhancements are announced, we’ll introduce some of those new capabilities and enhancements in another blog post, Part 2, including:

  • End user access to quarantine
  • Enhanced support for IPV6
  • Domain Keys Identified Mail (DKIM)
  • Match subdomains

Most of this road map information is publicly available on our FOPE vs EOP TechNet page.

We hope you’ll enjoy using the improvements we introduced in this blog post in your EOP tenants. And if you haven’t yet registered for MEC 2014 and want to learn more in person about these features, now is the time. Register today at


Published: 2/22/2014 19:05