E-Mail Security Office 365 Cloud

Digital transformation is the shift towards modern workplaces that respond to technological progress and the realities of people’s lives. However, this shift to cloud-based work should not be at the expense of security or data protection – especially in view of the fact that emails are still the most important gateway for cyber attacks. What can Office 365 do to secure email traffic and protect your business from spam and malware?

Does Microsoft provide sufficient security ? 

Many companies are currently implementing Office 365 as a cloud solution and part of their digital transformation efforts. Microsoft is also addressing the issue of security with Advanced Thread Protection (ATP) and Exchange Online Protection (EOP). The associated slogan that no further security solutions are required for email security, however, has not been confirmed in reality. This is also underlined by statements from leading Microsoft employees. Terry Zink, who was responsible at Microsoft for implementing the sender reputation standards for Office 365 and all Microsoft email services, put it this way: “Therefore, to get the fullest protection possible, I recommend relying upon the 3rd party service, and then maybe or maybe not doing double-filtering in EOP (accepting the fact that there will be false positives and false negatives). But, don’t just rely on EOP.” This illustrates that supplementary safety products will be required in the foreseeable future. This is confirmed by the fact that features such as S/MIME-based, organization-capable email encryption, granularly configurable security policies, intelligent and learning algorithms, content disarming and the ability to flexibly create the most diverse email signatures in the company are not covered by Microsoft’s offerings. This article examines which requirements are met by Microsoft’s own products, and how you can further optimize the security of your organization with a complementary security product such as NoSpamProxy.

The Basis for Digital Transformation: Office 365

Office 365

With services and apps such as Office 365, Outlook, Exchange Online, Teams, SharePoint or OneNote, Microsoft has positioned itself perfectly to offer companies an ideal basis for digital transformation. More and more companies are using these tools to turn the workplace of the future into reality. The primary tool for employees is Office 365, a combination of various cloud services for collaboration, security and compliance, mobility as well as intelligence and analytics. For many companies, email security is particularly important when using Office 365 products.

Exchange Online Protection 

With Exchange Online Protection (EOP), Microsoft offers its customers an integrated email security service. EOP is included with Exchange Online and every Office 365 subscription that includes Exchange Online. EOP is an email filtering service that provides spam and malware protection and can be used cloud-based, in a hybrid scenario or as a stand-alone solution (for on-premises mailboxes).

Spam protection for Office 365 Emails 

All functionalities of the spam filter in EOP are summarized under the term Anti-spam. The filter checks incoming emails for typical characteristics of spam. The filtering options are customizable, as are the notification options for users. The spam filter is a combination of connection and content filtering. If an email is identified as spam, it ends up in the junk folder of each user by default. Inbound email spam protection is enabled by default. EOP also offers a spam filter for outbound emails, which is also activated by default, and outbound spam protection also consists of a combination of connection and content filtering. However, the outbound filter settings cannot be configured. If an outbound email is classified as spam, it is marked as “risky delivery” in the system. This prevents harmless IP addresses from being added to a blacklist. Outbound spam filtering cannot be disabled or changed, but you can configure various company-wide spam settings using the default outbound spam policy. The so-called Spoof Intelligence in EOP aims to fend off spoofing attacks. In spoofing, criminals use email addresses of users within your organizational domain and impersonate them. As a defense, EOP checks the From headers of inbound emails as well as the authentication entries for SPF, DKIM and DMARC. However, the email is not rejected directly, but either moved to the junk mail folder or marked accordingly.

Protection against Malware  

Several anti-malware systems work in EOP to scan emails for viruses and spyware. As soon as malware is found in an email, the email is deleted and the administrator is notified. In addition, infected attachments can be replaced with a customizable message. It is also possible to configure the filtering and further processing of attachments more closely by making appropriate settings in the transport rules.

Advanced Threat Protection  

Microsoft offers Advanced Threat Protection (ATP) as a paid add-on option to EOP. ATP provides protection against phishing attacks, zero-day attacks, malicious links and infected email attachments.

ATP Safe Links 

This service checks URLs in emails and Office documents – after matching against existing whitelists or blacklists – at the time of clicking to see whether the targets of the links are harmless. Accordingly, the links are then classified as blocked, malicious or secure. If the URL is considered secure, it is opened.

ATP Safe Attachments 

If enabled, ATP Safe Attachments scans email attachments and files in SharePoint, OneDrive and teams for malicious content. This involves scanning and classifying files in a virtual environment. Email attachments classified as malicious are automatically removed; malicious files on SharePoint, OneDrive, or in teams are blocked.

EOP and ATP: Risiks and Weaknesses

However, the integrated protection functions in Office 365 also have shortcomings. One example is the administration of the quarantine folder: A maximum of 500 emails can be displayed and this only after the emails have been divided into categories such as spam, malware, phishing etc. In addition, quarantined emails are automatically and irrevocably deleted after 30 days. The potential problems that can arise from this behavior are manifold, for example if misclassified emails with important information disappear unnoticed. Other vulnerabilities include email and mailbox management: There is no easy way to remove emails across multiple mailboxes in Office 365 – for example, if they have accidentally passed the configured filters. Emails in the spam folders of individual users can still be opened in the basic configuration of EOP, and the malicious links can still be clicked. This means that even after the inbound emails has been filtered, there is still a danger – namely the ignorance of the users. One last example: ATP does not offer a whitelist or any other integrated way to mark certain domains as harmful or harmless.

How to optimise Office 365 Email Security with NoSpamProxy

With Exchange Online Protection and Advanced Threat Protection, Microsoft offers a powerful package to protect against spam and malware. However, the demands placed on modern communication are particularly high these days: effective real-time protection against all types of malware, reliable communication with partners and clarity and transparency are increasingly required. With NoSpamProxy all this can be realized – flexible, scalable and with an integrated encryption solution.

NoSpamProxy in der Cloud - Anti Spam, E-Mail-Verschlüsselung, SSL Verschlüsselung, große Dateien verschicken

Reliable and simple 

The Level of Trust system in NoSpamProxy learns who you or your company’s employees are communicating with. It is a multi-layered system that assesses the trustworthiness of a communication relationship or domain. A sender must earn “trust”. A reliable and lasting connection history is crucial. The system evaluates various criteria, including sender addresses and checksums, but above all also the address relationships between senders and recipients of emails and the relationship between sender, subject and domain of the recipient. With message tracking, the processing of each individual email can be tracked quickly and in detail at any time. Administrators thus have a complete overview of inbound and outbound email communication in the company at all times. Full transparency at the click of a mouse – or PowerShell, because NoSpamProxy also allows automation and administration from the command line.    Another reason why the spam filter in NoSpamProxy is transparent is that there is no quarantine: The approach that prevents emails from being lost in confusing quarantine folders is to fend off them instead of sorting them. If emails are rejected, “real” senders are of course informed about the non-delivery.

Content Disarm and Reconstuction 

NoSpamProxy converts attachments in Word, Excel or PDF format rule-based and automatically into non-critical PDF files. In this way, potentially existing malicious code is eliminated and a guaranteed safe attachment is delivered to the recipient. If configured, the PDF document contains an additional page with individual notes on the reason for the conversion and, if required, a link to the original document.

Automatically rewrite dangerous URLs

The URL Safeguard prevents access to malicious content accessed via links. If the domain contained in the link does not exist in any of the lists, NoSpamProxy replaces the original link with a link pointing to the NoSpamProxy Web Portal. In these cases, the email delivered to the recipient contains only the rewritten link. On the Web Portal, the links are then evaluated at the time of clicking. If the link is classified as harmless, access to the original URL is permitted and executed. If the link is classified as dangerous, access is blocked. Using the level of trust approach of NoSpamProxy, the URL Safeguard can, for example, only be activated for URLs in emails from unknown communication partners.

Integrated encryption directly in Microsoft Outlook

In many industries, encrypted communication is a prerequisite for awarding contracts and legal security – and also the basis for data protection and EU-DSGVO-compliant data exchange. NoSpamProxy offers S/MIME and PGP encryption at the push of a button, and takes over the administration of keys and certificates for you.

Conclusion

With ATP and EOP, Microsoft offers email security modules that provide basic protection, but offer companies few customization options. This one-size-fits-all approach allows Microsoft to decide, for example, whether a newsletter is of interest to a business user or whether it ends up in a spam folder. With NoSpamProxy you optimize your Office 365 email security and guarantee security, transparency and simplicity. NoSpamProxy is protection against spam and malware as well as secure email encryption for your Office 365 emails – scalable, reliable and Made in Germany.