Exchange Online Protection
What is Exchange Online Protection?
Exchange Online Protection (EOP) is Microsoft's solution for email filtering - protecting USF from spam, phishing, and other malicious emails. It uses Microsoft's advanced threat intelligence platform to protect us from new and evolving threats.
Important points to consider:
- You will have a new quarantine experience, replacing your previous Barracuda quarantine.
- You may, temporarily, receive more spam and phishing as the tool learns and adapts to our environment. If you do, we encourage you to report these using the new reporting method outlined in the instructions below.
- You may also experience emails being blocked differently - we encourage you to report these as false positives.
- Sending services like MailChimp that send as a usf.edu address will experience delivery issues.
Managing your Quarantine
Your email quarantine is where we place emails suspected to be phishing or spam. This ensures they do not reach your mailbox, but you can still choose to deliver select messages that are considered 'false positives'.
- If you release a message it will still appear in your quarantine list.
- To whitelist a sender, please review the section below titled "I want to ensure a
sender is allowed or blocked - how do I manage this?"
Note: You cannot whitelist a domain, only an individual sender address.
- If you have a sender on your block list, you cannot deliver their message. If you deliver a message from Quarantine and it does not appear, check your blocked senders list using the instructions in the FAQ below.
- Your junk and phishing messages will exist in quarantine for 30 days. You must deliver within that time window, or the message will not be recoverable. Messages marked as malware are only available for 15 days.
- You can only deliver messages marked as junk - messages marked as phishing can be delivered via request to IT.
- Some messages will be quarantined that you consider legitimate - this is expected, and you can report it as a false positive using instructions later in this page.
- You will receive a notice regarding messages in your quarantine. You will not receive a notice each day - just when something new arrives in your quarantine.
- Messages marked as spam or bulk email can be delivered without contacting IT. Instructions for this piece are below. We automatically filter any malware or phishing messages to offer additional protection. You can report phishing and spam messages you receive with instructions below.
Visit https://protection.office.com/quarantine to access from any browser (we do not recommend performing this from your mobile phone at this time).
You can click on each message, review it, and release it if applicable by selecting "release message". We also suggest reporting this false positive to Microsoft at the same time to improve filter accuracy (review screenshots below for options).
Reporting Spam and Phishing
As part of this roll-out, we are making it easier for you to report spam and phishing that you do receive. Reporting these messages appropriately helps teach the spam filter what needs to be blocked.
Not quite - they are both unwanted messages, but in practice they are very different. Spam is simply unwanted commercial messages, like advertisements, and general 'clutter'. Phishing is more targeted, with the goal being to retrieve information or gain access to a machine/resource. The information gathered can be used for many purposes, but typically asks for credentials to take further action.
We request that when you receive spam or phishing, you report it via the options outlined in the section below.
You can report spam/phishing in a couple different ways - via email to Microsoft or using the Junk Email Reporting feature. We suggest using the Junk Email report option available in both Outlook Web Access (OWA) and in Outlook desktop.
To report a message in OWA, right-click the message and select the appropriate option (see screenshot below).
You can also click the message, and select the appropriate option from the menu at the top of your screen (screenshot below).
To report a message in Outlook, open the message, select the "Report Message" in the upper right, then select the appropriate option.
If you are unable to use one of the methods above, you may also report the message directly to Microsoft via email.
Start typing "REPORT..." into your address bar, and select the desired address (screenshot below).
To report a message as legitimate and help ensure delivery in the future, select the "report as not junk" option when available. This will help train the spam filter.
USF has a variety of security solutions to help protect your account from any malicious activity such as our filtering, MFA, and others. If you did interact with a malicious message, we encourage you to take the following steps:
Previously called whitelist/blocklist in Barracuda, this new feature is called your Safe Senders and Blocked Senders list. You can manage it using Outlook Web Access (recommended).
Open OWA at https://outlook.com/usf.edu
Once there, select "Settings" in the upper right, and then select "View all Outlook settings".
Then select Junk email, and a menu like the one below will appear.
For senders you want to block, add them to "Blocked senders and domains"
For a safe sender (an entity that sends legitimate emails), add them to "Safe senders and domains"
Yes - you can manage the quarantine for mailboxes that you have access to.
When a new message is quarantined for that mailbox, you will get a notice like the one below. Select the desired action from the notice in order to manage the message.
After clicking, you will be brought to a quarantine page. You will see your mailbox quarantine on the left, but the message you need to manage will be on the right side of the screen, as shown in the screenshot below.
Note: if you get a message after clicking review that states you do not have authorization, just click release on the notification message instead.
If you regularly send any of the file types below, your message will be blocked. You will need to instead use a cloud storage solution such as OneDrive or Box to share the file.
Blocked file types are: