Office 365

Exchange Online Protection

What is Exchange Online Protection?

Exchange Online Protection (EOP) is Microsoft's solution for email filtering - protecting USF from spam, phishing, and other malicious emails. It uses Microsoft's advanced threat intelligence platform to protect us from new and evolving threats.

Important points to consider:
  1. You will have a new quarantine experience, replacing your current Barracuda quarantine. 
  2. You may, temporarily, receive more spam and phishing as the tool learns and adapts to our environment. If you do, we encourage you to report these using the new reporting method outlined in the instructions below.
  3. You may also experience emails being blocked differently - we encourage you to report these as false positives.
  4. Sending services like MailChimp that send as a usf.edu address will experience delivery issues.

Managing your Quarantine

Your email quarantine is where we place emails suspected to be phishing or spam. This ensures they do not reach your mailbox, but you can still choose to deliver select messages that are considered 'false positives'. 

Critical FAQs

  1. If you release a message it will still appear in your quarantine list.
  2. To whitelist a sender, please review the section below titled "I want to ensure a sender is allowed or blocked - how do I manage this?"
    Note: You cannot whitelist a domain, only an individual sender address.
  3. If you have a sender on your block list, you cannot deliver their message. If you deliver a message from Quarantine and it does not appear, check your blocked senders list using the instructions in the FAQ below.
Important points:
  1. Your junk and phishing messages will exist in quarantine for 30 days. You must deliver within that time window, or the message will not be recoverable. Messages marked as malware are only available for 15 days.
  2. You can only deliver messages marked as junk - messages marked as phishing can be delivered via request to IT.
  3. Some messages will be quarantined that you consider legitimate - this is expected, and you can report it as a false positive using instructions later in this page.
  4. You will receive a notice regarding messages in your quarantineYou will not receive a notice each day - just when something new arrives in your quarantine.
  5. Messages marked as spam or bulk email can be delivered without contacting IT. Instructions for this piece are below. We automatically filter any malware or phishing messages to offer additional protection. You can report phishing and spam messages you receive with instructions below.

How do I access my quarantine to release messages?

Visit https://protection.office.com/quarantine to access from any browser (we do not recommend performing this from your mobile phone at this time). 

You can click on each message, review it, and release it if applicable by selecting "release message". We also suggest reporting this false positive to Microsoft at the same time to improve filter accuracy (review screenshots below for options).

Office 365 quarantineReport message to Microsoft

Reporting Spam and Phishing

As part of this roll-out, we are making it easier for you to report spam and phishing that you do receive. Reporting these messages appropriately helps teach the spam filter what needs to be blocked. 

What is the difference between spam and phishing messages? Isn't everything spam?

Not quite - they are both unwanted messages, but in practice they are very different. Spam is simply unwanted commercial messages, like advertisements, and general 'clutter'. Phishing is more targeted, with the goal being to retrieve information or gain access to a machine/resource. The information gathered can be used for many purposes, but typically asks for credentials to take further action.

We request that when you receive spam or phishing, you report it via the options outlined in the section below.

How do I report spam and phishing?

You can report spam/phishing in a couple different ways - via email to Microsoft or using the Junk Email Reporting feature. We suggest using the Junk Email report option available in both Outlook Web Access (OWA) and in Outlook desktop. 

To report a message in OWA, right-click the message and select the appropriate option (see screenshot below).

Report options OWA

You can also click the message, and select the appropriate option from the menu at the top of your screen (screenshot below).

Report message Outlook Web Access

To report a message in Outlook, open the message, select the "Report Message" in the upper right, then select the appropriate option. 

Outlook report add-on

If you are unable to use one of the methods above, you may also report the message directly to Microsoft via email.

Start typing "REPORT..." into your address bar, and select the desired address (screenshot below).

GAL

To report a message as legitimate and help ensure delivery in the future, select the "report as not junk" option when available. This will help train the spam filter.

I accidentally delivered and interacted with a phishing message - what do I do?

USF has a variety of security solutions to help protect your account from any malicious activity such as our filtering, MFA, and others. If you did interact with a malicious message, we encourage you to take the following steps:

  1. Reset your password at https://netid.usf.edu
  2. Check your email account for any new rules, or others behaviors. Please delete the rule as soon as possible.
  3. Reach out to IT via email at help@usf.edu or via phone at 813-974-HELP (3457)

I want to ensure a sender is allowed or blocked - how do I manage this?

Previously called whitelist/blocklist in Barracuda, this new feature is called your Safe Senders and Blocked Senders list. You can manage it using Outlook Web Access (recommended).

Open OWA at https://outlook.com/usf.edu

Once there, select "Settings" in the upper right, and then select "View all Outlook settings".

Then select Junk email, and a menu like the one below will appear.

OWA safe sender list

For senders you want to block, add them to "Blocked senders and domains"

For a safe sender (an entity that sends legitimate emails), add them to "Safe senders and domains"

I have access to another mailbox - can I manage that quarantine too?

Yes - you can manage the quarantine for mailboxes that you have access to.

When a new message is quarantined for that mailbox, you will get a notice like the one below. Select the desired action from the notice in order to manage the message.

Shared mailbox quarantine notice

After clicking, you will be brought to a quarantine page. You will see your mailbox quarantine on the left, but the message you need to manage will be on the right side of the screen, as shown in the screenshot below.

Shared quarantine

Note: if you get a message after clicking review that states you do not have authorization, just click release on the notification message instead.

I tried sending an email with an attachment, but it was blocked.

If you regularly send any of the file types below, your message will be blocked. You will to instead use a cloud storage solution such as OneDrive or Box to share the file.

Block file types are:

.ace
.ani
.app
.docm
.exe
.jar
.reg
.scr
.vbe
.vbs