The following table provides a feature comparison between Forefront Online Protection for Exchange (FOPE) and Exchange Online Protection (EOP). It also provides information about new features that are scheduled to be added to the EOP service.
| Feature | FOPE | EOP |
| Anti-spam protection | | |
| Inbound spam detection | Yes | Yes |
| Outbound spam detection | Yes | Yes. EOP adds the ability to configure admin notifications for suspicious outbound messages and blocked outbound messages |
| NDR backscatter protection | Yes | Yes |
| Bulk mail filtering | Yes, by following the steps described in Bulk Mail Filtering in FOPE. | Yes. EOP adds enhanced detection methods to better identify bulk email messages. Additionally, you can easily configure EOP to mark bulk email messages as spam through the user interface. |
| Malicious URL block lists | Yes | Yes. EOP adds two new additional URL block lists that help detect known malicious links within messages. |
| Anti-phishing protection | Yes | Yes. In EOP we’ve significantly improved our anti-phishing protection. FOPE included 30,000 domains of known spammers on our block lists, but EOP has been enhanced to include 750,000 domains of known spammers. |
| | | |
| Spam management | | |
| Ability to configure connection filter IP Allow and IP Block lists | Respected for single IP addresses. | Respected for single IP addresses and CIDR IP address ranges. The service has been significantly improved to support IPV6 addresses. |
| Ability to configure actions on content-filtered messages | Yes | Yes and these options have been enhanced, for example you can now delete content-filtered messages or send them to the Junk Email folder. |
| Ability to configure advanced options for aggressive spam filtering | Yes | Yes |
| International spam filtering | No | Yes. you can configure EOP to block messages written in specific languages, or sent from specific countries or regions. You can configure up to 86 different languages and 250 different regions. |
| Manage spam via Outlook Junk Email folder | Yes | Yes |
| Safe sender management in Outlook | Yes | Yes |
| Blocked sender management in Outlook | No | Yes |
| False negative spam submissions via the Junk Email Reporting Add-in for Microsoft Office Outlook | Yes | Yes |
| False positive and false negative spam submissions via an email alias | Yes | Yes |
| False positive and false negative spam submissions via OWA Junk Email Reporting | No | This feature is available for Outlook Web App (OWA) customers whose Exchange Server 2013 SP1 mailboxes are being filtered by EOP. Exchange Online OWA customers will also have this functionality in the near future. |
| End-user spam quarantine notifications | Yes | Yes |
| End-user spam quarantine notification frequency | 3 days by default. Configurable from 3 to 14 days. 1 day frequency allowed if Directory Based Edge Blocking is deployed. | 3 days by default. Configurable from 1 to 15 days. |
| Ability to configure the language of end-user spam quarantine notifications | No | Yes |
| Access and manage messages in quarantine via a web page | Yes, for end users and administrators. | Yes, for end users and administrators. |
| Ability to search the quarantine | No | Yes |
| Customize content filter policies per user, group, or domain | No | Yes |
| View spam-quarantined message headers from the Exchange admin center | No | Yes |
| Support for anonymous inbound messages over IPv6 | No | This feature is targeted to be added to the service in the third quarter of 2014. There will be limited availability for inbound IPv6 for the first few months, and you can only opt-in by requesting this functionality from technical support. In the future, you’ll be able to opt-in via remote PowerShell or through the Exchange admin center. |
| Support for validation of DKIM signed messages | No | This feature is targeted to be added to the service for IPV6 only in the third quarter of 2014. In a future release, EOP will verify all inbound messages signed with DKIM over IPv4. We will also be providing DKIM signing in the service. |
| Web page for looking up and delisting IP addresses from our internal Microsoft block lists | No | This feature is targeted to be added to the service in the third quarter of 2014. |
| Anti-malware protection | | |
| Multi-engine anti-malware protection | Yes | Yes |
| Option to disable malware filtering | Yes | No. In the updated service we are enforcing anti-malware scanning for all email messages routing through the service. In the past we had separate anti-malware scanning solutions for FOPE standalone and Exchange Online customers. We believe that providing a consistent and rigorous level of protection for all of our customers is a critical part of the defense in depth strategy necessary to protect your email messaging environment. As a result, malware filtering is automatically enabled for all customers. |
| Malware inspection of message body | Yes | Yes |
| Malware inspection of attachments | Yes | Yes |
| Default or custom malware alert notifications | Yes | Yes |
| Option to remove attachment when malware is detected | No, the entire message is blocked. | Yes, administrators can select whether to block the entire message or to strip the attachment and send a customized message to the recipients. |
| Anti-spyware protection | Yes | Yes |
| Customize malware filter policies per user, group, or domain | No | Yes |
| | | |
| Mail routing and connectors | | |
| Intelligent mail routing | Yes, using virtual domains | Yes, using criteria based routing (CBR) |
| Opportunistic TLS | Yes | Yes |
| Forced TLS | Inbound and outbound | Inbound and outbound |
| Inbound safe listing (skip spam filtering for trusted domains) | Yes | Yes, but for EOP we recommend that you use the connection filter IP Allow list instead. |
| Regional routing (restrict mail flow to a specific region) | United States | United States or Europe |
| Policy rules | | |
| Policy-based filtering and actions | Yes, via FOPE policy rules | Yes. Custom policies are significantly enhanced and are more flexible because they are based on Exchange Transport rules. For more information about differences between FOPE policy rules and Exchange Transport rules, see Service upgrade changes for policy rules.. |
| Filter by domain, keyword, file name, file type, subject line, message body, sender, recipient, header, IP address | Yes | Yes |
| Filter by text patterns | Basic (regular expressions) | Advanced (.NET regular-expression engine) |
| Custom dictionaries | Yes | Exchange transport rules can include long lists of text and keywords, providing the same functionality as a custom dictionary. FOPE policy rules that include custom dictionaries will be automatically converted into transport rules as part of the transition. |
| Per-domain policy rules | Yes | Yes |
| Attachment scanning | Scans the file name and file extension, but not the attachment content. | Scans the file name, file extension, and content of the attachment. |
| Send policy rule notifications to sender | Yes | Yes |
| Send policy rule notifications to recipients | Yes | No |
| Send messages to fixed addresses (such as redirecting or copying a message to a specific address) | Yes | Yes |
| 'Maximum number of recipients' match option in policy rule | Yes | No |
| Search policies using IP address, SMTP address, etc. | Yes | This functionality is targeted to be added to the service in the third quarter of 2014. |
| Ability to easily adjust rules priority across multiple rules | Yes | Yes |
| Administration | | |
| Web-based administration | Yes, via FOPE Admin Center | Yes, via the Exchange admin center (EAC) |
| Integration with Office 365 admin center | No | Yes |
| Language support for admin center | 17 languages | EAC: 60 languages Excel Reporting Workbook: 60 languages |
| Directory synchronization | Yes, via the FOPE Directory Sync Tool | Yes, via the Windows Azure Active Directory Sync Tool |
| Upload user files via SFTP | Yes | EOP does not support uploading a user list by using the Secure File Transfer Protocol (SFTP). However, FOPE tenants who used SFTP to upload users and manage virtual domains can use remote Windows PowerShell in EOP to upload users and add users to distribution groups. For more information, see Use remote Windows PowerShell to manage users by using FOPE SFTP files. |
| Directory Based Edge Blocking | Yes | Yes. For more information about configuring DBEB, see Use Directory Based Edge Blocking to Reject Messages Sent to Invalid Recipients. For additional information about how FOPE customers who use DBEB are being transitioned to EOP, see the following blog article: In Deployment: Directory Based Edge Blocking for Exchange Online Protection. |
| SMTP Connectivity Checker tool | Yes | Yes For more information about using this tool, see Test mail flow with the Remote Connectivity Analyzer. |
| Configurable domains per tenant | 600 | 900 |
| Match subdomains | Yes | Yes |
| Remote Windows PowerShell access | No | Yes |
| Reporting and logging | | |
| Message trace | Yes, 30 days of message trace data | Yes, 90 days of message trace data |
| Subject line shown in message trace | No | Yes |
| Web-based reports | Yes | Yes, with improved report visualization. The mail protection reports in the Office 365 admin center provide an interactive reporting experience for admins. Summary and detail reporting data is available for 90 days. |
| Spam reporting | Yes | Enhanced. For example, reports are available by category. |
| Malware reporting | Yes | Yes |
| Scheduled delivery of reports via email | Yes | No, we recommend that you run interactive reports in the Office 365 admin center instead. |
| Detailed reporting via the Excel reporting workbook | No | Yes. The email protection reports in the Excel 2013 reporting workbook is available. However, we recommend using the enhanced Office 365 admin center reports instead. The Excel 2013 reporting workbook is planned to be deprecated in the future. |
| Deferral notifications (notify an administrator if an inbound message was deferred by the service) | Yes | No |
| Run reports for a specific domain | Yes | You cannot run Office 365 admin center reports or Excel reporting workbook reports for a specific domain. However, in the message trace you can search by sender/recipient using wildcards to limit to a specific domain. |
| Audit logging | Yes | Yes (administrator role group report and administrator audit log) |
| Service Level Agreement (SLA) and support | | |
| Spam effectiveness SLA | >99% | >99% |
| False positive ratio SLA | <1:250,000 | <1:250,000 |
| Virus detection and blocking SLA | 100% of known viruses | 100% of known viruses |
| Monthly uptime SLA | 99.999% | 99.999% |
| 24/7 phone and web technical support | Yes | Yes |
| Free 90-day deployment assistance from Implementation Project Manager for customers with 1,000 seats or more | Yes | Yes |
| Other features | | |
| Data center mail routing by geographic region | No | Yes |
| Geo-redundant global network of servers | Yes | Yes |
| Message queuing when on-premises server cannot accept mail | Yes, 5 days | Yes, 2 days |
| Exchange Hosted Encryption available as an add-on service | Yes | Yes |
| Migrate on-premises mailboxes to Office 365 including Exchange Online | Yes | Yes, with a significantly simplified transition experience |
No comments:
Post a Comment