Exchange Online – A new enhanced filtering settings

As you are aware, properly configured inbound connectors to Exchange Online is very important to ensure proper and secure mail flow (including capability to fight against spam and phishing emails).

While the trusted source is usually identified as the IP address(es), in complex scenario – such as third party hygiene solution, Exchange Hybrid implementation or managed appliance – this IP address is not always to correct indicator.

To help you increase your mail hygiene implementation while ensuring mail flow continue to works, Office 365/Exchange Online now has an enhanced filtering capability.

How does it works?

In complex routing scenarios where you must point your MX record to something other than Office 365, Enhanced Filtering for Connectors allows EOP to overlook, or skip, your internal (trusted) IP addresses to find the last known external (untrusted) IP address of the message. This previous IP should be the actual source IP address of the message. This feature is known as skip listing.

To start implementing this enhanced filtering feature, logon to your Security and Compliance portal ( and reach out the Threat management\Policy blade


There you will find the new Enhanced Filtering option


When you access the Enhanced Filtering it will list your existing inbound connector and the status of the filtering option – default is Disabled


When you click on one of these connectors, you will then have the ability to configure the enhanced filtering as well as to which users this will apply

It is recommended to first apply to a subset of your users to monitor and learn how it goes


You can also use the Security and Compliance PowerShell command

Set-InboundConnector -Identity <inboundconnector> [-EFSkipLastIP <$true | $false>] [-EFSkipIPs <IPAddresses>] [-EFUsers “emailaddress1″,”emailaddress2”]

The Security and Compliance portal can help you identify if you have domain(s) failing under such complex scenario by checking the Threat Management\Dashboard using the Domains where email isn’t routed to Office 365 widget which then gives you the list of ‘impacted’ domains and where there are pointing to

NOTE this checks if the MX record is set to point to Office 365; if you point it to a CNAME which then point to Office 365, the domain will be identified as in the ‘complex routing’ scenario

image_thumb[1]  image_thumb[2]

Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.