Welcome to protecting against phishing, malware, and spam. Exchange Online Protection, or EOP, uses anti-spam policies to protect Exchange Online mailboxes and on-prem mailboxes that are protected with a standalone EOP subscription from spam. The default anti-spam policy provides basic protections. Admins can view it, edit it, and configure settings within it, but they cannot delete the default anti-spam policy. That said, admins can create custom anti-spam policies if needed. They can be applied to certain users, groups, or domains within the organization.

Custom anti-spam policies will always take precedence over the default policy. In cases where there are multiple defined custom policies, you can change the priority of those policies to control the order in which they are processed. You can use the Security and Compliance Center or PowerShell to configure anti-spam policies. Each policy includes two parts, a spam filter policy which determines what actions to take and what notifications to take if the policy fires, and it includes the spam filter rule which determines the priority of the policy and who the policy applies to.

Settings for an anti-spam policy that are related to the name, priority, recipient filters, and whether or not the policy is enabled, are all part of the spam filter rule. Everything else is part of the spam filter policy. Defender for Office 365 offers several advanced anti-phishing features, including anti-phishing policies, campaign views, and attack simulator. The anti-phishing policies available in Microsoft Defender for Office 365 allow you to create custom policies to fit your needs, and they allow you to configure anti-impersonation settings that can be used to protect against impersonation threats. You can also configure mailbox intelligence settings and set adjustable advanced phishing thresholds.

Campaign Views use machine learning and other intelligence to identify messages that are involved in coordinated phishing attacks against you. The Attack Simulator can be used to create and send fake phishing messages to your internal users. You use the Attack Simulator as a way to teach your users about phishing attacks and what to look out for.

Anti-malware policies are used to protect against dangerous malware. Each anti-malware policy consists of a malware filter policy and a malware filter rule. The malware filter policy is used to specify recipient notification settings, sender and admin notification, ZAP, and it includes the Common Attachment Types Filter settings. The malware filter rule is used to specify the priority for the policy and who the policy applies to. 

When you create an anti-malware policy, what you are actually doing is creating both the policy and the rules at the same time. Things like the name, priority, recipient filters, and the status of the policy are all part of the malware filter rule, while other settings like recipient notification, sender and admin notification, ZAP, and the Common Attachment Types Filter are part of the malware filter policy.

A default anti-malware policy is built-in to every organization, it's actually called Default. This default anti-malware policy provides basic protections and it's automatically applied to all recipients within the organization. The priority assigned to this default policy is set to lowest and it cannot be changed. This means that this default policy is always applied last. If you create custom anti-malware policies, those policies will always have a higher priority than the default policy. I should also mention that you cannot delete the default policy either.

Over the next few lessons, I'll show you how to perform some basic policy creations. We'll configure a basic anti-phishing policy, a basic anti-malware policy, and a basic anti-spam policy.