EOP debrand

Author: chrisda

defender-office-365/address-compromised-users-quickly.md

@@ -17,7 +17,7 @@ ms.date: 06/09/2023
 description: Learn how to speed up the process of detecting and addressing compromised user accounts with automated investigation and response capabilities in Microsoft Defender for Office 365 Plan 2.
 ms.service: defender-office-365
 appliesto:
-  - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
+  - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Default email protections in Microsoft 365</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
   - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
 ---

defender-office-365/advanced-delivery-policy-configure.md

@@ -1,5 +1,5 @@
 ---
-title: Anti-malware protection
+title: Anti-malware protection for email In Microsoft 365
 f1.keywords: 
   - NOCSH
 ms.author: chrisda
@@ -14,33 +14,33 @@ ms.assetid: 0e39a0ce-ab8b-4820-8b5e-93fbe1cc11e8
 ms.collection: 
   - m365-security
   - tier2
-description: Admins can learn about anti-malware protection and anti-malware policies that protect against viruses, spyware, and ransomware in Exchange Online Protection (EOP).
+description: Admins can learn about anti-malware email protection and anti-malware policies that protect against viruses, spyware, and ransomware in Microsoft 365.
 ms.custom: seo-marvel-apr2020
 ms.service: defender-office-365
 ms.date: 06/24/2025
 appliesto:
-  - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
+  - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Default email protections in Microsoft 365</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
   - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
 ---
 
-# Anti-malware protection in EOP
+# Anti-malware protection for email in Microsoft 365
 
 [!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)]
 
-In Microsoft 365 organizations with mailboxes in Exchange Online or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes, email messages are automatically protected against malware by EOP. Some of the major categories of malware are:
+In Microsoft 365 organizations with cloud mailboxes, anti-malware protection for email is on by default. Some of the major categories of malware are:
 
 - **Viruses** that infect other programs and data, and spread through your computer or network looking for programs to infect.
 - **Spyware** that gathers your personal information, such as sign-in information and personal data, and sends it back to its author.
 - **Ransomware** that encrypts your data and demands payment to decrypt it. Anti-malware software doesn't help you decrypt encrypted files, but it can detect the malware payload that's associated with the ransomware.
 
-EOP offers multi-layered malware protection that's designed to catch all known malware in Windows, Linux, and Mac that travels into or out of your organization. The following options help provide anti-malware protection:
+Anti-malware protection for email in Microsoft 365 is multi-layered and designed to catch all known malware that travels into or out of your organization. The following options help provide anti-malware protection:
 
-- **Layered defenses against malware**: Anti-malware scans help protect against both known and unknown threats. Microsoft's anti-malware includes powerful heuristic detection that provides protection even during the early stages of a malware outbreak.
+- **Layered defenses against malware**: Anti-malware scans of email help protect against both known and unknown threats. Microsoft's anti-malware includes powerful heuristic detection that provides protection even during the early stages of a malware outbreak.
 - **Real-time threat response**: During some outbreaks, the anti-malware team might have enough information about a virus or other form of malware to write sophisticated policy rules that detect the threat, even before a definition is available. These rules are published to the global network every 2 hours to provide your organization with an extra layer of protection against attacks.
 - **Fast anti-malware definition deployment**: The anti-malware team can receive and integrate malware definitions and patches before they're publicly released.
 
-In EOP, messages that are found to contain malware in _any_ attachments are quarantined<sup>\*</sup>. Whether the recipients can view or otherwise interact with the quarantined messages is controlled by _quarantine policies_. By default, messages that were quarantined due to malware can only be viewed and released by admins. Users can't release their own quarantined malware messages, regardless of any available settings that admins configure. For more information, see the following articles:
+Microsoft 365 quarantines messages when malware is found in _any_ attachment<sup>\*</sup>. Whether the recipients can view or otherwise interact with the quarantined messages is controlled by _quarantine policies_. By default, messages that were quarantined due to malware can only be viewed and released by admins. Users can't release their own quarantined malware messages, regardless of any available settings that admins configure. For more information, see the following articles:
 
 <sup>\*</sup> Malware filtering is skipped on SecOps mailboxes that are identified in the advanced delivery policy. For more information, see [Configure the advanced delivery policy for third-party phishing simulations and email delivery to SecOps mailboxes](advanced-delivery-policy-configure.md).
 
@@ -51,7 +51,7 @@ Anti-malware policies also contain a _common attachments filter_. Messages that
 
 For more information about anti-malware protection, see the [Frequently asked questions: Anti-malware protection for email in Microsoft 365](anti-malware-protection-faq.yml).
 
-To configure the default anti-malware policy, and to create, modify, and remove custom anti-malware policies, see [Configure anti-malware policies](anti-malware-policies-configure.md). In the Standard and Strict [preset security policies](preset-security-policies.md), the anti-malware policy settings are already configured and unmodifiable as described in [EOP anti-malware policy settings](recommended-settings-for-eop-and-office365.md#eop-anti-malware-policy-settings).
+To configure the default anti-malware policy, and to create, modify, and remove custom anti-malware policies, see [Configure anti-malware policies](anti-malware-policies-configure.md). In the Standard and Strict [preset security policies](preset-security-policies.md), the anti-malware policy settings are already configured and unmodifiable as described in [Anti-malware policy settings](recommended-settings-for-eop-and-office365.md#anti-malware-policy-settings).
 
 > [!TIP]
 > If you disagree with the malware verdict, you can report the message attachment to Microsoft as a false positive (good attachment marked as bad) or a false negative (bad attachment allowed). For more information, see [How do I report a suspicious email or file to Microsoft?](submissions-report-messages-files-to-microsoft.md).

defender-office-365/anti-malware-policies-configure.md

@@ -18,18 +18,18 @@ metadata:
     - tier2
   ms.custom:
     - seo-marvel-apr2020
-  description: Admins can view frequently asked questions and answers about anti-malware protection in Exchange Online Protection (EOP).
+  description: Admins can view frequently asked questions and answers about anti-malware protection for email in Microsoft 365.
   ms.service: defender-office-365
-title: Anti-malware protection FAQ
+title: Frequently asked questions - Anti-malware protection
 summary: |
   [!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)]
 
   **Applies to**
-  - [Exchange Online Protection](eop-about.md)
+  - [Default email protections in Microsoft 365](eop-about.md)
   - [Microsoft Defender for Office 365 Plan 1 and Plan 2](mdo-about.md#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet)
   - [Microsoft Defender XDR](/defender-xdr/microsoft-365-defender)
 
-  This article provides frequently asked questions and answers about anti-malware protection for Microsoft 365 organizations with mailboxes in Exchange Online, or standalone Exchange Online Protection (EOP) organizations without Exchange Online mailboxes.
+  This article provides frequently asked questions and answers about anti-malware protection for email in Microsoft 365 organizations with cloud mailboxes.
 
   For questions and answers about the quarantine, see [Quarantine FAQ](quarantine-faq.yml).
 
@@ -43,7 +43,7 @@ sections:
       - question: |
           What are best practice recommendations for configuring and using the service to combat malware?
         answer: |
-          See [EOP anti-malware policy settings](recommended-settings-for-eop-and-office365.md#eop-anti-malware-policy-settings).
+          See [Anti-malware policy settings](recommended-settings-for-eop-and-office365.md#anti-malware-policy-settings).
 
       - question: |
           How often are the malware definitions updated?
@@ -68,9 +68,7 @@ sections:
       - question: |
           Does the service scan internal messages for malware?
         answer: |
-          For organizations with Exchange Online mailboxes, the service scans for malware in all inbound and outbound messages, including messages sent between internal recipients.
-
-          A standalone EOP subscription scans messages as they enter or leave the on-premises email organization. Messages sent between internal on-premises recipients aren't scanned for malware. However, you can use the built-in anti-malware scanning features of Exchange Server. For more information, see [Anti-malware protection in Exchange Server](/Exchange/antispam-and-antimalware/antimalware-protection/antimalware-protection).
+          For Microsoft 365 organizations with cloud mailboxes, the service scans for malware in all inbound and outbound messages, including messages sent between internal recipients.
 
       - question: |
           Is heuristic scanning enabled?
@@ -104,11 +102,9 @@ sections:
       - question: |
           How can I configure the service to block specific executable files (such as \*.exe) that I fear may contain malware?
         answer: |
-          You can enable and configure the *common attachments filter* (also known as *common attachment blocking*) as described in [Common attachments filter in anti-malware policies](anti-malware-protection-about.md#common-attachments-filter-in-anti-malware-policies).
-
-          You can also create an Exchange mail flow rule (also known as transport rule) that blocks any email attachment that has executable content.
+          You can configure the *common attachments filter* (also known as *common attachment blocking*) as described in [Common attachments filter in anti-malware policies](anti-malware-protection-about.md#common-attachments-filter-in-anti-malware-policies).
 
-          Follow the steps in [How to reduce malware threats through file attachment blocking in Exchange Online Protection](https://support.microsoft.com/help/2959596) to block the file types listed in [Supported file types for mail flow rule content inspection in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/inspect-message-attachments#supported-file-types-for-mail-flow-rule-content-inspection).
+          You can also create an Exchange mail flow rule (also known as transport rule) that blocks any email attachment that has executable content. For instructions, see [Use mail flow rules to block messages with executable attachments in Exchange Online](/exchange/security-and-compliance/mail-flow-rules/use-rules-to-block-executable-attachments).
 
           For increased protection, we also recommend using the **Any attachment file extension includes these words** condition in mail flow rules to block some or all of the following extensions: `ade, adp, ani, bas, bat, chm, cmd, com, cpl, crt, hlp, ht, hta, inf, ins, isp, job, js, jse, lnk, mda, mdb, mde, mdz, msc, msi, msp, mst, pcd, reg, scr, sct, shs, url, vb, vbe, vbs, wsc, wsf, wsh`.
 
@@ -150,9 +146,9 @@ sections:
           Yes, the message trace tool enables you to follow email messages as they pass through the service. For more information about how to use the message trace tool to find out why a message was detected to contain malware, see [Message trace in the modern Exchange admin center](/exchange/monitoring/trace-an-email-message/message-trace-modern-eac).
 
       - question: |
-          Can I use a third-party anti-spam and anti-malware provider with Exchange Online?
+          Can I use a non-Microsoft anti-spam and anti-malware provider with Exchange Online?
         answer: |
-          Yes. In most cases, we recommend that you point your MX records to (that is, deliver email directly to) EOP. If you need to route your email somewhere else first, you need to enable [Enhanced Filtering for Connectors](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors) so EOP can use the true message source in filtering decisions.
+          Yes. Generally, we recommend that you point your MX records to (that is, deliver email directly to) Microsoft 365. If you need to route your email somewhere else first, you need to enable [Enhanced Filtering for Connectors](/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors) so Microsoft 365 can use the true message source in filtering decisions.
 
       - question: |
           Are spam and malware messages being investigated as to who sent them, or being transferred to law enforcement entities?

defender-office-365/anti-malware-protection-about.md

@@ -21,7 +21,7 @@ ms.custom: seo-marvel-apr2020
 ms.service: defender-office-365
 ms.date: 06/17/2025
 appliesto:
-  - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
+  - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Default email protections in Microsoft 365</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
 
 ---

defender-office-365/anti-malware-protection-faq.yml

@@ -1,5 +1,5 @@
 ---
-title: How EOP validates the From address to prevent phishing
+title: How Microsoft 365 validates the From address to prevent phishing
 f1.keywords: 
   - NOCSH
 ms.author: chrisda
@@ -15,21 +15,21 @@ ms.assetid: eef8408b-54d3-4d7d-9cf7-ad2af10b2e0e
 ms.collection: 
   - m365-security
   - tier2
-description: Admins can learn how Exchange Online Protection (EOP) and Outlook.com enforce email address syntax to help prevent phishing.
+description: Admins can learn how Microsoft 365 enforces email address syntax to help prevent phishing.
 ms.custom: seo-marvel-apr2020
 ms.service: defender-office-365
 ms.date: 3/28/2024
 appliesto:
-  - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Exchange Online Protection</a>
+  - ✅ <a href="https://learn.microsoft.com/defender-office-365/eop-about" target="_blank">Default email protections in Microsoft 365</a>
   - ✅ <a href="https://learn.microsoft.com/defender-office-365/mdo-about#defender-for-office-365-plan-1-vs-plan-2-cheat-sheet" target="_blank">Microsoft Defender for Office 365 Plan 1 and Plan 2</a>
   - ✅ <a href="https://learn.microsoft.com/defender-xdr/microsoft-365-defender" target="_blank">Microsoft Defender XDR</a>
 ---
 
-# How EOP validates the From address to prevent phishing
+# How Microsoft 365 validates the From address to prevent phishing
 
 [!INCLUDE [MDO Trial banner](../includes/mdo-trial-banner.md)]
 
-Phishing attacks are a constant threat to any email organization. In addition to using [spoofed (forged) sender email addresses](anti-phishing-protection-spoofing-about.md), attackers often use values in the From address that violate internet standards. To help prevent this type of phishing, Exchange Online Protection (EOP) and Outlook.com require inbound messages to include an RFC-compliant From address as described in this article.
+Phishing attacks are a constant threat to any email organization. In addition to using [spoofed (forged) sender email addresses](anti-phishing-protection-spoofing-about.md), attackers often use values in the From address that violate internet standards. To help prevent this type of phishing, Microsoft 365 requiref inbound messages to include an RFC-compliant From address as described in this article.
 
 - If you regularly receive email from organizations that have malformed From addresses as described in this article, encourage these organizations to update their email servers to comply with modern security standards.