Office365: Order & Precedence of Protection Rules

Deep within Microsoft’s documentation ecosystem lies this document – the order in which various spam filters are applied to incoming emails!

The order of processing for the email protection type: This order isn’t configurable, and is described in the following table:

OrderEmail protectionCategoryWhere to manage
1MalwareCAT:MALWConfigure anti-malware policies in EOP
2High confidence phishingCAT:HPHSHConfigure anti-spam policies in EOP
3PhishingCAT:PHSHConfigure anti-spam policies in EOP
4High confidence spamCAT:HSPMConfigure anti-spam policies in EOP
5SpoofingCAT:SPOOFSpoof intelligence insight in EOP
6*User impersonation (protected users)CAT:UIMPConfigure anti-phishing policies in Microsoft Defender for Office 365
7*Domain impersonation (protected domains)CAT:DIMPConfigure anti-phishing policies in Microsoft Defender for Office 365
8*Mailbox intelligence (contact graph)CAT:GIMPConfigure anti-phishing policies in Microsoft Defender for Office 365
9SpamCAT:SPMConfigure anti-spam policies in EOP
10BulkCAT:BULKConfigure anti-spam policies in EOP

Getting Inbox or Mailbox Rules in Office365 via Powershell

First, login to your tenant via Powershell using Microsoft’s new Exchange V2 Powershell module.

We’re going to be using the Get-InboxRule commandlet. If you run it outright, you’ll see a limited list of Inbox rules across your tenant. To narrow things down, you can use Get-InboxRule -Mailbox [user] to get rules for a specific user. Using the -Identity parameter will not work for this! Identity is for specifying specific Inbox rules. You can use wildcards, so you could do Get-InboxRule -Mailbox jeff*

The results will be:

From here, you can use the -Identity parameter to get information on specific rules such as their date of creation, what they actually do, and more!

Check it out.

Locating IMAP and POP Enabled from Mailboxes in Office365 Using Powershell V2 Module

Using Microsoft’s recently released Exchange Online PowerShell V2 Module, we can easily find IMAP and POP from mailboxes in Office365 via Powershell.

Finding IMAP and POP Mailboxes, Powershell V2:

Get-EXOCASMailbox -Filter {IMAPEnabled -eq $True -or POPEnabled -eq $True}

If you’d like to disable, take a look at my next post about doing that!

Office365 Powershell One-Liner: Find Emails Stuck in Users’ Outboxes

I wrote this quick and dirty one-liner to help monitor and find stuck emails in Exchange / Office365 mailboxes across a tenant and export the list as a CSV.

Get-Mailbox -ResultSize Unlimited | Get-MailboxFolderStatistics | Where-Object {$_.Name -eq "Outbox" -and $_.ItemsInFolder -gt '0' } | Select-Object Identity, FolderType, ItemsinFolder, FolderSize | Export-CSV "C:\CSVs\Outbox.csv"