Office365: Order & Precedence of Protection Rules
Deep within Microsoft’s documentation ecosystem lies this document – the order in which various spam filters are applied to incoming emails!
The order of processing for the email protection type: This order isn’t configurable, and is described in the following table:
Order | Email protection | Category | Where to manage |
---|---|---|---|
1 | Malware | CAT:MALW | Configure anti-malware policies in EOP |
2 | High confidence phishing | CAT:HPHSH | Configure anti-spam policies in EOP |
3 | Phishing | CAT:PHSH | Configure anti-spam policies in EOP |
4 | High confidence spam | CAT:HSPM | Configure anti-spam policies in EOP |
5 | Spoofing | CAT:SPOOF | Spoof intelligence insight in EOP |
6* | User impersonation (protected users) | CAT:UIMP | Configure anti-phishing policies in Microsoft Defender for Office 365 |
7* | Domain impersonation (protected domains) | CAT:DIMP | Configure anti-phishing policies in Microsoft Defender for Office 365 |
8* | Mailbox intelligence (contact graph) | CAT:GIMP | Configure anti-phishing policies in Microsoft Defender for Office 365 |
9 | Spam | CAT:SPM | Configure anti-spam policies in EOP |
10 | Bulk | CAT:BULK | Configure anti-spam policies in EOP |