Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2459
Views
2
Helpful
3
Replies

CES/O365: Bypass spam filtering vs. Enhanced Filtering for Connectors

Lyncdead
Level 1
Level 1

‎02-01-2023 10:11 AM

We have a CES deployment with O365/EOL that is in production.  As with any email security solution, CES is not 100% catching all spam or spoofed emails.  We would like to use Defender to catch whatever CES doesn't catch.

The CES setup documentation includes the creation of a transport rule in Exchange to set all incoming emails from CES to SCL -1.  As a result, Exchange Online Protection/Defender trusts all emails even if they are spam/junk/spoofed because of that rule.

In speaking with Microsoft and as per this article below, Microsoft recommends against creating spam bypass rules like the one Cisco has in the implementation documentation and instead use Enhanced Filtering for Connectors

Reference Scenario 1 and step #5 in the link below

Manage mail flow using a third-party cloud service with Exchange Online | Microsoft Learn

I am curious if any others have disabled the transport rule (SCL -1) and enabled the Enhanced Filtering for Connectors. and is Cisco would bless this config.  I can't seem to find it in the CES documentation. 

Thanks in advance.

4 people had this problem
Labels:
3 Replies 3

srigovi2
Cisco Employee
Cisco Employee

‎02-28-2023 07:13 PM - edited ‎02-28-2023 07:14 PM


Hi,


As per Cisco's best practice, we suggest you to bypass spam rules in 0365 and also create a connector in exchange. Please refer the below link for reference.

https://www.cisco.com/c/en/us/support/docs/security/cloud-email-security/214812-configuring-office-365-microsoft-with.html

In your case, if you wish to use both spam filters better do it in the test environment and then apply it to production. Also please check with the cloud ESA TAC team before implementing it in your network.

-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Cisco Secure Email through our live Ask the Experts (ATXs) session.

Check out this ATXs Resources [https://community.cisco.com/t5/security-knowledge-base/cisco-endpoint-security-ask-the-experts-resources/ta-p/4394492] to view the latest schedule for upcoming sessions, 
as well as the useful references, e.g. online guides, FAQs

Thanks,
G.Sinivasan

 

0 Helpful

Rob_E_.
Level 1
Level 1

‎04-07-2023 09:33 AM - edited ‎04-07-2023 10:11 AM

Hi @Lyncdead I was wondering if you have tried this feature (aka skip listing)?  I am facing these same questions myself.

https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/manage-mail-flow-using-third-party-cloud
5. There are two options for this step:
*Use Enhanced Filtering for Connectors (highly recommended)
*Bypass spam filtering: Use a mail flow rule

Enhanced filtering for connectors in Exchange Online | Microsoft Learn

I did open a ticket with TAC on this but couldn't get escalated to an SME or beyond level 1.  As predicted with that level the response was basically; we don't know about it, don't do anything we don't know about.

0 Helpful

Alshuwaier
Level 1
Level 1

‎05-15-2023 01:54 AM

Hello @Lyncdead 

we have the same case here, I wonder if you test this and if it worked because I check with Cisco & office 365 no one gives a direction.

0 Helpful
Customers Also Viewed These Support Documents