Tuesday, September 27, 2016

EOP not Moving Messages to Junk Email On-Premises

Exchange Online Protection (EOP) is Microsoft's solution for anti-spam and anti-malware. It is included as part of Office 365/Exchange Online and you can subscribe to it for on-premises Exchange.

When you implement EOP, you configure the MX records for your domain to deliver messages to EOP, and then EOP forwards to your Exchange server. If a message contains mailware or is obvious spam, it is typically blocked and not forwarded to your Exchange server. It can be quarantined in EOP or discarded.

Where is gets a bit tricky is the messages that might or might not be spam. They're spammy, but might be legitimate email. In Office 365, those messages are automatically moved to your Junk Email folder. For spammy messages to be moved to your Junk Email folder in on-premises Exchange, you need to create a couple of transport rules.

EOP adds an X-Forefront-Antispam-Report header to messages after they are evaluated. You need to create transport rules in your on-premises Exchange to read the value in this header and set the SCL (spam confidence level) value for the message. Exchange Server uses the SCL value to determine whether a message is moved to the Junk Email folder.

Microsoft indicates that you should create the following two rules:
New-TransportRule "EOPSpam1" -HeaderContainsMessageHeader "X-Forefront-Antispam-Report" -HeaderContainsWords "SFV:SPM"
-SetSCL 6
New-TransportRule "EOPSpam2" -HeaderContainsMessageHeader "X-Forefront-Antispam-Report" -HeaderContainsWords "SFV:SKS"
-SetSCL 6

Notice that these rules set the SCL value  to 6. Which means that, by default, Exchange Server will mark the messsages as spam and send them to the Junk Email folder.

However, I recently had a client where after configuring these rules, there were obvious spam messages still not going into Junk Email. At some point, this organization had changed the threshold for the SCL value that identifies spam. They had a value of 8.

So, when you implement these rules, you should also verify the SCLJunkThreshold configured for the Exchange organization. You can view the SCLJunkThreshold with the following command:
Get-OrganizationConfig | FL SCL*

If you need to change the SCLJunkThreshold, use the following command:
Set-OrganizationConfig -SCLJunkThreshold 6

Microsoft article about the creating the transport rules for Junk Email processing:
X-ForeFront-Antispam-Report Values:

Monday, September 26, 2016

Updated MCSE Certification for Exchange

I got a surprise email today indicating that I have a new Microsoft certification, the MCSE (Microsoft Certified Systems Expert): Productivity. This is the new MCSE certification that encompasses certification for Office 365, Exchange, Skype for Business, and SharePoint. The existing MCSE: Messaging is being retired March 31, 2017.

The overall MCSE certifications have been reorganized around the technical competencies that Microsoft partners are organized around. So, there are going to be less MCSE certifications with a wider focus:
  • MCSE: Productivity (includes Exchange)
  • MCSE: Cloud Platform and Infrastructure (Windows Server and Azure)
  • MCSE: Mobility (Windows 10 and Intune)
  • MCSE: Data Management and Analytics (SQL Server)
One of the big changes is how the MCSE ongoing certification is managed. The current MCSE: Messaging required recertification every 3 years to retain the MCSE. There was a specific recertification exam or you had the option to complete a series of MVA courses.

In the new MCSE: Productivity, you do not need to re-certify every three years, but you have the option to update your MCSE each year by taking a new elective exam. The desire for the new MCSE is that you are constantly improving you skills by adding to them each year. Effectively, now instead of getting a permanent MCSE, you get an MCSE for the year. And you can continue to get it yearly.

You also get more options for how to maintain your MCSE: Productivity. The base certification for the MCSE: Productivity is the MCSA: Office 365. Then you add a new elective each year. Some of the options are:
  • Designing and Deploying Microsoft Exchange Server 2016
  • Core Solutions of Microsoft Skype for Business 2015
  • Deploying Enterprise Voice with Skype for Business 2015
  • Core Solutions of Microsoft Exchange Server 2013
  • Advanced Solutions of Microsoft Exchange Server 2013
  • Managing Microsoft SharePoint Server 2016
  • Core Solutions of Microsoft SharePoint Server 2013
  • Advanced Solutions of Microsoft SharePoint Server 2013

Microsoft provides a FAQ about the new MCSE certifications here:

Details about the MCSE: Productivity are here:

And a blog posting on Born to Learn explaining the change: