M365 Changelog: Changes to the way Exchange Online Protection (EOP) moves email to Junk folder

MC248005 – Updated April 29, 2021: Microsoft has updated the rollout timeline below. Thank you for your patience.

Note: This change will only effect Exchange Online Protection (EOP) customers with Exchange online mailboxes. EOP standalone customers with hybrid environments will have no impact.

Today EOP depends on the junk email rule to move spam/phish messages to a user’s Junk folder based on the spam confidence level set by EOP. Going forward EOP will use it’s own mailflow delivery agent to move malicious emails to the Junk folder depending on the policy set by security admins in Antispam policy. EOP will continue to honor the user safe sender/block sender preferences set in outlook just as the junk email rule does today.

Key points:

• Timing: This change will be rolled out starting in mid-May (previously late-April) through mid-June (previously end of May).
• Action: review and assess impact for your organization.

How this will affect your organization

If your organization has users or mailboxes where the Junk email rule is disabled either due to an Exchange admin disabling it using the Set-MailboxJunkEmailConfiguration PowerShell command or a user using a legacy(now removed) outlook web setting to disable junk, EOP will not honor that setting. EOP detected spam or phish emails will still be routed to Junk.

What you need to do to prepare

If you do not want EOP to perform spam filtering for a mailbox, please use the Anti spam policies or Exchange transport rules to manage accordingly.