Anti-spam and Anti-malware settings are moving to the Security and Compliance Center

The Security and Compliance Center (aka the Protection Center) is slowly, but steadily becoming the ultimate stop to service all your security, hygiene, privacy and compliance needs in Office 365. With the latest set of updates, the Anti-spam and Anti-malware settings have appeared, so let’s take a quick look at them.

To start with, open the Security and Compliance Center, either by navigating to the Office 365 Admin portal and clicking the corresponding link on the bottom or directly via Once there, expand the Security Policies node on the left navigation pane and select Anti-spam. You will be greeted by the following screen:

SCC settings

You can go about the settings in two ways: either use the configuration recommended by Microsoft or create a custom one. Let’s start with the later one, which will also be the active selection if you have made any changes to the policies in the EAC. Clicking the Custom tab will list all the policies in one place, including the default Spam filter policy and any custom created ones, as well as the Outbound spam filter and the Connection filter. Here’s how it would look like:

SCC settings

In my case, I have one additional Spam filter policy, named “Test DG”. As you can notice from the above screenshot, this is the only policy I can turn on or off, all the others are enabled by default and cannot be toggled. The Add a policy button on top allows you to create additional Spam filter policies as needed. The options you have are the same as with the EAC interface, so I won’t go over them, they’re simply rearranged to fit in the popup pane on the right.

Editing any existing policy, including the default ones, can be done by expanding the relevant entry (click the down arrow on the left of the policy name), then pressing the Edit policy button. Again, the settings are exactly the same one would find in the EAC, so no point going over them. The only noteworthy difference is the addition of the “Phishing email” action, in addition to the low/high confidence Spam action and Bulk email action. There’s also a small bug with some of the text fields. Namely, when editing a Spam filter policy, if you select an action such as “Add X-header” or “Prepend subject line with this text”, the relevant text controls will remain grayed out, making it impossible to configure such action. This UI glitch is already fixed and should be gone in a matter of few days, until its deployed to all servers.

Now, if you want to follow Microsoft’s recommendations, go with the Standard tab instead. This is what you will see:

SCC settings

Note that you cannot edit the settings here, even the Edit buttons next to the allow or block lists are inactive. This looks like another UI glitch, but in general, should you want to make any changes to the defaults, the Custom tab is the way to go.

The Anti-Malware tab is still in the process of being integrated in the SCC UI, so clicking it will simply load the relevant control from the EAC. The exact same settings will be visible, so we can skip this part as well.

Lastly, the Quarantine section has also appeared in the SCC. You can find it under Search & Investigation or access it directly via Similarly to its EAC counterpart, you will be presented with a list of all quarantined messages, with the options to Refresh the list, Release a message or do an Advanced search. In my case the list is empty, as I don’t use the Quarantine, but in general you would be able to double-click a message to display its properties. A new element is the Filters control, allowing you to switch between viewing Spam, Bulk, Phish or All Quarantined messages.

SCC settings

So there you have it, all the Hygiene related settings have made it to the SCC. There’s still some work to be done in terms of UI integration, but the general intention is to move everything here and ditch the remaining controls from the EAC. In time, some new settings will also appear, but more on that later on.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.