If you want extensive email security, you need to purchase a Plan 2 license. Plan 1 and Plan 2 are the two plans for Microsoft Exchange Online Protection. Some customers hesitate to purchase this product because it adds some costs to them, which is necessary for them. It would be helpful for customers if Plan 1 features were included with EOP. However, they still need to purchase Plan 2 for advanced security features.

One of our clients recently requested to compare Zimbra's features with Microsoft Exchange Online Protection. Zimbra is open source, while Microsoft Exchange Online Protection is not. When I compare both the products, many free features are available in Zimbra because it is open-source software.

It makes no sense to request Microsoft Exchange Online Protection add all the features people get on open-source software like Zimbra. Hence, I would say whatever features Microsoft Exchange Online Protection has are enough. Microsoft has a dedicated research team that should research and add new techniques like phishing and spamming solutions to the product.

The solution is expensive.

Performance and speed should continue to be improved. Microsoft is in a state of constant modifications to ensure their engines always perform. They have the budget and longevity to to know what they need to continue doing without outside advice. 

The product needs more granularity.

Some features, like encryption, are not available. 

The stability must be improved. The tool is not 100% stable. That is why we are exploring FortiMail.

We face challenges with reporting features and the lack of a proper dashboard in Microsoft's portal. There's no graphical interface, which other products offer.

The reporting features need improvement. There isn't a proper dashboard provided by Microsoft, forcing us to search for everything manually in the portal without the aid of a graphical user interface, unlike what other products offer.

So, having a proper dashboard would significantly enhance the usability and effectiveness of the service.

The tracking features require us to search in MailFlow, where we input dates and times to find emails, focusing on sender and receiver details. This process highlights the challenge of not having an explorer feature in the basic EOP functionalities, making it difficult to search emails beyond the last ten days.

If a company wants to put in line back-to-back anti-spam solutions, they need to work on that part because Microsoft recommends either you use EOP as a front line or you don't use it. Microsoft Exchange Online Protection needs to work on this shortcoming.

Microsoft needs to redo its pricing regarding Microsoft Exchange Online Protection because every customer who buys Microsoft 365 needs Microsoft Exchange Online Protection.

The solution must improve the user experience. Managers, engineers, and CXOs have different skill sets. Adding different profiles would add to the user experience.

The solution can be complex at times. It would be nice to have the on-server version. It needs to improve the stability as well. 

I want a seamless way of archiving users' emails on Exchange. When a user's emails are archived on the system, we find out their mailbox is large the moment we need to copy those files back. Another issue is with OneDrive, in that if a user has files stored on OneDrive when they exit, the license is removed. As a result, transferring those files to another user is a problem. It should be possible for there to be a central location where each of those files is stored. That way, even after a user leaves and the license is removed, we don't lose access to that information after 90 days.

The solution should protect mailboxes. Most of our users have emails on their mobile, so if a staff member exits from the corporation, we need something that mimics email on the mobile. Some tools delete all of a user's emails and passwords the moment they leave that environment or their employer, but I don't think Microsoft has any such tools. It's important because passwords and sensitive information could pass into the wrong people's hands.

Microsoft should publicize the solution more because it isn't well known. I appreciate the solution because it does a lot of things that I used to do manually. I didn't realize something like this existed. I went to Symantec, Trend Micro, and other providers, but Microsoft had the only solution to my problems. 

I would like to get reports about vulnerable connections from our clients with information about domains, public IPs, etc. That would be highly useful.

Other users wish to see the encryption feature added to the solution in the future.

The solution lacks to elaborate on its spam policies. For improvement, spam policies need to be more elaborate.

I'm pretty happy with Microsoft Exchange Online Protection, so off the top of my head, I can't think of any reason for me to want to change something in the solution.

Having orchestration features added to Microsoft Exchange Online Protection, particularly automation and remediation, would be quite useful.

The solution needs to improve its backup. 

The biggest issue that I experience is that Microsoft keeps moving things around, and it's very inconsistent as to where you find the information when you're trying to work on different pieces. The fact that they keep changing it, keep changing the portals and moving things around, gets to be very frustrating when you're trying to get something configured for customers.

Technical support needs improvement.

The solution is a bit pricey. 

One area that could be improved is handling gray emails, which are emails with attachments or newsletters that are not necessarily malicious, but are coming from different providers and are being received by various customers. Microsoft Exchange Online Protection may not be fully capable of stopping these emails until submitted for investigation over a specific period of time by Microsoft experts. This process needs improvement.

Not all settings can be configured automatically and most still require manual configuration. However, there is an automation tool available that can be used to input all the configurations either as a script or a tool it would be helpful.

Our company faces difficulty with Microsoft Exchange Online Protection (EOP) because it's too big, clunky, and difficult for a small client to implement quickly and easily. Microsoft's competitors work a lot better since their products come out of the box directly, and one needs to turn them on to make them work. Microsoft Exchange Online Protection (EOP) requires a lot of configuration, support, and management. The aforementioned areas can be considered for improvement.

It doesn't protect against everything. We do need protection for, for example, endpoints. 

We'd like Citrix and Linux identity protection. We need security beyond just email so that we can avoid malicious threats.

The security features could be better and more secure in the next release.

We have come across cases pointing out that if one is not registered with DKIM on the solution, certain features don't work. Also, tools don't work if you do not register your SPF. So, the aforementioned areas should be considered for improvement. That's why one needs to configure the tenant perfectly. After that, the features and security tools can be used nicely. Also, If one could have any other email gateway that is not working and acts as a secondary gateway on your tenant, then it would be a helpful update. As I see right now, there is no such feature update on Microsoft 365's roadmap. So, such changes can lower the cost of licenses. The solution can be made cheaper.

Online Protection has an issue in that it doesn't provide an option to stop impersonation. 

It kind of has a heavy footprint — in terms of an implementation footprint. I think the implementation could be more streamlined. The implementation could be more flexible in terms of allowing users to pick and choose where they want to deploy.

Personally, I like to be able to pick and choose what I'm implementing and where I am implementing it in the environment instead of having to install the whole stack.

In the next release, I would like to see them add some features beyond just spam and anti-virus. Maybe some bulk email tools — in terms of being able to send them from within the environment. Send group emails, send information to the administration team; I'd like to see them add some MailChimp kind of functionality or mailing lists. 

Instead of just providing spam and anti-virus filtering, I'd like to see them add more feature functionality. The one thing that I don't like is that it's very much a point product. It just does what it does, very specialized. I think this industry as a whole is going away from point products and heading towards suites — integrated suites that do a number of different things. I think that they would be wise to fold this into a broader overall suite of products.

We have experienced issues while migrating from on-prem to the cloud. The tool needs to improve its stability. 

The security compliance features need to be improved. Sometimes, a client's mailbox becomes full because of retained information and not because of mail.

I would like to see improvement in block rules as well.

The price of Microsoft Exchange Online Protection could be reduced to make it more competitive.

When the product is being updated, it changes some of the setups. The support team is also not good.

We would like the solution to have more in-built intelligence in the way that it reviews potential security risks, rather than our team constantly having to update the policies.

The management interface of Microsoft Exchange Online Protection (EOP) could be intuitive. Additionally, it could be easy to configure and fine-tune the components.

The reporting needs a little bit of improvement. When you compare it to Mimecast features and data porting tools, it's less superior compared to EOP.

Another area of improvement could be pricing. So Exchange Online Protection has a higher price compared to its competitors.

The tool's classification for bulk email is cumbersome. 

The price could be lower.

Microsoft has some training portals, but more could be developed.

Additional documentation could be added.

They should add more information to specify the difference between Defender for Office 365 and Exchange Online Protection. We keep getting queries regarding it. Also, they should integrate the solution with other platforms. We currently face issues while helping customers migrate from another solution to Microsoft Exchange.