EOP / Office 365: Block or Allow IP Address in Connection Filtering

http://msexchangeguru.com/2014/01/21/eop-block-or-allow-ip/

This blog is explaining the steps to block or allow the IP connection in Exchange Online Protection Connection Filtering

 

The Following steps will help in configuring the connection filtering:

Steps:

1. Expand the protection and click on “Connection Filter” then click on pencil sign

   

    

    

2. Now click on Connection Filtering and you will see the below screen to add the allow and block IPs . You can enable Safe Sender which will ensure safe sender domains are not mistakenly marked as spam.

3. Click on the + sign to add an IP or range in allow or block IP address. If you will type wrong IP or subnet then you will get error.

        4. Now configuration will look like the below screen.

      5. Now let us enable safe sender.

 

Microsoft subscribes to various third-party sources of trusted senders. Selecting this check box skips spam filtering on messages sent from these senders, ensuring that they are never mistakenly marked as spam.

 

6. Now Click on save and we done. This will take some time to update the ORG.

 

To test this rule send an email one of the blocked and allowed IP. Blocked IP email should be block and allowed IP email should be delivered.

Note: This might not be working in the trial mode but it should work in the production mode. If this is not working in the production mode then please contact the Microsoft representative if this is not working and you are facing the below error.

“Sorry! We couldn’t update your organization settings. Please try again. Click here for help….”

Click here for help brings the below page:

http://technet.microsoft.com/en-US/library/ms.exch.eac.HydrationError(EXCHG.150).aspx?v=15.0.851.5&l=1&s=BPOS_S_E15_0_Slim

There is no open fix but Microsoft supposed to fix it internally.

The above issue was fixed but Microsoft for my customer.

Let us see some powershell commands

1. Following powershell command can be used to extract the configuration of the Connection Filtering

Get-HostedConnectionFilterPolicy | select | Export-csv C:MYDocsAllowIP.csv

 

2. Following powershell command can be used to allow or block the IP or IP Range.

Set-HostedConnectionFilterPolicy “Default” -IPAllowList 192.168.1.10,192.168.1.23 -IPBlockList 10.10.10.10/24,172.17.17.0/16

Or

Set-HostedConnectionFilterPolicy “Default” –IPAllowList @{Add=”192.168.2.10″,”192.169.3.0/18″,”192.168.4.1-192.168.4.5″;Remove=”192.168.1.10″}

More commands can be reviewed here.

转载于:https://blog.51cto.com/525042/1540415