This brief post highlights the differences in feature availability depending on how your MX records are configured—specifically, whether they point directly to Exchange Online Protection (EOP), which is the recommended setup, or if you’re routing mail through a third-party email filtering solution before Microsoft Defender for Office 365 (MDO).
While this overview is intentionally concise, it’s important to note that email security involves a broader strategy rooted in a defense-in-depth approach. We recently explored this topic in more detail during a Ninja Show session hosted by Heike Ritter. Additionally, I’ll be presenting on this subject at the European Collaboration Summit 2025.
Following the conference, I plan to publish a more comprehensive blog post that will delve into configuration specifics and best practices. In the meantime, this post provides a high-level summary and includes useful resources to help you explore the topic further.
Figure 1: Enabled MDO features with MX point to EOP/MDO
Figure 2: Enabled MDO features with MX points to 3rd Party