Is 3rd party email sanitization necessary for O365?

When looking at our clients that host email services with Microsoft as part of an Office 365 (O365) subscription, about half rely on our preferred 3rd-party email sanitization solutions from Proofpoint, and half simply trust Microsoft’s native email threat services.  However, there are many considerations that favor the use of 3rd party service.  These include:

  • O365’s threat/SPAM bounce-back doesn’t give as much information on why messages are blocked as Proofpoint does.
  • O365’s SPAM logs are searchable, but take up to 30 minutes to generate the reports, a pain point I’ve experienced first-hand during my time on our services team.  Proofpoint keeps information “live” for faster searches.
  • O365’s reporting doesn’t give as much information as Proofpoint does, which helps with all types of compliance for those in regulated industries.
  • O365’s SPAM analytics is in its own environment.  Proofpoint works with partners, such as PaloAlto, which helps each other detect zero-day threats faster.
  • O365’s archiving is “best effort” where Proofpoint guarantees it for however long the archive is set to.
  • Perhaps most importantly, O365 will occasionally go down.  Proofpoint offers a continuity feature through their Emergency Inbox, allowing users to send and receive critical emails through the Proofpoint portal even with O365 is down.

In summary, for those clients running Office 365 for whom email is a critical service, we encourage the use Proofpoint for email sanitization services.