New components\features introduced in Office 365\Exchange Online Protection like Advance Threat Protection and Anti-Phisinging capabilities etc.. Introuduction of these features changes the mail flow architecture. We will discuss the updated Office 365 Mail Flow Architecute here.
Below the updated mail flow architecture reference diagram.
Mail Flow Explanation:
Inbound Mail Flow:
When the MX record pointed to Exchange Online Protection, emails sent to that domain will be routed to EOP. Edge Blocking component will do the Connection filtering -> Anti-Virus & Anti-Malware scanning will be done by Malware Protection -> Transport Rules will be applied to the emails -> Advanced Threat Protection Safe Attachment feature will scan the attachments -> Email will be checked for Anti-Phishing -> Anti-Spam will do the SPAM checking -> Spoof Detection will be done -> Zero hour Auto Purge protection will happen -> ATP safe link Url wrapping will happen and then the mail will be delivered to Office 365 mailbox.
Outbound Mail Flow:
If an Office 365 User sends an Email to Internet, the mail will be scanned for malicious contents and the normal emails will be delivered to Outbound Pool and the delivered to Internet recipient. If any bulk email detection and suspicious email will be routed the High Risk Delivery Pool or Bulk Mail Pool and there is no guarantee that email will be delivered to respective recipient.
Below architecture shows the complete details of the Exchange Online Protection mail flow architecture
All the components are self-explanatory, leave your commands for any additional information.