I came across this article in Dark Reading: https://www.darkreading.com/cloud/office-365-missed-34000-phishing-emails-last-month/d/d-id/1330282?
As indicated in the post, this is based on the standard Exchange Online Protection (EOP) services offered by Microsoft, not Advanced Threat Protection (ATP).
I currently run two manage much smaller Email systems for two ESPs. I’ve always worried about anti-spam measures, trying to be effective, without too many false positives. I’m able to get to about 92% efficiency, and frankly, I’m surprised to be better at it than Microsoft. I am also better at containing malware than Microsoft is.
I’ve always felt that smaller ESPs had a significant disadvantage when it comes to spam control because there is a much smaller sample size available to them. I truly admire AOL’s spam control efforts, which I think are the best in the business. Here’s my ranking of anti-spam control from the big five Email services:
My takeaway here is that my metrics have been wrong. I’ve been assuming that Email volume was the “constant” to be used for Email performance measurements. In fact, spam is the only constant. I feel vindicated.
I’ve been amazed at the Office 365 migration panacea; people flocking to the service to gain features they’ll never use. Considering the size of Microsoft’s attack footprint, and the increased risk, I wonder how many people will get bitten?
Microsoft seems to be sticking to their fundamental mantra: Mediocrity in all things.