Office365 does a pretty good job of blocking spam, but I recently had a client get attacked by a bot that started signing up couple users up for newsletters all over the world. Pretty easy to filter out all the English sign-up confirmation emails but all the foreign language ones were coming through.
So if you don’t deal internationally, it’s probably a good idea to block anything non-English and possibly non-USA originating and Office365 makes this pretty easy.
- Go to Exchange Admin -> Protection -> Spam Filter -> Edit
- Add all the countries and languages you don’t want to get email from. Unfortunately there is only this “deny” list and no “allow only” but you can add everything other than English and US. This takes about 30 minutes to go into effect after you set it up.