Hi Team,
In our On-Prem setup we were using cisco IronPort as our email gateway. Recently we purchased licenses for ATP and configured them as per the policy and using it as the spam filter. Now we are receiving spam emails, when we are checking the message header for the spam email it is clearly mentioning that it directly came to exchange server without going through O365. When analyzing the message header for genuine emails it shows that it comes through O365 protection. We have already done the MX, SPF record changes in DNS.
Kindly someone suggest what we can do for this.