Office 365 Configuration
The following article covers the configuration required for Office 365, which is also known as Exchange Online.
There are four steps to this. The receiving connector, connection filter and the outbound connector configuration are mandatory and the journaling configuration is required if you wish to archive internal communications also.
Exchange Administration Steps
Enter the Admin menu from the Office365 portal welcome screen.
Navigate to the Exchange admin screen
Access the Mailflow - Connectors management screen
To access the desired administration screen select:
- 'Mail Flow' followed by
Inbound Connector Setup
Inbound Connector Configuration
Inbound Connector Identification
Inbound Connector IP Addresses
Inbound Connector Security
Inbound Connector Review
Microsoft Security does not recognise the receive connector configuration and acts independently. Therefore it is necessary to add the Mailsphere IP addresses into the connection filter to ensure that these processed correctly.
Connection filter policy
Edit the default connection filter policy and select connection filtering.
Connection filter - add the Mailsphere IP addresses
Outbound Connector Setup
Outbound Connector Configuration
Outbound Connector Rules
Outbound Connector Delivery
Outbound Connector Security
Outbound Connector Review
Outbound Connector Validation (REQUIRED)
It's important that the connector is successfully validated. There are some idiosyncrasies with this function in Office 365.
- If the connector is not validated, then it will not be used - even if you activate it.
- If the connector is not activated then it will not be validated.
- The UI for this function does not warn you about either of these but they can trip you up if you are not aware.
It is necessary to add a temporary email address into the Mailsphere account. This follows the below format:
Ensure that you replace DEFAULTDOMAIN.COM with the default domain in your Office 365 account configuration.
Follow this link to add the temporary email address: https://portal.mailsphere.co.uk/users
Once you have added the temporary email address, add an external email address in the Office 365 UI to validate with an active connector the validation test will succeed.
Journal NDR Recipient
Microsoft requires a recipient for Journal Non Delivery Reports to be configured. This cannot be a normal email account in the organisation as it disables journaling from taking place for that account. So that Mailsphere customers are not affected by the cost of an additional Office 365 license we have provided a dedicated account for this setup:
This will need to be added as an external contact and then it can be set up as the recipient of Journal NDR's.
Click the + to add a new external contact. Complete the required fields and save. You can now return to the Journal editor to complete the Journal NDR setup.
Journal Internal Email
Add a new journal rule using the + sign.
Send journal reports to:
Set the rule name to:
- Select "Apply to all message" from the first drop down list.
- Select "Internal messages only" from the second drop down list.
You may now save the new journal rule and all internal email will be archived in Mailsphere.
You may be warned that no NDR recipient is set up. If you wish to set up an NDR recipient please follow the Microsoft guidelines