Stacking MailGuard with Microsoft Office 365 VA

[Pages:15]MAILGUARD HELP DESK: Stacking MailGuard with Office 365

Stacking MailGuard with Office 365

MailGuard can be easily stacked on top of Office 365 to make the most out of their email hosting functionality, as well as MailGuard's superior email security. If you are using Office 365 Enterprise level (or have Exchange Admin Center EAC) you should be able to customise or create the Inbound and Outbound connectors to receive and route mail via MailGuard's servers.

Please check with your Office 365 Administrator before proceeding to ensure the standard instructions below are appropriate for your instance of Office 365. There may be customisations made to your Office 365 environment which our standard instructions do not accommodate.

Inbound

IMPORTANT: It is important that you consider whether all domains hosted within the Office 365 environment are to be protected by MailGuard in the same account or not. If there are domains which are in your Office 365 tenant, but are not part of your MailGuard account, they will not be fully secured against a direct attack. To ensure that every domain in the Office 365 environment is protected, you will need to add them into the MailGuard account.

Before you proceed with stacking MailGuard and Office 365, please have all domains added to your MailGuard account via your supporting Partner or MailGuard Support.

For inbound configuration, because MailGuard is to be the primary email security provider, you need to configure the MX records for each domain to point to the MailGuard servers, as per the MX configuration requirements in the Domains page in the MailGuard Console.

It is essential when setting up the inbound connection to ensure that the TTL (Time To Live) values for the domain's MX records have fully expired (propagated) to ensure that mail flow from the rest of the Internet is coming through to MailGuard first.

This will need to be done before adding the Inbound Connector (Page 2), as the Inbound Connector will set up Office 365 to only accept email from MailGuard's servers and if the TTL's have not fully run their course, email may still go through to the Office 365 environment and may be rejected.

The second step is to have the destination server (the place where MailGuard delivers clean emails to) point towards the Office 365 MX record. This allows emails to reach MailGuard first for primary filtering, and then MailGuard pass on the clean emails to your Office 365 account.

You will be able to find this in your Office 365 Admin center (go to Admin, click Setup on the left-hand side, then click on Domains. Select your domain and then in the popup screen select Exchange Online. You will need to get the MX record that looks similar to this ? example-com-au.mail.protection.).

1

MAILGUARD HELP DESK: Stacking MailGuard with Office 365 Please check the MailGuard Console (Configuration ? MailGuard ? Domains) to see if the destination server for your domain is correct, alternatively please see your Welcome to MailGuard email to confirm. If unsure please contact the MailGuard Service Desk on 1300 30 65 10 to have this updated to the Office 365 MX record, if this has not been done so already.

To configure the Inbound Connector in the Exchange Admin Center, refer to the following steps: 1. Go to the Exchange Admin Center ? Go to the App Launcher in the top left of the Office 365 Admin Center ? Find the Admin button in the list of Office 365 apps ? Under Admin centers on the left-hand side, find Exchange. 2. Select Mail Flow on the left-hand side and then click on Connectors.

3. Click on the + icon under Connectors to create a new connector.

2

MAILGUARD HELP DESK: Stacking MailGuard with Office 365

4. To create a new Inbound Connector, select Partner organization in the From: drop-down menu. Then select Office 365 in the To: drop-down menu.

5. Give the connector a name and ensure that the Turn it on box is ticked, and then click Next.

6. Select Use the sender's domain to identify the Partner organization, and then click Next.

3

MAILGUARD HELP DESK: Stacking MailGuard with Office 365

7. Click on the + icon to add a domain and enter * to identify as a wildcard to match all sender domains and then click OK. ? It is important to have the wildcard * as this will target all emails coming through to Office 365. a)

b) c)

4

MAILGUARD HELP DESK: Stacking MailGuard with Office 365

8. Select Reject email messages if they aren't sent over TLS Note: MailGuard will always use TLS encryption where it is possible to do so.

a) Tick the box Reject email messages if they aren't sent from within this IP address range to enforce the Access Control List ? this forces all email to be filtered through MailGuard.

b) Click on the + icon under Reject email messages if they aren't sent from within this IP address range and add the MailGuard Relay servers (one at a time) that will connect to the online Exchange to deliver the filtered emails. Please take care when adding the IP addresses, as a single mistake can cause mail flow issues.

List of Relay servers to add:

50.23.246.238/32 50.23.252.166/32 108.168.255.216/32 108.168.255.217/32 203.21.125.32/32 203.21.125.33/32

Once all the Relay servers have been added, click Next.

9. Confirm the Connector settings and if everything is okay, click Save.

? Ensure that the Status for this Connector is set to On, otherwise the rules above will not actually be applied.

5

MAILGUARD HELP DESK: Stacking MailGuard with Office 365

Recommended additional steps

When using MailGuard as your Email Security Provider in front of Office 365, it is recommended to whitelist MailGuard within the Exchange Online Protection (EOP) system within Office 365 to ensure delivery of email from MailGuard to your users. EOP Spam Filtering can be adjusted by setting up a rule under the rules menu in the 'mail flow' section. You may wish to whitelist alerts@bounces..au as the sender email address of the MailGuard Alert Digests which your end users may (if configured) receive from MailGuard. These digest alerts often contain spam content (subjects and domains) which EOP may interpret as junk and file away in the junk folder. Adding the address above as a bypass address will prevent this from happening. Please consult your Office 365 Administrator before making configuration changes to ensure that the guidelines above are appropriate for your instance.

Important: click on the More options... button near the bottom before you start

6

MAILGUARD HELP DESK: Stacking MailGuard with Office 365 ? Create a name for the rule ? i.e. alerts@bounces..au bypass rule.

? Select The sender and then address matches any of these text patterns from the drop-down box under *Apply this rule if, then: o Click on *Enter text patterns o From here you will need to enter alerts@bounces..au into the popup screen, click on the + button to add the email address, and then click OK.

7

MAILGUARD HELP DESK: Stacking MailGuard with Office 365 ? Under *Do the following... in the drop-down box, select Modify the messages properties and then set the spam confidence level (SCL).

? A pop-up will appear asking you to specify SCL. Select Bypass spam filtering and click OK.

8

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download