Loading...

Configuring Microsoft365 with ExchangeDefender


If your Organization hasn't updated their SPF for Office 365:


Step 1: Configuration


Your organization should have a SPF record for the domain(s) registered with Office 365. When implementing ExchangeDefender with Office 365, this record must be updated in the DNS zone for the relevant domain to include the following:


Remove: v=spf1 include:SPF.PROTECTION.OUTLOOK.COM –all
Replace with: v=spf1 include:EXCHANGEDEFENDER.COM -all


CONFIGURING OUTBOUND SMARTHOST CONNECTOR:


Step 2: Mail Flow


LOG IN to the Office 365 Administration Console.

Select the Admin | Exchange menu item. The Exchange Admin Center is displayed. Once displayed, in the menu on the left-hand side, CLICK 'mail flow' as shown.


Step 3: Select ‘Connectors’


Click the ‘+’ button and you’ll be greeted with the following context menu. Once you've selected 'Office 365' and 'Partner Organization' click the 'Next' button.


Step 4: New Connector


ENTER the name of the connector (Can be a name of your choosing, we chose Exchange Defender for the purposes of this guide).

CLICK check box for “Turn it On”. Click NEXT -

Select the option for 'Only when email messages are sent to these domains' and click the '+' button to add the domains


Step 5: Set the Connector Scope


Put * in the domain name field and hit the 'Ok' button.


Step 6: Route Email


SELECT 'Route email through these smart hosts' and then hit the '+' button.


Step 7: Add a Smart Host


Add a smart host. Add 'outbound.exchangedefender.com' as you see it below.

Once you've entered the smart host hit the 'Save' button. From there you'll be taken to the TLS screen. Keep all options default as shown in the screenshot below. Click NEXT. Add a smart host. Add 'outbound.exchangedefender.com' as you see it below.


Step 8: Validate Settings


Validate your settings. NEXT , validate that the connector works properly, so hit the '+' button to add a specific email to test it on. Click OK Hit VALIDATE.


Microsoft365 and ExchangeDefender Connection Filtering


Microsoft365 (Office 365) can at times, typically during high load or attack on the tenant, randomly block partner organizations from connecting to deliver email. In order to work around this issue, you need to follow the following steps.


Step 9: M365 Security Center


Microsoft 365 security controls have been moved to Microsoft 365 Defender Security Center at https://security.microsoft.com

Upon login you should see a welcome screen with navigation on the left. The following click-through instructions will help you set everything up to securely receive email through ExchangeDefender without M365 interruptions.

Click on Policies & rules.


Step 10: Required Security Policies for M365 & ExchangeDefender


Click on Threat Policies.


Click on Anti-Spam.

Click on Edit connection filter policy.

In the field "Always allow messages from the following IP addresses or address range add the following ranges:

65.99.255.0/24
206.125.40.0/24

Please note (#2) that once you type in the range you must click on the dropdown in the UI. It will convert the text you just typed in to a range and add an X next to it. If your browser / M365 is not doing what you see in this screenshot, please contact Microsoft support.

Finally, click on Turn on safe list and click on Save.

You're all done with Microsoft M365 setup for ExchangeDefender.

Please proceed to deploy your DMARC, as it is required to send and receive email.

Need assistance?

ExchangeDefender is easy to reach, and we are here to help with your IT: