LOG IN to the Office 365 Administration Console.
Select the Admin | Exchange menu item. The Exchange Admin Center is displayed. Once displayed, in the menu on the left-hand side, navigate to Mail flow and then Connectors.
Configuring Microsoft365 with ExchangeDefender
If your Organization hasn't updated their SPF for Office 365:
Step 1: Configuration
Your organization should have a SPF record for the domain(s) registered with Office 365. When implementing ExchangeDefender with Office 365, this record must be updated in the DNS zone for the relevant domain to include the following:
Remove: v=spf1 include:spf.protection.outlook.com –all
Replace with: v=spf1 include:proxy.exchangedefender.com -all
CONFIGURING OUTBOUND SMARTHOST CONNECTOR:
Step 2: Mail Flow
Step 3: Add a connector
Click the ‘+’ button and you’ll be greeted with the following context menu. Once you've selected 'Office 365' and 'Partner Organization' click the 'Next' button.
Step 4: New Connector
ENTER the name of the connector (We suggest using ExchangeDefender).
CLICK check box for “Turn it On”. Click NEXT -
Select the option for 'Only when email messages are sent to these domains' and click the '+' button to add the domains
Step 5: Set the Connector Scope
Put * in the domain name field and hit the 'Ok' button.
Step 6: Route Email
SELECT 'Route email through these smart hosts' and then hit the '+' button.
Step 7: Add a Smart Host
Add a smart host. Add 'outbound.exchangedefender.com' as you see it below.
Once you've entered the smart host hit the 'Save' button. From there you'll be taken to the TLS screen. Keep all options default as shown in the screenshot below.
Step 8: Validate Settings
Validate your configuration by letting O365 send a test email. Enter in any email address of a recipient outside of your organization. Click the + then click VALIDATE.
Microsoft365 and ExchangeDefender Connection Filtering
Microsoft365 (Office 365) can at times, typically during high load or attack on the tenant, randomly block partner organizations from connecting to deliver email. In order to work around this issue, you need to follow the following steps.
Step 9: M365 Security Center
Microsoft 365 security controls have been moved to Microsoft 365 Defender Security Center at https://security.microsoft.com
Upon login you should see a welcome screen with navigation on the left. The following click-through instructions will help you set everything up to securely receive email through ExchangeDefender without M365 interruptions.
Click on Policies & rules.
Step 10: Required Security Policies for M365 & ExchangeDefender
Click on Threat Policies.
Click on Anti-Spam.
Click on Edit connection filter policy.
In the field "Always allow messages from the following IP addresses or address range add the following ranges:
65.99.255.0/24
206.125.40.0/24
Please note (#2) that once you type in the range you must click on the dropdown in the UI. It will convert the text you just typed in to a range and add an X next to it. If your browser / M365 is not doing what you see in this screenshot, please contact Microsoft support.
Finally, click on Turn on safe list and click on Save.
M365 Tenant Anti-phishing and Anti-spam Settings
ExchangeDefender protects you from SPAM and Phishing threats. To avoid M365 falsely identifying messages as fraud, follow these steps to add ExchangeDefender to tenant allow policies:
Manage Anti-Phishing Rules
- Log into your 365 admin center
- Navigate to Security
- Navigate to Policies and Rules
- Select Threat Policies
- Select Anti- phishing
- Edit the active policy
- Select Edit Protection Settings
- Disable Enable spoof protection
Policies & rules
Tenant Allow/Block Lists
Below is the content to paste into the domain pair list
*, 65.99.255.0/24
*, 206.125.40.0/24
*, 206.125.40.0/24
You're all done with Microsoft M365 setup for ExchangeDefender.
Please proceed to deploy your DMARC, as it is required to send and receive email.
