Configuring your Office 365 Outbound Gateway for EntrustedMail
In order to begin using the EntrustedMail e-mail encryption services for Office 365, you must configure Office 365 to send outbound e-mail though the EntrustedMail encryption gateway. Once configured, EntrustedMail will inspect each message to determine whether to encrypt the message based on your organizational encryption policies. If you are only licensing e-mail encryption for a subset of your Office 365 accounts, please click here for instructions on how setup a security group.
- Point your browser to https://login.microsoftonline.com/.
- Enter your administrator account email address and password. (If you are not an Administrator, you will be redirected to the user hub; since you will need to access the administration features, you will need to contact your Office 365 Administrator)
- Click Sign in. The Office 365 console appears.
On the left selection area click on ADMIN, then on Exchange.
- Click on Mail Flow, then click on Connectors.
- In the Connectors section, click the + sign to add a new connector. The Mail Flow Scenario dialog box opens.
- Select Office 365 for the From: and Partner organization for the to:. Click Next.
- In the Name field, enter a descriptive name for the outbound connector, this can be anything, we have entered EntrustedMail Gateway in the image above.
- In the Description field, enter additional descriptive information about the outbound connector. To enable the connector immediately upon completion check the box Turn it on. Click on Next.
- Select the option “Only when email messages are sent to these domains“.
- Then, click on the + sign to add a domain. Next, In the Domains field, type * (wildcard character) to signify that this outbound connector will be applied to all domains to which e-mail is sent. Click Okay, then add *.entrustedmail.com and Click Okay.
- On the Route email messages page select “Route email through these smart hosts“. Then click the + sign to add a new smart host.
- Please refer to your “Welcome Message” for the outbound gateway name that your domain has been assigned. Enter the gateway name in the field and click Save. Then click on Next.
- Ensure “Always use Transport Layer Security (TLS)” and “Any digital certificate, including self-signed certifications” are the only options selected. Click on Next.
- Verify all of the settings are correct on the validation page, then click Next.
- You will now need to verify the connector. Click the + sign and add email@example.com as the test e-mail address.
- Click on Validate. This will attempt a connection from Office 365 to the EntrustedMail Gateway you configured and then send an email to the designated email address. You should see Success on both results.
- Click on Save.
- Under Protection select Connection Filter.
19. Edit the default policy.
20. Add the IP ranges for the Inbound Gateway found in your Welcome E-mail, one CIDR range at a time, and press SAVE.
21. Next…….Under Mail Flow select Rules.
22. Select the plus symbol, and then “modify messages” from the drop down.
23. Name your rule and choose [Apply to all messages] for the “*Apply this rule if” drop-down.
24. Then, choose “Set the message header to this value” for the “*Do the following…” drop-down.
25. Click on the Enter text... link and type X-EMVALTOK as the value, then click on the OK button.
26. Then, click on the remaining Enter text… link and type in the header token provided in your welcome message.
27. You can uncheck the box to “Audit this rule with severity level”; verify that the Enforce radio button is selected. Then, click on the save button.
You have now completed the configuration of the EntrustedMail service on the Office 365 platform. Changes normally take affect in 5 – to 10 minutes. E-mail will continue to use your previous settings until the changes take affect.