Prolateral Consulting Ltd
Prolateral Consulting Ltd
Support
Support
Knowledgebase Articles
Help
Setup examples
Support

Prolateral offers primary and backup domain (DNS) services, with servers in key geographic locations providing the best service possible.

DEPRECATED - Configuring Office365 to allow Profilter to work with Exchange Online Protection (EOP) 2023

Problem:

How to setup Microsoft Office 365 in the Exchange Admin Center & Microsoft Defender 365 to support Profilter for email delivery.

NOTE - This article corresponds to February 2023 Microsoft changes to connectors, but is now deprecated - see below.

Prerequisite:

It is assumed you have already setup your profilter package and then you have configured profilter to deliver good emails (ham, i.e. not spam) to server address given to you by Microsoft.

It will look something like the below:

example-com.mail.protection.outlook.com

You need to be logged in with a Microsoft365 account with global-admin rights for the relevant tenant. (NOTE - the steps below are not currently accessible as a "delegated admin")

Solution:   This article has been deprecated 

 

Note :- This article has been deprecated and replaced with a new article - Configuring Office365 to allow Profilter to work with Exchange Online Protection (EOP) 2024

 

Microsoft's information on best-practice for this configuration can be found at this webpage.

Here is a profilter-specific summary:

Step 1 - Create an 'inbound' connector

  1. Log in to the Office 365 admin center, and go to Admin centers > Exchange

  2. Click on Mail flow > Connectors 

    Micorsoft365 Exchange Admin mailflow connectors menu
  3. Click on + Add a Connector

  4. Under 'Connection from', click the Partner organization radio-button. Then click Next

    Micorsoft365 Exchange Admin New Connector
  5. Enter a name and description for the new connector. Then click Next

    Micorsoft365 Exchange Admin New Connector for profilter (3rd party antispam filter)
  6. Enter a single into the box, and click '+' to add it. Then click Next

    Micorsoft365 Exchange Admin Connector Email Verification
  7. Leave the 'Reject email messages if they aren't send over TLS' ticked. Then click Next

    Micorsoft365 Exchange Admin Connector Security Restrictions
  8. Review the settings to ensure they are as below. Then click Create connector

Step 2 - Ensure that Profilter IP address are added as exceptions

You now need to ensure that Exchange Online Protection understands that email received from Profilter via your new connector are valid emails.

You will need the current Profilter IP addresses which can always been found in the list of profilter IP cluster addresses

  1. As a global-admin Go to Microsoft Defender365 (https://security.microsoft.com)

  2. Navigate to Email & Collaboration > Policies & Rules > Threat policies page > Rules section > Enhanced filtering. (Alternatively you can get there immediately using https://security.microsoft.com/skiplisting )

  3. You should see the connector you configured previously. Click on the name to edit it.

    Micorsoft365 Exchange Admin Policies & Rules for profilter (3rd party mail filter)
  4. In the pane on the right-hand side, select 'Skip these IP addresses...' and enter each IP address from the list of profilter IP cluster addresses. Press ENTER after each one and ensure they are added to the list.

    Micorsoft365 Exchange Admin Connector IP Address restrictions for profilter
    Please see the Knowledge Base Article, Profilter IP Addresses, for the current list of IP addresses.

  5. Click Save

 Step 3 - Create a rule in Exchange to bypass Spam Filtering for messages from Profilter

  1. In the Exchange Admin Centre, in the left pane, click mail flow, and click rules.

  2. Click +Add a rule and click Bypass spam filtering:

    Micorsoft365 Exchange Admin Create a ByPass Spam filter rule for Profilter

  3. In the New transport rule page, enter a Name to represent the rule.

  4. From the Apply this rule if drop-down menu, select The sender

    Microsoft365 exchange admin bypass rule select the sender

  5. In the adjacent Select one drop-down list, select IP address is in any of these ranges or exactly matches

    Microsoft365 exchange admin select ip addresses in this range

  6. In the specify IP address ranges panel, enter the IP address for the Profilter Clusters, clicking Add after each one to ensure they appear in the list.

    Please see the list of the IP addresses for the Profilter Clusters

    Microsoft365 exchange admin specify ip address ranges

  7. Click Save to create save and close the IP address ranges panel.

  8. The Do the following section should already be set to Modify the message properties, Set the spam confidence level to -1  as the Bypass filter was selected.

  9. Click Next to move to the next step - Set rule settings

  10. Change the Severity field to Not audit - you can select something else if you wish to see them in reports.

    Microsoft365 exchange admin set rule settings

  11. Click Next to move to the next step - Review and finish

  12. Click Finish  to complete the process - click Done  when it says the Transport rule has been created successfully.

  13. Once the list of Rules shows, the new rule will be shown as Disabled - click on the Disabled status to edit the rule

    Microsoft365 exchange admin rules enable

  14. The side panel will open - click the switch under Enable or disable rule and the rule will update immediately.

    Microsoft365 exchange admin rules enable panel

  15. Once it indicates it has successfully updated, close the panel with the X.

  16. The rule should now show as Enabled
 

Related Articles

 

like it, love it, then share it. Share this article on social media.

Did you enjoy this article?

Disclaimer

The Origin of this information may be internal or external to Prolateral Consulting Ltd. Prolateral makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Prolateral makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.