Directing a single domain to Entrustedmail in a multi-domain Microsoft 365 account.
Modified on: Mon, 19 Jul, 2021 at 9:03 AM
In order to begin using the EntrustedMail e-mail encryption services for Office 365, you must configure Office 365 to send outbound e-mail though the EntrustedMail encryption gateway. Once configured, EntrustedMail will inspect each message to determine whether to encrypt the message based on your organizational encryption policies. If you are only licensing e-mail encryption for a subset of your Office 365 accounts, please click here for instructions on how setup a security group.
- Point your browser to https://login.microsoftonline.com/.
- Enter your administrator account email address and password. (If you are not an Administrator, you will be redirected to the user hub; since you will need to access the administration features, you will need to contact your Office 365 Administrator)
- Click Sign in. The Office 365 console appears.
On the left selection area click on ADMIN, then on Exchange.
- Select the Classic Exchange admin center
- Click on Mail Flow, then click on Connectors.
- In the Connectors section, click the + sign to add a new connector. The Mail Flow Scenario dialog box opens.
7. Select Office 365 for the From: and Partner organization for the to:. Click Next.
8. In the Name field, enter a descriptive name for the outbound connector, this can be anything, we have entered EntrustedMail Gateway in the image above.
9. In the Description field, enter additional descriptive information about the outbound connector. To enable the connector immediately upon completion check the box Turn it on. Click on Next.
10. Select the option “Only when I have a transport rule set up that redirects messages to this connector“.
- On the Route email messages page, select “Route email through these smart hosts“. Then click the + sign to add a new smart host.
- Please refer to your “Welcome Message” for the outbound gateway name that your domain has been assigned. Enter the gateway name in the field and click Save. Then click on Next.
- Ensure “Always use Transport Layer Security (TLS)” and “Any digital certificate, including self-signed certifications” are the only options selected. Click on Next.
- Verify all the settings are correct on the validation page, then click Next.
- You will now need to verify the connector. Click the + sign and add email@example.com as the test e-mail address.
- Click on Validate. This will attempt a connection from Office 365 to the EntrustedMail Gateway you configured, and then send an email to the designated email address. You should see Success on both results.
- Click on Save
- Next......Under Protection select Connection Filter.
- Edit the default policy.
- Add the IP ranges for the Inbound Gateway found in your Welcome E-mail, one CIDR range at a time, and press SAVE.
- Next…….Under Mail Flow select Rules.
- Select the plus symbol, and then “modify messages” from the drop-down.
- Name your rule. Under the drop down menu for *Apply this rule if..", choose The senders address matches any of these text patterns.
- Add the domain portion of the email address, i.e. domain.com, we are using entrustedmail.com in the example.
- Click on "More options".
- Click on the "Add Condition" button. Select "The recipient.." then select, "is external/internal" next, select "Outside the organization". Click the OK button.
- Under the "*Do the following.." drop down menu, select "Modify the message properties" and "set a message header".
- Then, click “Set the message header "Enter Text"
- Type X-EMVALTOK as the value, then click on the OK button
- Then, click on the remaining Enter text… link and type in the header token provided in your welcome message, then click on the OK button
- Click on the "add action" button.
- Select "Redirect the message to.." "the following connector"
- Select the connector created in Step 7
- You can check or uncheck the box to “Audit this rule with severity level”; verify that the Enforce radio button is selected. Then, click on the save button.
You have now completed the configuration of the EntrustedMail service on the Office 365 platform. Changes normally take effect in 5 – to 10 minutes. E-mail will continue to use your previous settings until the changes take effect.
Did you find it helpful?
Sorry we couldn't be helpful. Help us improve this article with your feedback.