Configuring your Microsoft 365 Outbound Gateway for EntrustedMail

Modified on Wed, 17 Feb 2021 at 12:12 AM

In order to begin using the EntrustedMail e-mail encryption services for Office 365, you must configure Office 365 to send outbound e-mail though the EntrustedMail encryption gateway. Once configured, EntrustedMail will inspect each message to determine whether to encrypt the message based on your organizational encryption policies. If you are only licensing e-mail encryption for a subset of your Office 365 accounts, please click here for instructions on how setup a security group.

  1. Point your browser to
  2. Enter your administrator account email address and password. (If you are not an Administrator, you will be redirected to the user hub; since you will need to access the administration features, you will need to contact your Office 365 Administrator)
  3. Click Sign in. The Office 365 console appears.

On the left selection area click on ADMIN, then on Exchange.

O365 Outbound Orig 1

  1. Click on Mail Flow, then click on Connectors.
  1. In the Connectors section, click the + sign to add a new connector. The Mail Flow Scenario dialog box opens.

O365 Outbound Orig 2

  1. Select Office 365 for the From: and Partner organization for the to:. Click Next.

O365 Outbound Orig 3

  1. In the Name field, enter a descriptive name for the outbound connector, this can be anything, we have entered EntrustedMail Gateway in the image above.
  1. In the Description field, enter additional descriptive information about the outbound connector. To enable the connector immediately upon completion check the box Turn it on. Click on Next.

  2. Select the option “Only when email messages are sent to these domains“.

O365 Outbound Orig 4

  1. Then, click on the + sign to add a domain. Next, In the Domains field, type * (wildcard character) to signify that this outbound connector will be applied to all domains to which e-mail is sent. Click Okay, then add * and Click Okay.

O365 Outbound Orig 5

  1. On the Route email messages page select “Route email through these smart hosts“. Then click the + sign to add a new smart host.

O365 Outbound Orig 6

  1. Please refer to your “Welcome Message” for the outbound gateway name that your domain has been assigned. Enter the gateway name in the field and click Save. Then click on Next.

O365 Outbound Orig 7

  1. Ensure “Always use Transport Layer Security (TLS)” and “Any digital certificate, including self-signed certifications” are the only options selected. Click on Next.

O365 Outbound Orig 8

  1. Verify all of the settings are correct on the validation page, then click Next.
  1. You will now need to verify the connector. Click the + sign and add as the test e-mail address.

O365 Outbound Orig 9

  1. Click on Validate. This will attempt a connection from Office 365 to the EntrustedMail Gateway you configured and then send an email to the designated email address. You should see Success on both results.

17.Click on Save

Under Protection select Connection Filter.

Under Protection

19. Edit the default policy.

20. Add the IP ranges for the Inbound Gateway found in your Welcome E-mail, one CIDR range at a time, and press SAVE.

21. Next…….Under Mail Flow select Rules.

22.  Select the plus symbol, and then “modify messages” from the drop down.

O365 Outbound Orig 12

23. Name your rule and choose [Apply to all messages] for the “*Apply this rule if” drop-down.

O365 Outbound Orig 13

24. Then, choose “Set the message header to this value” for the “*Do the following…” drop-down.

O365 Outbound Orig 14

25. Click on the Enter text... link and type X-EMVALTOK as the value, then click on the OK button.

O365 Outbound Orig 15

26. Then, click on the remaining Enter text… link and type in the header token provided in your welcome message.

O365 Outbound Orig 16

27. You can uncheck the box to “Audit this rule with severity level”; verify that the Enforce radio button is selected. Then, click on the save button.

O365 Outbound Orig 17
You have now completed the configuration of the EntrustedMail service on the Office 365 platform. Changes normally take affect in 5 – to 10 minutes. E-mail will continue to use your previous settings until the changes take affect.

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article