Configure Inbound mail on Office 365 to reject non-EMS emails
You should configure Office 365 to block any inbound email that does not originate from GravityZone Security for Email product. There are two options available discussed below. The option best suited to you depends on your environment and requirements.
This method will allow the GravityZone Security for Email server IP addresses to deliver emails even if spam filtering is enabled in Office 365. This will ensure emails processed by the GravityZone Security for Email product are delivered without delay and do not land in the junk mailbox folder for Office 365 users.
Note
Your EMS account must have an inbound TLS rule for this option to complete successfully.
Login to Office 365 Exchange Admin Center and go to Admin Centers > Classic Exchange Admin Center.
Go to Protection > Connection Filter.
Edit the Default entry and navigate to the Connection Filtering tab.
In the Allowed IP Address section, add all of the IP addresses for the GravityZone Security for Email region you are using - see Europe, United States.
Click Enable Safe List and then Save.
Note
Office 365 is now configured to block any email that does not originate from EMS.
Using a rule provides more flexibility than just using IP address, for example you could control based on email address or attachment Depending on your requirements or environment this may be the best option, if you have other means to restrict direct connection to your Office 365 tenant other than just IP address.
Log in to the Office 365 Admin Center, and go to Admin Centers > Exchange.
In the left-hand pane, click Mail Flow and then Rules.
Click + and then click Create a new rule.
In the New Rule page, enter a Name to represent the rule. For example,
Email Security IP restriction
.Scroll down and click More options.
From the Apply this rule if drop-down menu, select The Sender, Is External/Internal and Outside the organization.
From the Do the following drop-down menu, select Block the message and Reject the message with the Explanation.
Click Enter text and enter the message that you want to include in the non-delivery report (NDR) that will be sent to the email's sender. For example:
IP restricted, not using MX record. Please ensure your DNS is up-to-date and try sending this message again.
Click Add exception.
Select Sender and then Sender's IP address is in the range or exactly matches, and enter the GravityZone Security for Email IP for your cluster - see Europe, United States.
Click + to add each of the IP addresses for your region.
Once all the IP addresses have been added, click OK.
Scroll to the Properties of the rule section. Under Match sender address in message, select Header or Envelope.
Click Stop processing more rules.
Click Save.
Verify that the new rule displays at the top of the list of mail flow rules. If it's not at the top, select the rule and use the Up arrow to move it.
Note
Office 365 is now configured to block any email that does not originate from EMS.