Limiting External Email To SecureTide in Office 365

This article walks through creating a rule and connector in Office 365 that will force all external email through SecureTide. NOTE: THIS SETUP REQUIRES THAT THE DOMAIN'S MX RECORDS ARE POINTED TO SECURETIDE. IF THE DOMAIN'S MX RECORDS ARE POINTED AWAY FROM SECURETIDE IN THE FUTURE THE RULE IN O365 MUST BE DISABLED OR A MAIL LOOP WILL OCCUR.

1. Log into portal.office.com as a Global Administrator then click on Admin Centers > Exchange.

2. In the Exchange Admin Center click on Mail Flow > Connectors.

3. Click the + symbol to create a new connector then in the New Connector window set the From: drop-down to Office 365 and the To: drop-down to Partner Organization then click Next.

4. Enter the name "Redirect to SecureTide" in the *Name: field then enter a description if you would like to do so. The "Turn it on" check-box should automatically be checked but if it's not checked you should check it as well. Once all settings are confirmed click Next.

5. Select the "Only when I have a transport rule set up that redirects messages to this connector" button then click Next.

6. Select the button for "Use the MX record associated with the partner's domain" then click Next.

7. Make sure the check-box for "Always use Transport Layer Security (TLS)" is checked. Next, make sure the button for "Issue by a trusted certificate authority (CA)" is selected then click Next.

8. Verify your settings on the "Confirm your settings" page then click Next.

9. On the "Validate this connector" page click the + symbol.

10. Enter an external email address in the "add email" window then click OK.

11. Click Validate on the "Validate this connector" window.

12. Click Close on the "Validation Result" pop up.

13. Click Save to save the Redirect to SecureTide connector.

14. Click Mail Flow > then click Rules in the Exchange Admin Center.

15. Click the + symbol then select "Create a new rule"

17. Under "Apply this rule if..." select The Sender > Is External/Internal > in the pop up window select Outside the Organization then click OK.

18. Under "Do the following..." select Redirect the Message To > The Following Connector > choose the Redirect to SecureTide connector then click OK.

19. Under "Except if..." click Add Exception then select The sender... > IP Address is in any of these ranges or exactly matches > here you will need to add the following IP ranges then click the + symbol after each one > once all IP ranges are listed click OK. 92.52.89.64/26 + 5.152.184.128/25 + 5.152.185.128/26 + 8.19.118.0/24 + 8.31.233.0/24 + 74.205.4.0/24 + 207.97.230.0/24 + 207.97.242.0/24 + 69.20.58.224/28 + 69.20.68.128/29 + 69.25.26.128/26 + 199.187.164.0/24 + 199.187.165.0/24 + 199.187.166.0/24 + 199.187.167.0/24 + 204.232.250.0/24

20. In the bottom of the new rule window add the comment as shown in the screen-shot below. Please reference the remaining settings in the screen-shot as well to make sure your rule is setup correctly. Once all settings are confirmed click Save.

Congratulations!!! You have successfully created the "Redirect to SecureTide" rule and connector that will make sure all external email is filtered by SecureTide. NOTE: THIS SETUP REQUIRES THAT THE DOMAIN'S MX RECORDS ARE POINTED TO SECURETIDE. IF THE DOMAIN'S MX RECORDS ARE POINTED AWAY FROM SECURETIDE IN THE FUTURE THE RULE IN O365 MUST BE DISABLED OR A MAIL LOOP WILL OCCUR.