We will split the following instructions into two cases;
The customer is currently in semi-inline and wants to move to inline
The customer is not yet connected, has an M365 (or G-Suite), and wants to connect inline.
Why?
Some clients want to prevent Microsoft behavior where an Email can be quarantined before being sent to the PP scanner; In this case, we can advise him to move to the MX method.
Why not?
Not all clients wish to move their MX record to Perception Point (or any 3rd party vendor). Furthermore, their emails are dependent on Perception Point (or AWS SES) during any downtime.
Architecture:
The customer is currently in semi-inline and wants to move to inline [MX]
This method won’t disable the Microsoft quarantine center. It will be lower by 80% ; however it will not interfere, SPF, DKIM, DMARC on the customer side.
1. Disable (or remove) the connector Perception Point Scanner (from 365 to partner organization).
2. Disable (or remove) the Perception Point Redirect rule. Do not remove or disable the “Disable IP Throttling On Perception Point Connector”.
Disable (or remove) the rule Send Office365 spam emails to junk folder (High)
Disable (or remove the rule Send Office365 spam emails to junk folder (Low)
3. Enable Enhanced Filtering from the Admin (to prevent SPF issues):
https://security.microsoft.com/skiplisting
Choose “Automatically detect and skip the last IP address
4. Change the MX record in the DNS server to appropriate Perception Point record (available in the Docs Center) with a high priority (e.g., 10), the relevant MX record is based on their tenant's environment.
The following method is connecting inline with bypassing Microsoft quarantine center. Please note that SPF, DKIM, DMARC check will not be accurate on the customer side.
Click on "Disable IP Throttling On Perception Point Connector"
Click on "Edit sent email identity"
Copy the IPs under "By verifying that the IP address of the sending server matches one of the following IP addresses, which belong to your partner organization"; we are going to use them next step.
Choose the option "By verifying that the sender domain matches one of the following domains"
Insert "*"
Click "Save"
8. Click "Back"Under "Security restrictions", click Edit restrictions.
Check the option "Reject email messages if they aren't sent from within this IP address range"
Insert the Perception Point IPs (region-based) you copied from point 4.
Click "Save"
NDR will be sent to the sender:
1B. This will prevent attackers to send emails directly to the original MX record of Exchange online (bypassing Perception Point Scanner).
Add bypass spam filtering using transport rule as follows:
Change the MX record in the DNS server to ours with a high priority (e.g., 10), the relevant MX record is based on their tenant's environment.
The customer is not yet connected, has an M365, and wants to connect inline.
Add his domain name as MX on our end.
Add the “Disable IP Throttling On Perception Point Connector” (https://docs.perception-point.io/WP/Content/PP/MS-365-Configuring.htm#Manualconfiguration step #3)
Enable Enhanced Filtering from the Admin (to prevent SPF issues):
https://security.microsoft.com/skiplisting
Choose “Automatically detect and skip the last IP addressAdd the Perception Point Spam Rule (https://docs.perception-point.io/WP/Content/PP/MS-365-Configuring.htm#Manualconfiguration step #7)
Enable the Email application for remediation and accurate billing (Account > Channels > Microsoft 365 > Activate).
Perception Point agent needs to enable the Office 365 integration from the backend before performing point 5
Change the MX record in the DNS server to ours with a high priority (e.g., 10); the relevant MX record is based on their tenant's environment.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article