Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Onboarding Microsoft 365 [Inline]

            Modified on Sat, 7 Sep at 4:10 PM

            Step 1 - Onboarding Microsoft 365 [Inline]

             

            About onboarding Microsoft 365 - Inline

            You can integrate Perception Point X-Ray with Microsoft 365. This enables Perception Point X-Ray to protect all incoming mail from Microsoft 365. 

            This page describes how to integrate Perception Point X-Ray with Microsoft 365 using the inline method. For details on how to integrate Perception Point X-Ray with Microsoft 365 using the Microsoft API, see "Onboarding Microsoft 365 [API]" on page 166

            • For a comparison between the Microsoft API and Inline connection methods, see "Comparing the Inline and API connection methods" on page 165.

            By default, the Microsoft 365 integrations monitor incoming emails only - not outgoing emails. 

            • [Outbound monitoring can be configured for Microsoft 365 - see "Onboarding Microsoft 365 - Outbound" on page 217]
            • By default, internal email is not monitored. To add monitoring for internal email, contact Perception Point Support [support@perception-point.io]. There may be additional licensing requirements for enabling internal scanning.

            This page describes Step 1 of the procedure to integrate Microsoft 365 with Perception Point:


            A bit more about the Microsoft 365 - inline integration

            Onboarding process

            • Customer onboarding involves adding the domain name and verifying a TXT record in the system.
            • There is a Perception Point script to automatically add and configure the required rules and connectors, and to allowlist the Perception Point IPs.

            Email flow overview

            • Inbound emails initially route through the Microsoft servers for initial analysis by EOP (Exchange Online Protection).
            • Leveraging rules and connectors, emails that meet specific criteria are redirected to the Perception Point scanner.

            Scanning and response

            • Clean: Emails that are assigned the clean verdict are sent back to the Microsoft 365 servers through the configured next-SMTP for final delivery.
            • Spam: Emails that are assigned the spamverdict are given a "X-PERCEPTION-POINT-SPAM: FAIL" header.
              • In Microsoft 365, the SCL (spam confidence level) is adjusted to 6 via Rule, designating the email as spam.
            • Malicious: Emails that are assigned the maliciousverdict do not return to the Microsoft 365 servers.
              • This proactive prevention stops the malicious emails from reaching the recipient's Inbox.

            Note: When using the inline integration method, all emails are scanned by Microsoft Defender before being redirected to Perception Point X-Ray for further scanning. In some cases, Microsoft Defender may quarantine the email during its initial scan. As a result, the email won't be redirected to Perception Point X-Ray for scanning - no scan will be created, and no scan details will appear in Perception Point X-Ray.



            Flow chart diagram 

            Step 1 - Onboarding Microsoft 365

            Step 1 adds one or more domains that contain the email addresses that will be protected by Perception Point X-Ray.

            Step 1 includes Step 1A and Step 1B.

            See the available video.



            Step 1A

            Perform Step 1A in Microsoft 365 Defender: 

            Add entries to the Tenant Allow/Block List

            1. In Microsoft 365 Defender, go to this location: https://security.microsoft.com/tenantAllowBlockList?viewid=SpoofItem 
            2. Click (+) Add.

            1. Add the Perception Point X-Ray IP addresses for the environment of your organization [see below].

             

            Important: For each entry that you add, make sure to add "*," before the IP address - to create the required domain pairs.

             

            Note: Select the correct set of IP addresses for the environment of your organization. [Open the drop-down below for details on your environment.]

            What is the environment of your organization 

            1. In Perception Point X-Ray, go to Account > Preferences.
            2. The Environment of your organization will appear under General > Info: US, EU, or AU.

             

            For US environments

            For EU environments

            For AU environments

            • 3.81.182.154
            • 3.93.155.149
            • 3.95.118.12
            • 3.95.142.181
            • 54.227.64.76
            • 52.12.169.124 [required only if muti-region is enabled]
            • 99.81.216.78
            • 34.249.190.60
            • 108.128.137.108
            • 99.80.189.20
            • 52.12.169.124 [required only if muti-region is enabled]
            • 13.236.255.231
            • 54.66.125.250
            • 52.12.169.124 [required only if muti-region is enabled]

             

            1. Make sure that under Action, Allow is selected.

            For more information about the Tenant Allow/Block List, see the official Microsoft documentation .

            1. In Microsoft 365 Defender, go to this location: https://security.microsoft.com/antispam 
            2. In the edit Anti-spam inbound policy (Default) window on the right, scroll down and then click Edit actions.
            3. In the Actionswindow that opens:
              1. under Spam, select "Move message to Junk Email folder"
              2. under High confidence spam, select "Move message to Junk Email folder"
              3. under Phishing, select "Move message to Junk Email folder"
              4. under High confidence phishing, select "Quarantine message"
            4. Scroll down and click Save.



            Step 1B

             This step of the onboarding process includes enabling the Perception Point X-Ray remediation application [also known as the M365 APP - see step 7 below]. This application enables emails to be removed from a user's Inbox if a malicious scan verdict is assigned - after the email has been delivered. For details on the remediation app, 

            Perform Step1B in Perception Point X-Ray: 

            1. On the right of the Perception Point X-Ray banner, click the Add Services [] icon.
            2. Click Add New Domain - if this option appears. 

             

            Note: If the pop-up does not appear, make sure that pop-ups are not blocked on your computer.

             

            1. Select the Organization - if necessary.
            2. Specify the Escalation Contacts
            3. For Email Service, select  Microsoft 365.
            4. For Connection Method, select Inline.
            5. Click ENABLE M365 APP - in the bottom right corner. [This is the remediation app.]

             

            Important: If the ENABLE M365 APP button is not enabled, make sure that you have specified an escalation contact above.

             

            1. You'll be redirected to sign-in to your Microsoft account.

             

            Note: If the pop-up does not appear, make sure that pop-ups are not blocked on your computer.

             

            1. Sign-in to your Microsoft account as a global admin.
               You'll see a list of the permissions that are required.

            1. Click Accept.

            The next step in the wizard appears.

            1. In the Host box, enter the name of the new domain - for example, acme.com 
            2. Click FIND SMTP to the right of the domain name. 

            This should populate the SMTP Servers field. This is the address to which mail will be sent after it has been scanned and marked as being clean.

             

            The required SMTP server is a server in your domain - as it appears in the MX record.

            Important: Do not enter a value such as smtp.office365.com or outlook.office365.com or smtp.gmail.com

            Checking your SMTP server manually 

            You can perform the lookup procedure below to check that the SMTP server that appears is correct:

            A screenshot of a computer Description automatically generated

            1. In Domain Name, enter your domain name - and then click MX Lookup.

            Your required SMTP server will appear under Hostname.

            A screenshot of a computer Description automatically generated

             

            1. [Optional] Click Add Domain - if more than 1 domain is required - and enter the required details.

            Licenses: By default, Perception Point X-Ray will protect all email users in the domains that you specified above. To protect only a limited number of users, contact Perception Point Support [support@perception-point.io].

            1. Click Next.

            The "Add TXT Records" dialog box opens. This dialog box includes the TXT record names and TXT record values, that you'll need in order to add and verify the TXT records for your domain - in Step 2.

            A close up of a logo Description automatically generated

            If multi-region is enabled, there will be details for TXT records in both the primary and secondary regions. For details about the multi-region functionality, 


             Step 2- Verifying your domains [Microsoft 365]

            You can integrate Perception Point with Microsoft 365. This enables Perception Point to protect all incoming mail from Microsoft 365. 

            This page describes Step 2 of the procedure to integrate Microsoft 365 with Perception Point:

            Step 2 - Verifying your domains

            You need one or more verified domains for each email service that you integrate with Perception Point. After you add a domain [as part of the email service connection process], you need to verify the domain. Verifying a domain includes:

            •  Adding a TXT record to your domain provider
            • Verifying the TXT record

            Adding a TXT record

             

            Note: 

            • For each TXT record that you add, you will need the TXT record name and the TXT record value.
            • If multi-region functionality is enabled, you will need to add TXT records for both the primary region and the secondary region. [see "Multi-region" on page 56]
            • After adding a TXT record to your domain provider, don't remove the TXT record as long as you are connected to Perception Point X-Ray - as the TXT record allows Perception Point X-Ray to constantly authenticate with the DNS supplier.

             

            To add a TXT record:

            1. Open Perception Point X-Ray.
            2. In the left navigation menu, select Account > Email Domains.
            3. Locate and then open the required domain.
            4. Click Copy [] to copy the "TXT record name" to the clipboard.
            5. Go to your domain provider and add the TXT record name, using the value that you copied to the clipboard.
            6. Click Copy [] to copy the "TXT record value" to the clipboard.
            7. Go to your domain provider and add the TXT record value, using the value that you copied to the clipboard.

             

            Note

            Other AWS products may use this method of domain verification. This is OK, as it is acceptable to have more than one _amazonses.domain record, as long as the record values are different.

             

            Verifying the new TXT record

             

            Note

            When you add a TXT record to your domain provider, it may take up to 72 hours for your domain provider to apply and replicate the change. Inform Perception Point Support [support@perception-point.io] if the domain is not verified after a few hours.

             

            To verify a new TXT record:

            1. Open Perception Point X-Ray.
            2. In the left navigation menu, select Account > Email Domains.
            3. Locate and then open the required domain.
            4. Locate "TXT record verification". It should have the "Pending" status.
            5. Click Verify on the right of "TXT record verification".

            The status should change from Pending to Verified.

            A screenshot of a computer Description automatically generated

             

            Note: If multi-region functionality is enabled, you'll need to verify TXT records for both the primary region and the secondary region. [see "Multi-region" on page 56]

             

            Troubleshooting domain verification

            When you add a TXT record to your domain provider, it may take up to 72 hours for the domain provider to apply and replicate the change. If your domain verification status is still Pending after 72 hours - and can't be verified, 


             Step 3 - Configuring Microsoft 365 [Inline]

            You can integrate Perception Point with Microsoft 365. This enables Perception Point to protect all incoming mail. 

            This page describes Step 3 of the procedure to integrate Microsoft 365 with Perception Point:

            A step 2 verify domain Description automatically generated



            About configuring Microsoft 365

            To enable your Microsoft 365 integration with Perception Point, some configurations must be made in your Microsoft 365 account. You can perform these configurations either:

            •  automatically - using the script that is available at the end of the onboarding wizard

            - or - 

            • manually - as described below



            Automatic configuration

            You can use the automatic script to perform the required Microsoft 365 account configurations. This is the recommended way to perform these configurations.

            • For details on how to perform a manual configuration, see "Manual configuration" on page 195 below.

             

            Note: 

            • Before you run the automatic script, make sure that your required domains are verified, as described in "Step 2- Verifying your domains [Microsoft 365]" on page 187.

            If the multi-region functionality is enabled, make sure that your required domains are verified for both the pr

            imary region and the secondary region. [see "Multi-region" on page 56]

            • Even though the script is largely automatic, while the script runs, you may be required to perform some actions, as described in the procedure below.
            • If you want to protect only a few specified users or groups [and not all the users in your domains], you can perform the required configurations automatically - and then you must modify the redirect rule that was created by the script. For details about modifying the rule, see "Modifying the list of users to protect [Microsoft 365 - Inline]" on page 211. Contact Perception Point Support [support@perception-point.io] for assistance - if required.
            • The automatic script performs the required multi-region configurations when the multi-region functionality is enabled. [see "Multi-region" on page 56]

             

            To perform the required configurations automatically:

            1. On the right of the Perception Point X-Ray banner, click the Add Services [] icon. The "Add and Configure Services" wizard opens.

            Note: If your domain is verified, and the "Add and Configure Services" wizard doesn't appear, refresh the page.

            1. Click Complete configuration for existing services, locate and click your domain, and then click Next. The Complete your configuration dialog box opens.



            Note: If you don't see the Complete configuration for existing services option, click Refresh in your browser.

            1. Under Automatic Script, click Run Script.

            The script will begin to run, and soon the Granting Access dialog box will appear.

            1. Granting Access: 
              1. Click the Copy icon [] to copy the code that appears.
              2. Click the link that appears below: 2. Paste the code in the link below. The Enter Code pop-up opens.

             

            Note: If the pop-up does not appear, make sure that pop-ups are not blocked on your computer.

             

            1. Paste the code into the Code field, and click Next.
            2. In the Pick an account dialog box that appears, click your Microsoft account. 

             

            Note: You must be a global administrator in that account.

             

            A "confirmation required" dialog box opens.

            1. Click Continue. A "confirmation" dialog box opens.

            1. Close the pop-up that contains the above message.

            The automatic script will continue processing and setting the required configurations - in the background. This process will take about 10 minutes to complete. You can continue with other work on your computer while the script runs.

            1. Click Enable configuration to close the "Authentication completed successfully" dialog box.

            What's next

            • Perception Point will send you an email to let you know when the configuration is complete. The email will indicate if the configuration was successful or not.

             

            Important: 

            • The email will be sent to the email address of the user that is signed-in to Perception Point X-Ray.
            • The email should take about 10 minutes to arrive.
            • Your organization will be protected by Perception Point X-Ray only if the email indicates that the configuration was successfully performed.

             

            • If the email indicates that the script did not complete the configuration successfully, see "Microsoft 365 Integration: Troubleshooting automatic onboarding" on page 212.



            Manual configuration

            Perform the procedures below to manually configure the Microsoft 365 integration with Perception Point X-Ray.

            • For details on how to perform an automatic configuration using a script, see "Automatic configuration" on page 190 above.

             

            Note: The procedures below may differ slightly depending on the versions of the applications that you are using.

             

            1. Add the Perception Point IP addresses to the safe list 

            1. Open the Microsoft 365 admin center.
            2. Click Security > Policies & rules > Threat policies > Anti-spam policies > Connection filter policy (Default) > Edit connection filter policy

            [Click here: https://security.microsoft.com/antispam]

            1. Add the IP addresses below to the Always allow messages from the following IP addresses or address range list. 

            Note: Select the correct set of IP addresses for the environment of your organization. 

            What is the environment of your organization 

            1. In Perception Point X-Ray, go to Account > Preferences.
            2. The Environment of your organization will appear under General > Info: US, EU, or AU.

             

            For US environments

            For EU environments

            For AU environments

            • 3.81.182.154
            • 3.93.155.149
            • 3.95.118.12
            • 3.95.142.181
            • 54.227.64.76
            • 52.12.169.124 [required only if muti-region is enabled]
            • 99.81.216.78
            • 34.249.190.60
            • 108.128.137.108
            • 99.80.189.20
            • 52.12.169.124 [required only if muti-region is enabled]
            • 13.236.255.231
            • 54.66.125.250
            • 52.12.169.124 [required only if muti-region is enabled]

             

            1. Select Turn on safe list.
            2.  Click Save.



            2. Create an outbound connector - from Microsoft 365 to Perception Point 

            This connector directs the email from your Microsoft 365 tenant to Perception Point.

            1. Open the Microsoft Exchange admin center, and then click Mail flow > Connectors > Add a connector.
              [Click here: https://admin.exchange.microsoft.com/#/connectors]
              • Connection from: Office 365

            • Connection to: Partner organization
            1. Click Next.
            2. Enter Name: Perception Point Scanning

            1. Make sure that What do you want to do after connector is saved? > Turn it on is selected. 

            1. Click Next.
            2. Select Only when I have a transport rule set up that redirects messages to this connector.

            1. Click Next
            2. Select Route emails through these smart hosts and add one of the following Amazon SES FQDNs, depending on the environment in which your organization is located: [Open the drop-down below for details on your environment.]

            What is the environment of your organization 

            1. In Perception Point X-Ray, go to Account > Preferences.
            2. The Environment of your organization will appear under General > Info: US, EU, or AU.

             

             

            Multi-region enabled

            Multi-region not enabled

            For US environments:

            us.mx-pp.com

            inbound-smtp.us-east-1.amazonaws.com

            For EU environments:

            eu.mx-pp.com

            inbound-smtp.eu-west-1.amazonaws.com

            For AU environments:

            australia.mx-pp.com

            inbound-smtp.eu-west-1.amazonaws.com

             

            1. Click Next.
            2. Keep the default TLS settings.

            Note that Perception Point X-Ray supports TLS 1.2

            1. Click Next.
            2. In the validation screen, use [and then validate] the following email address:

            noreply@perception-point.io

            1. Click Next, and then click Create connector.



            3. Create an inbound connector - from Perception Point to Microsoft 365 

            This connector directs the email from Perception Point back to your Microsoft 365 tenant.

            1. Open the Microsoft Exchange admin center and then click Mail flow > Connectors > Add a connector.
              [Click here: https://admin.exchange.microsoft.com/#/connectors]
              • Connection from: Partner organization

            • Connection to: Office 365
            1. Click Next.
            2. Enter: Name: Disable IP Throttling on Perception Point Connector

            1. Make sure that What do you want to do after connector is saved? > Turn it on is selected.
            2. Click Next.
            3. Select the second option: By verifying that the IP address of the sending server matches one of the following IP addresses, which belong to your partner organization, and add one set of IP addresses below, depending on the environment in which your organization is located: [Open the drop-down below for details on your environment.]

            What is the environment of your organization 

            1. In Perception Point X-Ray, go to Account > Preferences.
            2. The Environment of your organization will appear under General > Info: US, EU, or AU.

             

            For US environments

            For EU environments

            For AU environments

            • 3.81.182.154
            • 3.93.155.149
            • 3.95.118.12
            • 3.95.142.181
            • 54.227.64.76
            • 52.12.169.124 [required only if muti-region is enabled]
            • 99.81.216.78
            • 34.249.190.60
            • 108.128.137.108
            • 99.80.189.20
            • 52.12.169.124 [required only if muti-region is enabled]
            • 13.236.255.231
            • 54.66.125.250
            • 52.12.169.124 [required only if muti-region is enabled]

             

            1. Click Next.
            2. Leave the default TLS settings.

            Note that Perception Point X-Ray supports TLS 1.2

            1. Click Next.
            2. Click Create connector.



            4. Create a routing rule 

             

            Note: The procedure below differs slightly depending on whether you are implementing the scanning to protect:

            • entire domains
            • a group or groups of users
            • just a few specified users

             

            1. In the Exchange admin center, click Mail flow > Rules > Add a rule > Create new rule.
              [Click here: https://admin.exchange.microsoft.com/#/transportrules]
            2. Under Name, enter Perception Point Redirect Rule.

            1. Specifying which users to protect [Microsoft 365 - Inline]

            Note: After onboarding the Microsoft 365 integration, you can change the set of users that are protected by modifying the rule, as described below.

            Under Apply this rule if, select one of the following options:

            [This defines the users that will be protected by Perception Point.]

             

            To protect...

            Instructions

            an entire domain

            "The recipient" > domain is. Add only domains that have verified TXT records.

            a group or groups of users

            "The recipient" > "is a member of this group" > "Select a group from the list" > and then click OK.

            Note: This option refers to Microsoft 365 groups. Each group must have an associated email address.

            only a single specified user

            "The recipient" > "is this person" > "Select a user from the list" > and then click OK.

             

            1. Click "+" to add a condition.
            2. Select The sender > is external/internal.
            3. In the "select recipient location" box that appears, select Outside the organization - and then click Save.

            1. Under Do the following, select Redirect the message to > the following connector > and then select the Perception Point Scanning connector that you created above.

            1. Click "+" to add another condition. 
            2. Select Modify the message properties > set a message header
              • Message header: X-PERCEPTION-POINT-CUSTOM
              •  Value: <Any value>, for example: acme2023

            You'll need to enter this value later on in this procedure [in Step 10].

            1. Under Except if, select The message headers... > includes any of these words
              • Message header: X-PERCEPTION-POINT-CUSTOM
              •  message header includes: <The value that you entered in Step 9 above>

            1. Click "+" to add an exception. 
            2. Select The sender> IP address is in any of these ranges or exactly matches, and enter one set of IP addresses below, depending on where your domain is located:

            What is the environment of your organization 

            1. In Perception Point X-Ray, go to Account > Preferences.
            2. The Environment of your organization will appear under General > Info: US, EU, or AU.

             

            For US environments

            For EU environments

            For AU environments

            • 3.81.182.154
            • 3.93.155.149
            • 3.95.118.12
            • 3.95.142.181
            • 54.227.64.76
            • 52.12.169.124 [required only if muti-region is enabled]
            • 99.81.216.78
            • 34.249.190.60
            • 108.128.137.108
            • 99.80.189.20
            • 52.12.169.124 [required only if muti-region is enabled]
            • 13.236.255.231
            • 54.66.125.250
            • 52.12.169.124 [required only if muti-region is enabled]

             

            1. Click "+" to add an exception. 
            2.  Select The message > size is greater than or equal to, and then add a size limit of 40000KB.
            3. Click Next.
            4. Under Set rule settings, select "Stop processing more rules".

            1. Under Match sender address in message, select Header.

            1. Click Next.
            2. Change the priority to 0 (highest priority).

            If you have existing block using IP rules, set the priority of this rule higher than Perception Point, and then select "Stop processing more rules"

            1. Save the changes.
            2. Review the rule and click Finish.
            3. Select and then enable the rule.



            5. Create a rule for high spam confidence 

            1. In the Exchange admin center click Mail flow > Rules > Add a rule > Create a new rule.
              [Click here: https://admin.exchange.microsoft.com/#/transportrules]
            2. Under Name, enter Send Office 365 spam emails to Junk folder (High).

            1. Under Apply this rule if:
              1. Select The message headers... >  matches these text patterns
                1. Click Enter text, and then enter X-PP-Forefront-Antispam-Report
                2. Select Enter text patterns, and then enter SCL:9, SCL:8, SCL:7

            1. Under Do the following, select Modify the Message Properties > Set the spam confidence level (SCL) to, and then enter 9.

            1. Click Next.
            2. Click Finish.



            6. Create a rule for low spam confidence 

            1. In the Exchange admin center, click Mail flow > Rules > Add a rule > Create a new rule.
              [Click here: https://admin.exchange.microsoft.com/#/transportrules]
            2. Under Name, enter Send Office 365 spam emails to Junk folder (Low).

            1. Under Apply this rule if:
              1. Select The message headers... >  matches these text patterns
                1. Click Enter text, and then enter X-PP-Forefront-Antispam-Report
                2. Click Enter text patterns, and then enter SCL:6, SCL:5

            1. Under Do the following, select Modify the message properties > set the spam confidence level (SCL) to, and then enter 6.

            1. Click Next.
            2. Click Finish.

            7. Create a spam rule for spam emails 

            1. In the Exchange admin center, click Mail flow > Rules >Add a rule > Create a new rule.
              [Click here: https://admin.exchange.microsoft.com/#/transportrules]
            2. Under Name, enter Perception Point Spam Rule.

            1. Under Apply this rule if:
              1. Select The message headers... >  matches these text patterns
                1. Click Enter text, and then enter X-PERCEPTION-POINT-SPAM
                2. Click Enter text patterns, and then enter FAIL

            1. Under Do the following, select Modify the message properties > set the spam confidence level (SCL) to, and then enter 6.

            1. Click Next.
            2. Click Finish.

            The spam will now be sent to the user’s Junk folder.



            8. Enable the remediation app 

            This step enables the Perception Point remediation app. For details on the remediation app, see "Remediation App" on page 729.

            1. In Perception Point X-Ray, in the left navigation menu, select Account > Channels.
            2. Under Enabled Channels, locate Email Service > Microsoft 365, and then click Activate.

            A new browser tab will open, enabling you to sign-in to Microsoft 365.

            1. Use the credentials of a global admin to sign in, review the required permissions, and then approve them.

            Email from Microsoft 365 is now scanned and protected by Perception Point X-Ray.


            References:

            https://docs.perception-point.io/WP/Content/PP/MS-365-Onboarding.htm

            Acronis: https://docs.perception-point.io/acronis/Content/PP/MS-365-Onboarding.htm

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0