Deploy and configure Microsoft Office 365 with Area 1 as MX Record
In this tutorial, you will learn how to configure Microsoft Office 365 with Area 1 as MX record. This tutorial is broken down into several steps.
1. Add Area 1 IP addresses to Allow List
Select Connection filter policy (Default) to edit the policy, and then select Edit connection filter policy.
Enable-OrganizationCustomization (if required)
The following steps are only required if you have not previously customized your Office 365 instance. If you received the message to run this cmdlet in the previous step, you will need to execute it in order to proceed with the configuration.
- Run PowerShell as administrator, and execute the following command. Reply
PS C:\Windows\system32> Install-Module ExchangeOnlineManagement
Run the following commands to execute the policy change and connect to the Office 365 instance:PS C:\Windows\system32> set-executionpolicy remotesigned
Confirm that you want to execute the policy change, and then run the following command:PS C:\Windows\system32> Import-Module ExchangeOnlineManagement
Finally, run the following to authenticate against your Office 365 instance:PS C:\Windows\system32> Connect-ExchangeOnline
Connect-ExchangeOnlinecmdlet will prompt you to login. Log in using an Office 365 administrator account. Once authenticated, you will be returned to the PowerShell prompt.
You can verify that the
OrganizationCustomizationis enabled by running the command:
PS C:\Windows\system32> Get-OrganizationConfig | FL isDehydrated
If the result is
OrganizationCustomization is already enabled and no further actions are required. If it is true, you need to enable it:
PS C:\> Enable-OrganizationCustomization
3. Enhanced Filtering configuration
This option will allow Office 365 to properly identify the original connecting IP before the message was received by Area 1. This helps with SPF analysis. This has two steps:
- Creating an inbound connector.
- Enabling the enhanced filtering configuration of the connector.
Create an inbound connector
From the Microsoft Exchange admin center, select mail flow > connectors.
+icon to configure a new connector. In the Select your mail flow scenario panel dialog box that opens:
- In the From dropdown: select Partner organization.
- In the To dropdown: select Office 365.
- Select Next to continue the configuration.
Provide a Name and a Description for the new connector. Leave the Turn it on checkbox enabled. Select Next.
Select Use the sender’s IP address in the How do you want to identify the partner organization? configuration panel. Select Next.
Keep the Reject email messages if they aren’t sent over TLS checkbox enabled. Select Next.
Review the connector configuration and select Save.
Enable enhanced filtering
In Enhanced Filtering for Connectors, you will find the connector that was previously configured. Double click the connector to edit its configuration parameters.
Select Automatically detect and skip the last IP address and Apply to entire organization.
4. Configure Area 1 Quarantine Policies
Select the disposition that you want to quarantine
Quarantining messages is a per domain configuration. To modify which domains will have their message quarantines, access the domain configuration:
Go to Settings (the gear icon) > Domains.
Locate the domain you want to edit.
...icon > Edit.
Select the additional dispositions you want to quarantine.
Manage the Admin Quarantine
Go to Email > Admin Quarantine.
Locate the message you want to manage, and select the
...icon next to it. Thill will let you preview, download, or release the quarantined message.
Optional - Quarantine messages using Microsoft Hosted Quarantine
As previously noted, malicious and spam detections are automatically quarantined in Area 1’s quarantine (this behavior cannot be modified). However, for the suspicious and spoof dispositions, you may prefer to apply a different behavior, where these messages can be quarantined into the Microsoft Hosted Quarantine or sent to the user’s junk folder.
For this alternate behavior, you will need to configure a transport rule in Office 365:
Go to the Exchange administrator console > mail flow > rules.
Select the + button > Create a new rule.
In the new dialog box, select More options to open the advanced version of the rule creator. Set the following conditions and actions:
Quarantine Area 1 Suspicious Messages
- Configure the first condition, select A message header > Includes any of these words:
- Enter text:
- Enter words:
- Enter text:
Select the add condition button to add a second condition.
In the Do the following section, select Redirect the message to > hosted quarantine..
- Select Save to save the new rule.
5. Update your domain MX records
Instructions to update your MX records will depend on the DNS provider you are using. You will need to update and replace your existing MX record with the Area 1 hosts:
When configuring the Area 1 MX records, it is important to configure both hosts with the same MX priority. This will allow mail flows to load balance between the hosts.
Once the MX records have been updated, the DNS updates may take up to 36 hours to fully propagate around the Internet. Some of the faster DNS providers will start to update records within minutes. DNS changes will reach the major DNS servers in about an hour.