Email Security: Quick Start for M365
Email Security: Quick Start for Microsoft 365
Follow this guide to successfully deploy Email Security (EMS) for Microsoft 365 (M365).
Preparing The Environment
You will receive a provisioning email outlining the account activation for Email Security. At this point, you can log in to your USS Dashboard and see the EMS product listed alongside your other Cloud USS products.
The below steps will guide you through the configuration needed for EMS to protect your M365 environment.
Inbound
- Adding your M365 email domain(s) and route.
KB Link Here: https://help.clouduss.com/ems-knowledge-base/configure-outbound-email-for-office-365#configuring_inbound_mail
- User Directory - Mailbox Synchronisation.
This step shows you how to set up Entra integration to add email addresses to EMS dynamically.
KB Link Here: https://help.clouduss.com/settings/active-directory#azure_ad_hybrid_azure_ad
- Granting access to synchronise Entra AD shared mailboxes.
This is to ensure that EMS can correctly identify shared mailboxes.
KB Link Here: https://help.clouduss.com/settings/granting-access-to-synchronise-azure-ad-shared-mailboxes
- Configuring DMARC.
To ensure inbound protection against spoofing attacks, DMARC must be configured.
KB Link Here: https://help.clouduss.com/ems-knowledge-base/configure-outbound-dmarc
- Configuration Changes on M365.
To ensure that M365 does not quarantine emails delivered by EMS, the below KB guides you through safelisting EMS's IP ranges within M365. Please ensure you select the correct EMS region.
KB Link Here: https://help.clouduss.com/ems-knowledge-base/configure-outbound-email-for-office-365#configuration_changes_for_office_365
- Configuring MX Change.
Use the link below to determine the required MX Records, SPF Records, Smart Hosts entries, and EMS IP Addresses required for your environment.
KB Link Here: https://help.clouduss.com/ems-knowledge-base/mx-records-and-ip-addresses-for-all-regions
- Configuring Office 365 to reject non-EMS emails.
This ensures that M365 does not accept direct connections outside of EMS.
KB Link Here: https://help.clouduss.com/email-security/configure-inbound-mail-on-office-365-to-reject-non-ems-emails
Outbound
- Setting up DKIM and SPF.
Use the link below to determine the required SPF Records needed for your environment.
KB Link Here: https://help.clouduss.com/ems-knowledge-base/mx-records-and-ip-addresses-for-all-regions
DKIM Setup - https://help.clouduss.com/ems-knowledge-base/configure-outbound-dkim
- Setting up Outbound mail on EMS.
This step ensures that EMS will accept outbound emails from M365.
KB Link Here: https://help.clouduss.com/ems-knowledge-base/configure-outbound-email-for-office-365#configuring_outbound_mail
- Setting up M365 to send Outbound emails to EMS.
Complete the below KB to ensure that M365 sends Outbound emails via EMS.
Recommended Additional Features
Use the link below to determine the required SPF Records needed for your environment.
KB Link Here: https://help.clouduss.com/ems-knowledge-base/mx-records-and-ip-addresses-for-all-regions
Post Delivery Email Deletion (Retract)
Post Delivery Email Deletion is a feature of Email Security that allows an administrator to delete email that has been delivered and stored in a Microsoft 365 / Office 365 mailbox, including any replies or forwards of the message within the domain. This feature is particularly useful to delete and remotely wipe any messages that were accidentally released from quarantine or that contain suspicious or confidential data.
KB Link Here: https://help.clouduss.com/email-security/post-delivery-email-deletion-retract
Outlook Add-in
The below KB shows how to deploy the Email Security Outlook ad-in.
KB Link Here: https://help.clouduss.com/ems-knowledge-base/installing-the-outlook-add-in-ems
User Guide KB: https://help.clouduss.com/email-security/outlook-add-in-v-2
USS Dashboard SSO with M365.
The USS dashboard can use Office 365 (Entra) as a source for authenticating administrators and users.
KB Link Here: https://help.clouduss.com/settings/single-sign-on