Configure Office 365 for EMS

Updated 4 months ago by admin

To successfully add Office 365 customers, you will need to perform three steps:

  1. Configure Cloud USS for the Office 365 accounts.
  2. Configure Inbound mail on Office 365 to reject non-EMS emails.
  3. Configure Outbound mail on Office 365 to send email via the EMS servers.

Configure Cloud USS for the Office 365 accounts

Configuring Inbound Mail

  1. Visit your USS Dashboard and click ProductsE-mail SecurityProduct ConfigurationInbound Mail.
  2. Click to add a new delivery route.
  3. In the Domain field, enter the domain name of the host you want to redirect. For example, tonyfrankum.co.uk.
  4. In the Route field, enter the outlook routing host for this domain name. For example, tonyfrankum-co-uk.mail.protection.outlook.com.

Configuring Outbound Mail

  1. Visit your USS Dashboard and click ProductsE-mail SecurityProduct ConfigurationOutbound Mail.
  2. Add a new sending host, by entering the string spf://spf.protection.outlook.com and clicking .

Configure Inbound mail on Office 365 to reject non-EMS emails

You should configure Office 365 to block any inbound email that does not originate from CloudUSS EMS.

  1. Log in to your Office 365 Admin Center, and navigate to Admin CentersExchange.
  2. In the left-hand pane, click Mail FlowRules.
  3. Click + and then click Create a new rule.
  4. In the New Rule page, enter a Name to represent the rule. For example, CloudUSS EMS IP restriction.
  5. Scroll down and click More options.
  6. From the Apply this rule if drop-down menu, select The SenderIs External/InternalOutside the organization.
  7. From the Do the following drop-down menu, select Block the messageReject the message with the Explanation.
  8. Click Enter text and enter the message that you want to include in the non-delivery report (NDR) that will be sent to the email's sender. For example:
IP restricted, not using MX record. Please ensure your DNS is up-to-date and try sending this message again.
  1. Click Add exception.
  2. Select SenderSender's IP address is in the range or exactly matches, and enter the Cloud USS IP for your cluster - either US or EU.
  3. Click + to add the IP entries.
  4. Once all the IP addresses have been added, click OK.
  5. Click Add exception.
  6. Select The message properties Include the message type.
  7. Select Automatic reply.
  8. Scroll to the Properties of this rule section. Under Match sender address in message, select Envelope.
  9. Click Stop processing more rules.
  10. Click Save.
  11. Verify that the new rule displays at the top of the list of mail flow rules. If it's not at the top, select the rule and use the Up arrow to move it.

Office 365 is now configured to block any email that does not originate from EMS.

Configure Outbound mail on Office 365 to send email via the EMS servers

You should configure Office 365 to always send mail using the EMS servers.

  1. Log in to your Office 365 Admin Center, and navigate to Admin CentersExchange.
  2. In the left-hand pane, click Mail FlowConnectors.
  3. Click + to add a new connector.
  4. In the To: field, select Partner Organization.
  5. In the From: field, select Office 365.
  6. Give the new connector a sensible name.
  7. Click Next.
  8. Under When do you want to use this connector? select Only when email messages are sent to these domains.
  9. Click Next.
  10. Under How do you want to route email messages, select Route email through these smart hosts.
  11. Add hosts according to the correct addresses for your cluster - either US or EU.
  1. Click Next and then click Confirm to create the connector.
If you wish to verify the connector, be sure not to use an internal address. For example, use a personal email address which is not a domain configured for your customer.
If the validation fails check the settings below before contacting technical support.
1. The connector is enabled
2. The default domain is the domain configured in EMS domain settings (MailFlow -> Accepted Domains)


How did we do?