Safelisting Email Security IP addresses in Office 365

Updated 3 months ago by admin

If you are using USS Email Security and delivering clean email to Office 365, it is essential to bypass Exchange Online Protection (EOP) to ensure smooth delivery of email. Failure to add the bypass rules will allow Office 365 to interfere with email delivery, causing unexpected results and behaviour for end users.

Even with the EOP bypass rules in place Office 365 will still provide anti-malware scanning

Create a rule to bypass any spam protection

  1. Log in to Office 365 and navigate to Admin then Exchange Admin Center
  2. Select Rules under the Mailflow section. Click the + icon and select Create a new rule...
  3. Enter a name for the new rule, for example, "Spam exclusion for USS Email Security"
  4. Select More Options
  5. From the Apply this rule if... drop down menu, expand The sender... menu option and select IP address is in any of these ranges or exactly matches. In the dialog that opens, enter in each of the IP addresses based on the Email Security region in use.
    For EU customers: https://help.clouduss.com/ems-knowledge-base/mx-records-and-ip-addresses-for-eu-customers
    For non-EU customers: https://help.clouduss.com/ems-knowledge-base/mx-records-and-ip-addresses-for-non-eu-customers
  1. From the Do the following... drop down menu, expand the Modify the message properties... menu option and select set the spam confidence level (SCL) option to Bypass spam filtering.
  1. The final rule should look similar to the example below:
  1. Click Save to save the rule

Amend rule to bypass Clutter evaluation

Clutter is a feature that moves low-priority emails out of user's inbox to a folder called Clutter. Clutter analyzes user's email habits, and based on past behavior, it determines the messages that the user most likely to ignore. To make sure that emails are always delivered to the user's inbox, you must bypass the Clutter.  To do this amend the above rule and add the following entries.

  1. Select Add Action and then expand Modify the message properties... and select set a message header.
  2. Click the first Enter text link and paste the following exactly as it appears (case sensitive): X-MS-Exchange-Organization-BypassClutter
  3. Click the second Enter text link and paste the following exactly as it appears (case sensitive): true
  4. The rule should now look similar to the example below
  1. Click Save to save the changes

Add Mail Flow rule to bypass Focused Inbox evaluation

Focused Inbox is a feature that automatically evaluates incoming emails and direct them to two views: "Focused" and "Others". To make sure the email messages are always delivered to the user's "Focused" inbox, you must bypass the evaluation.  To do this, create a new rule:

  1. Click the + icon and then select Create a new rule...
  2. Give the rule a name, such as "Bypass Focused Inbox evaluation"
  3. Click on More Options
  4. From the Apply this rule if... drop down menu, expand The sender... menu option and select IP address is in any of these ranges or exactly matches. In the dialog that opens, enter in each of the IP addresses based on the Email Security region in use.
    For EU customers: https://help.clouduss.com/ems-knowledge-base/mx-records-and-ip-addresses-for-eu-customers
    For non-EU customers: https://help.clouduss.com/ems-knowledge-base/mx-records-and-ip-addresses-for-non-eu-customers
  5. From the Do the following... drop down menu, expand the Modify the message properties... menu and select set a message header.
  6. Click the first Enter text link and paste the following exactly as it appears (case sensitive): X-MS-Exchange-Organization-BypassFocusedInbox
  7. Click the second Enter text link and paste the following exactly as it appears (case sensitive): true
  8. The rule should now look similar to the example below
  1. Click Save to save the changes

You should ensure that the Focused Inbox rule has a higher priority than the rule to bypass Office 365 spam protection

How did we do?