Mesh Gateway for Microsoft 365
This guide outlines how to install Mesh Gateway for organizations on Microsoft 365.
Tip: If this is your first time setting up a customer in Mesh (or even if it’s not), it is worthwhile familiarizing yourself with this checklist ⟶ Before You Start Checklist
🕐 Installation Time: 10-15 minutes
Step 1: Create a mail flow for rule for Mesh in Microsoft 365
In order to allow email filtered by Mesh to be delivered safely without any double filtering from Microsoft, you need to create a mail flow rule in Microsoft 365 for our IP ranges.
This video walks you through the process step by step:
https://www.youtube.com/watch?v=qKW7pdLeS-E
Ensure that the IP ranges applicable to your region are used. You can find this here
View our step by step guide on creating a mail flow rule.
Visit Microsoft’s documentation on this here
If you are moving from another Secure Email Gateway, you will likely have an existing connector in place to reject emails that aren't sent from a specific IP range.
You will need to remove this before changing MX records to prevent clean email filtered by Mesh from being rejected.
Step 2: Populating users via Azure Sync
In order to allow users to receive quarantine digests and to be able to create their own allow/block rules, users need to be populated in the users table.
Login as Customer and navigate to Users ⟶ Import & Sync ⟶ Azure Sync
Select "O365 Authorize" to permit Mesh to sync the users from Azure.
View more information on user population and role types.
Note: The Azure sync will automatically run every hour. For any mailboxes synced that do not require an account in Mesh, please select and set to “disable”
Step 3: Import Allow & Block Rules (optional)
You can import a list of safe senders or domains using our CSV template.
Step 4: Update your MX records
Update your MX records with the values applicable to your service region.
MX records are region specific and there should be no other records present.
Important: Please wait at least 15 minutes after creating your account in Mesh before updating your MX records to ensure there is no interruption to delivery while our system updates.
Step 5: Create A Connector In Microsoft 365
In order to prevent threats from bypassing Mesh filtering and ensuring emails from our MTAs can deliver to your mail environment, you should create a Connector for Mesh in Microsoft 365.
We recommend waiting 24 hours before completing this step to allow for DNS propagation.
This video walks you through the process step by step:
https://www.youtube.com/watch?v=W24hmWzPU_U
Ensure that the IP ranges applicable to your region are used. You can find this here.
View our step by step guide on creating a connector.
Step 6: Enable Outbound Email Scanning (optional)
View our step-by-step guide on enabling our outbound email scanning.
If your tenant uses an autoforward in some capacity, please ensure you read the above guide.
You’re all set. Your email is now protected by Mesh Gateway.