To set your outbound Exchange Online (Office 365) e-mail to go through Heimdal™ Email Security and be scanned, you will need to set up a connector and a mail rule to redirect all outbound emails to Heimdal™ Email Security.
IMPORTANT
Your SPF, DMARC, or DKIM records must be set up on your DNS before creating the connector. To do so, edit your SPF Records to include the Email Security SPF Records:
- include:spf-esec.heimdalsecurity.com (for customers stored in the Europe region);
- include:spf-esec-us.heimdalsecurity.com (for customers stored in the United States region);
- include:spf-esec-uk.heimdalsecurity.com (for customers stored in the United Kingdom region).
Example:v=spf1 include:spf.protection.outlook.com include:spf-esec.heimdalsecurity.com -all
Make sure you don't remove any 3rd Party SPF Records that are already set up on your SPF Records. After adding the Email Security SPF Records, do an SPF Record Lookup to make sure the SPF Records are validating correctly (you can use mxtoolbox.com or any other online tool to check).
1. Creating the connector
2. Creating the rule
CREATING THE CONNECTOR
1. Log in to your Exchange Admin Center. From here, navigate to Mail flow -> Connectors.
2. Create a new connector with the following settings:
3. Give it a name and a description.
4. Set the use of the connector to Only when I have a transport rule set up that redirects messages to this connector.
5. Select Route email through these smart hosts and add the following the following smarthost:
- eu-esec-outbound.heimdalsecurity.com with ports 25, 587, 2525 (for customers stored in the Europe region);
- us-esec-outbound.heimdalsecurity.com with ports 25, 587, 2525 (for customers stored in the United States region);
- uk-esec-outbound.heimdalsecurity.com with ports 25, 587, 2525 (for customers stored in the United Kingdom region).
6. Select Always use Transport Layer Security (TLS) to secure the connection (recommended) with the Issued by a trusted certificate authority (CA).
7. On validating this connector page you should choose an external valid email address where it will test and check if emails can be sent through Heimdal™ Email Security with success. Once the validation is complete go ahead and save your settings.
IMPORTANT
If validation fails due to an authentication error on the smarthost, make sure the domain you are setting up is configured to be the Default domain in the Microsoft 365 admin center (under Settings -> Domains).
CREATING THE RULE
1. Navigate to Mail flow -> Rules and press Add a rule that will route all messages through our newly created connector.
2. Set the rule conditions by giving it a name and by selecting the following rules:
Apply this rule if: The sender is external/internal (The sender is located InOrganization).
Do the following: Redirect the message to the following connector (route the message using the following connector (Heimdal - Email Security - Outbound flow).
In case of meeting invitations sent to Microsoft 365 Rooms (locations), make sure you add an exception in this rule to circumvent sending emails through the Heimdal Email Security Outbound connector if the recipient's email address is the Microsoft 365 Room's email address. This can be set up by selecting The recipient is the room mailbox.
3. Leave the Rule settings just like that.
4. Review and Finish.
After completing these steps all outbound emails from your organization should flow through Email Security.