Shield Activation Step 8 - Inbound Connector

Description

Configuring an inbound connector in the Microsoft 365 (M365) tenant domain is required to restrict message delivery from Mailprotector's servers and prevent spammers from using a direct connection to the M365 host address, bypassing Mailprotector scanning.

IMPORTANT: The inbound connector will reject mail flow that does not come via Mailprotector after turning it on.

If you have successfully completed the first 6 steps in the Shield setup, the MX records for your domain already point to Mailprotector, and it is safe to turn on the inbound connector.

Configuration steps for an outbound connector are in the Shield Activation Step 7 - Outbound Connector article.

Applies to:

Microsoft 365, M365, Office 365, O365, Exchange Online, Exchange Online Protection

Configuration Steps

NOTE: The following steps apply to the Exchange Admin Center's new interface. If your interface doesn't match what is shown below, toggle "Try the new Exchange admin center" in the top right corner of the page.

Inbound Connector Configuration

Once you have reached Step 8 in Shield Activation, you are ready to follow the screen prompts to add the Shield Inbound connector.

  1. Open the Microsoft 365 Admin Center and navigate to the Exchange Admin Center, as shown in Figure 1. This link will open a new tab in your browser with the Exchange Admin Center.
    Fig. 1
    fig.1.PNG
  2. Find and click the Connectors link under the Mail flow options, as shown in Figure 2. The link takes you to the connectors for the domain.
    Fig. 2
    fig.2.PNG
  3. Click on Add Connector to add a new connector. A new window will open to select your mail flow scenario. Select Connection from: Partner organization as shown in Figure 3. Then click the Next button to continue.
    Fig. 3
    2023-09-07_14-44-06.png
  4. Enter a name for the connector, for example, Shield Inbound, and add a description if you would like. As shown in Figure 4, make sure Turn it on is selected. Then click the Next button to continue.

    Fig. 4
  5. Specify that you want to use this inbound connector Only when email messages are sent to these domains. Enter a * (asterisk) to match all domains as shown in Figure 5, then click the + (plus icon). Click the Next button to continue.
    Fig. 5

  6. For the Authenticating sent email settings, ensure that By verifying that the sender domain matches one of the following domains is selected. Enter the * (asterisk) to match on all domains as noted in Figure 6 then click the + (plus icon). Click Next to continue.
    Fig. 6
  7. Security restrictions to apply is next. Ensure that Reject email messages if they aren't sent over TLS is checked. Also, check the box for And require that the subject name on the certificate that the partner uses to authenticate with Office 365 matches this domain name, and enter *.shield.security in the field, as shown below in Figure 7. Click Next to continue.

    Fig. 7
  8. The final screen summarizes the steps taken above and should look similar to Figure 8. Click the Create connector button to finish creating the inbound connector then click Done.

    Fig. 8
  9. You will return to the connectors for the domain. Ensure that the Shield Inbound connector's Status is On as shown in Figure 9.

    Fig. 9


    You're ready for step 9!
Have more questions? Submit a request

Comments