Description
Shield deployment for Microsoft 365 tenants is quick and easy. However, the pre-flight checklist must be completed for the deployment to be successful. Below are steps to prepare for and complete all steps to onboard your domain to Shield.
Applies to:
Microsoft 365
Prepare for Shield Deployment
Complete the Pre-flight Checklist
Before proceeding, ensure that all items on the Shield Pre-flight Checklist (Not-for-Resale [NFR] domain | all other domains) are performed.
Completing the Pre-flight Checklist is required to ensure a successful and speedy Shield deployment and for Shield to function properly after deployment.
Deploy Shield
Mailprotector Console
If a domain does not exist in the Mailprotector Console, please follow the instructions below for adding an organization from within Shield. Please do not create the domain in the Mailprotector Console in order to deploy Shield.
Activate Shield from the Mailprotector Console or add a new organization from the Shield Portal.
To activate Shield from the Mailprotector Console:
- NFR domain: From the Reseller level, click on the Shield tab then click on Activate Shield.
- All other domains: Go to the Customer of the domain then click on the Shield tab. Click on Open Shield.
If an issue is experienced with deploying Shield via the Mailprotector Console to an existing CloudFilter domain, ensure that there is an active User Sync source for the domain.
Shield
If a domain does exist in the Mailprotector Console, please follow the instructions above for adding an organization from within the Console. This will create a correct link to the domain and customer in the Console. Please do not add an organization from within Shield Ctrl.
To add a new organization from Shield Ctrl, sign in to Shield and ensure you are a Shield Superuser or Administrator for your parent organization. Then click on Organizations and New Organization.
The deployment screen will appear. For a video guide through deployment, please watch below.
Step 1: Connect to Microsoft
Sign in to Microsoft
Use Global Administrator credentials to sign in to the Microsoft 365 tenant you are adding to Shield then Accept permissions for the Shield app.
Step 2: Set Up Domains with Shield
Click Start to begin deploying the domains in the M365 tenant to include in your Shield deployment, or click Skip through those that will not.
Provide DNS credentials for updating SPF and DKIM records:
DNS setup is performed via Entri, which allows for automatic or manual DNS record changes:
- Click Authorize to continue with automatic configuration.
- Click on >> Or forward login to someone else if you need someone else to authorize for you.
- Click on Go to our manual setup if you want to do it yourself or work with a DNS provider that is not available in Entri.
For GoDaddy domains, please follow the manual setup at this time.
Step 3: Configure Mail Flow
Click on Configure mail flow to automatically configure the Inbound and Outbound Connectors, Transport Rules, and Trusted ARC Sealer.
When the Mail Flow setup is complete, click Next for the final step.
Organization Successfully deployed
Shield will stay in passthrough mode until you're ready to activate the organization. Only messages with Dangerous Results will be held by Shield.
See Configuring Risk Levels for more information about Dangerous Results.
If ready, click on Activate users to be brought into Shield Ctrl. The deployment process is now complete.
Ensure that at least one Shield Admin is assigned the Superuser role at the parent (partner) organization. If no Superusers are defined, certain administrative functions will not be available. If you find that your parent organization has no Shield Admins with Superuser access, please contact the Support team to assist you.
If any domains are skipped during Step 2 of onboarding and are later added after the organization is successfully deployed, the routing conditions for Shield Connectors must be manually updated to include those domains.
Related to
Updated