PowerShell Scripts for Connectors


Mailprotector recommends configuring inbound and outbound connectors to improve the security of mail flow with Microsoft 365 tenant domains. Instructions for implementing the connectors can be found in other articles using the Microsoft 365 Admin Center. However, some partners may prefer to use PowerShell commands. This article provides the commands necessary to configure the connectors.

Applies to:

Microsoft 365 (M365), Office 365 (O365), PowerShell

Implementation Steps

Connect to Microsoft 365 Management Console

From a PowerShell Command Line, you must connect to the Microsoft 365 tenant domain you are configuring. When prompted for a username and password, please use a Microsoft 365 admin credential for the domain.

Set-ExecutionPolicy RemoteSigned -Force
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

Add the Inbound Connector

The Inbound Connector is disabled on creation. You must enable the connector after changing the MX record for the domain. Otherwise, the connector will reject emails that do not pass through Mailprotector.

New-InboundConnector -Name "Inbound from Mailprotector" -RequireTls $true -ConnectorType Partner -SenderDomains * -RestrictDomainsToIPAddresses $true -SenderIpAddresses,,

Add the Outbound Connector (if using Mailprotector as a smarthost)

The Outbound Connector is enabled on creation. It will immediately begin using the Mailprotector smarthost, so be sure you have the domain and users configured in the Mailprotector Console before running this command.

Please change the smarthost address to the appropriate host for the domain you are configuring.

New-OutboundConnector -Name “Outbound to Mailprotector” -Comment “Send all external outbound email through Mailprotector SmartHost” -Enabled $true -RecipientDomains * -SmartHosts yourdomain-com.outbound.emailservice.io -TlsSettings EncryptionOnly -UseMXRecord $false

Add an Allow List to the Default Connection Filter (Optional)

Typically, the inbound and outbound connectors work as expected, and emails are also evaluated by Exchange Online Protection. There is nothing wrong with this mail flow scenario. However, in rare circumstances, email delivered from Mailprotector can end up in the Junk E-mail folder too often. In that event, please contact Mailprotector Support for additional guidance and whether adding this Allow List to the Default Connection Filter would be appropriate.

Set-HostedConnectionFilterPolicy “Default” -IPAllowList,,


Have more questions? Submit a request


  • Avatar
    Paul Nebb

    Love these! Thanks!

  • Avatar
    Mark Glowacz

    Glad you found the commands helpful, Paul.