Do not configure the Microsoft 365 sync at the Primary Admin level. See Users & Permissions for information on the different user levels.
The Microsoft 365 sync functionality is designed to simplify onboarding of Microsoft 365 domains into Mail Assure. Mail Assure's New Interface and Dashboard includes access to the configure Microsoft 365 synchronization feature. This tool allows you to connect to your Microsoft 365 Admin center to import Domains and Mailboxes into Mail Assure easily and quickly and keep these in sync to ensure domains and mailboxes are imported in a timely manner.
Please note Microsoft 365 is the new name of Microsoft's Office 365 service. The name for this was officially changed on April 21st 2020 and information on the change can be found here: https://docs.microsoft.com/en-us/deployoffice/name-change
- Accessing the new dashboard and interface
- What is configured during sync
- Add Domains and Mailboxes
- Next Steps
- Editing and Removing Domains and Mailboxes
If Microsoft 365 Sync is enabled, any current LDAP Mailbox Sync configuration will be disabled.
The Microsoft 365 Sync has the following requirements that must be met:
- You must have access to an account with the Microsoft Global Administrator permissions
- Once the domains and mailboxes are added, you must follow the Next Steps to ensure filtering is configured correctly
Using the Microsoft 365 sync allows for secure and easy addition of multiple domains and mailboxes at the same time using your Microsoft 365 credentials.
This functionality also helps to keep usage under control with scheduled automatic synchronization of added and deleted mailboxes.
You can also easily set the timezone, date and time formatting and reporting options for new mailboxes within the Microsoft 365 sync wizard.
The following limitations should be considered before using the Microsoft 365 sync tool:
All domains must be created/synchronized with a one-to-one Microsoft tenant administrator account to Mail Assure admin relationship. The Microsoft 365 sync wizard shows which tenant the admin is connected to
We recommend using a sub-admin for each client, and configuring sync for the client tenant against the client sub-admin. This is covered in the Knowledge Base Article How to configure the Microsoft 365 sync with Mail Assure and multiple tenants.
- Individual regions are not configurable within Microsoft 365 sync. If you wish to set a unique region for each domain, you should add the domain manually, using the regular Add a Domain method
- Once Microsoft 365 sync has been enabled, manual changes to the Domain and domains Mailboxes are restricted. Changes made may be reverted when the Microsoft 365 sync is re-run
In order to use this new feature, you must Access the new Dashboard Interface
For information on using the synchronization tool, see Adding Domains and Mailboxes via Microsoft 365 sync.
When using the Microsoft 365 Sync tool, the following configuration is completed:
- If the domain does not already exist, it is added
- All mailboxes belonging to the domains selected in the Domains page of the Microsoft 365 sync wizard are added to Mail Assure
- The mailbox type is set automatically based on the type in Exchange, ie. distribution list, shared mailbox, regular mailbox
- Any mailbox aliases are added for selected mailboxes
- The selected services (Incoming Protection, Outgoing protection, Archiving) are enabled as per the choices made in the wizard
- If the mailbox already exists, no changes are made to the service selection. If you deselect a previously selected mailbox during sync, all services are removed for the mailbox
- Only accept email to your defined mailboxes is enabled in the Domain level Mailboxes Configuration > Configuration Tab
- Mailbox protection and processing mode is set to Protect specific mailboxes only in the Domain level Mailboxes Configuration > Configuration Tab
- The destination routes are set per domain to the values dictated by Microsoft
- An outgoing authenticating user is created per domain. This is set up to:
- Permit re-authentication
- Allow outgoing mail from any Microsoft 365 IP
- If selected during the feature selection, an Automatic ESR is created for the mailboxes imported using Microsoft 365 sync
- If selected, Archiving is enabled for the domain
- If the "enable SSO" option is selected within the wizard, the mailbox is permitted to use Microsoft 365 authentication to log in to Mail Assure
This requires additional configuration as per Configure OAuth/Single Sign-On (SSO)
- The chosen time zone, date format, and time format are set for each of the selected mailboxes
Once you have completed configuration, and all Domains and Mailboxes are successfully showing in Mail Assure, there are a few further steps that are required in order for Mail Assure to function correctly for the domain.
- In Mail Assure, you need to:
- Check all settings configured during the sync are correct
- Check all Branding and Email Scout Report (ESR) options
- Configure SSO/OAuth with Microsoft 365
- Outside of Mail Assure, there are a few further steps that are required for correct filtering:
- For incoming filtering, update the MX Records
- Create a partner receive connector and disable Microsoft 365's integrated filtering and restrict incoming delivery to Mail Assure
- If using outgoing filtering, configure Microsoft 365 to use Mail Assure as a smart host
- If using archiving, ensure you Configure Journaling in Mail Assure/Exchange