Step 1 - Onboarding Microsoft 365 [Inline]

This page includes:

About onboarding Microsoft 365 - Inline

You can integrate "Acronis Email Security" with Microsoft 365. This enables "Acronis Email Security" to protect all incoming mail to a Microsoft 365 or Exchange On-Prem installation.

This page describes how to integrate "Acronis Email Security" with Microsoft 365 using the inline method. For details on how to integrate "Acronis Email Security" with Microsoft 365 using the Microsoft API, see Onboarding Microsoft 365 [API]

By default, the Microsoft 365 integrations monitor incoming emails only - not outgoing emails, nor internal emails. [Internal emails are emails that are sent between protected domains in the same organization.]

Note: You can include only a single Microsoft 365 tenant in any "Acronis Email Security" organization. To add multiple Microsoft 365 tenants, create additional organizations in "Acronis Email Security", and then configure the required Microsoft 365 tenants and domains in those organizations.

This page describes Step 1 of the procedure to integrate Microsoft 365 with "Acronis Email Security":

A bit more about the Microsoft 365 - inline integration

Onboarding process

  • Customer onboarding involves adding the domain name and verifying a TXT record in the system.

  • There is a Fortinet script to automatically add and configure the required rules and connectors, and to allowlist the Fortinet IPs.

Email flow overview

  • Inbound emails initially route through the Microsoft servers for initial analysis by EOP (Exchange Online Protection).

  • Leveraging rules and connectors, emails that meet specific criteria are redirected to the Perception Point scanner.

Scanning and response

  • Clean: Emails that are assigned the clean verdict are sent back to the Microsoft 365 servers through the configured next-SMTP for final delivery.

  • Spam: Emails that are assigned the spam verdict are given a "X-PERCEPTION-POINT-SPAM: FAIL" header.

    • In Microsoft 365, the SCL (spam confidence level) is adjusted to 6 via Rule, designating the email as spam.

  • Malicious: Emails that are assigned the malicious verdict do not return to the Microsoft 365 servers.

    • This proactive prevention stops the malicious emails from reaching the recipient's Inbox.

Note: When using the inline integration method, all emails are scanned by Microsoft Defender before being redirected to "Acronis Email Security" for further scanning. In some cases, Microsoft Defender may quarantine the email during its initial scan. As a result, the email won't be redirected to "Acronis Email Security" for scanning, and no scan will be created. Scan details may not appear in "Acronis Email Security".

For additional details, see Quarantined by Microsoft.

Step 1 - Onboarding Microsoft 365

Step 1 adds one or more domains that contain the email addresses that will be protected by "Acronis Email Security".

Step 1 includes Step 1A and Step 1B.

[Note: Both Step 1A and Step 1B are mandatory.]

See the available video.

Step 1A

Perform Step 1A in Microsoft 365 Defender:

Add entries to the Tenant Allow/Block List

  1. In Microsoft 365 Defender, go to this location: https://security.microsoft.com/tenantAllowBlockList?viewid=SpoofItem

  2. Click (+) Add.

  3. Add the "Acronis Email Security" IP addresses for the environment of your organization [see below].

    Important: For each entry that you add, make sure to add "*," before the IP address - to create the required domain pairs. For example:

    *,54.227.64.76

    Note: Select the correct set of IP addresses for the environment of your organization. [Open the drop-down below for details on your environment.]

    1. In "Acronis Email Security", go to Settings > Account.

    2. The Environment of your organization will appear under General > Info: US, EU, or AUS.

     

    For US environments

    For EU environments

    For AUS environments

     

    • 3.81.182.154

    • 3.93.155.149

    • 3.95.118.12

    • 3.95.142.181

    • 54.227.64.76

    • 52.12.169.124 [required only if Muti-region is enabled]

    • 99.81.216.78

    • 34.249.190.60

    • 108.128.137.108

    • 99.80.189.20

    • 52.12.169.124 [required only if Muti-region is enabled]

    • 13.236.255.231

    • 54.66.125.250

    • 52.12.169.124 [required only if Muti-region is enabled]

     

    Select-and-Copy below

    *,3.81.182.154
    *,3.93.155.149
    *,3.95.118.12
    *,3.95.142.181
    *,54.227.64.76

    Select-and-Copy below

    *,99.81.216.78
    *,34.249.190.60
    *,108.128.137.108
    *,99.80.189.20

    Select-and-Copy below

    *,13.236.255.231
    *,54.66.125.250

  4. Make sure that under Action, Allow is selected.

    For more information about the Tenant Allow/Block List, see the official Microsoft documentation .

  5. In Microsoft 365 Defender, go to this location: https://security.microsoft.com/antispam

  6. In the edit Anti-spam inbound policy (Default) window on the right, scroll down and then click Edit actions.

  7. In the Actions window that opens:

    1. under Spam, select "Move message to Junk Email folder"

    2. under High confidence spam, select "Move message to Junk Email folder"

    3. under Phishing, select "Move message to Junk Email folder"

    4. under High confidence phishing, select "Quarantine message"

  8. Scroll down and click Save.

Step 1B

This step of the onboarding process includes enabling the "Acronis Email Security" remediation application [also known as the M365 APP - see step 8 below]. This application enables emails to be removed from a user's Inbox if a malicious scan verdict is assigned - after the email has been delivered. For details on the remediation app, see Remediation App.

Perform Step1B in "Acronis Email Security":

  1. In the navigation panel on the left, select Settings > Bundles and Channels.

  2. Under Enabled Channels, locate Email Service, and then click Email service configuration [] on the right.

    Note: Depending on your version of "Acronis Email Security", you may need to click on the Add Services icon [] on the right side of the "Acronis Email Security" banner.

  3. Click Add New Domain - if this option appears.

    Note: If the pop-up does not appear, make sure that pop-ups are not blocked on your computer.

  4. Select the Organization - if necessary.

  5. Specify the Escalation Contacts. For details, see Escalation contacts.

  6. For Email Service, select Microsoft 365.

  7. For Connection Method, select Inline.

  8. Click ENABLE M365 APP or Next - in the bottom right corner. [This is the remediation app.]

    Important: If the ENABLE M365 APP button is not enabled, make sure that you have specified an escalation contact above.

    1. You'll be redirected to sign-in to your Microsoft account.

      Note: If the Microsoft sign-in pop-up does not appear, make sure that pop-ups are not blocked on your computer.

    2. Sign-in to your Microsoft account as a global admin.

      Important: The account must have admin permissions in the Microsoft 365 tenant.

      You'll see a list of the permissions that are required.

    3. Click Accept.

      The next step in the wizard appears.

  9. On the right of Domains, click Domain Name, and select the domain that will be protected.

    Note: The list of domains shows only the domains that were detected in the Microsoft 365 tenant that is associated with the current "Acronis Email Security" organization - and only those domains that are not already configured to be protected.

    To add domains that are not included in the current Microsoft 365 tenant, create a new organization in "Acronis Email Security", and then configure the required Microsoft 365 tenant and domains in that organization.

  10. Click FIND DESTINATION SERVER to the right of the Destination Mail Server (MX) field.

    This should populate the Destination Mail Server (MX) field. This is the address to which mail will be sent after it has been scanned and marked as being clean.

    Important:

    • The required Destination Mail Server is a server in your domain - as it appears in the MX record.

    • Do not enter a value such as smtp.office365.com or outlook.office365.com

    You can perform the look-up procedure below to check that the Destination Mail Server that appears is correct:

    1. Open https://mxtoolbox.com/

    2. In Domain Name, enter your domain name - and then click MX Lookup.

      Your required SMTP server will appear under Hostname.

  11. [Optional] Click Add Domain - for each additional domain to be protected - and enter the required details [as described in the previous 2 steps].

  12. Licenses: Specify one of the following options:

    1. According to account integration: All users in your Microsoft 365 account will be protected by "Acronis Email Security". The number of users protected each month is used for billing purposes. This option is recommended for better protection.

    2. According to Reported seats: Specify the number of users that will be protected by "Acronis Email Security" on a monthly basis. This number will be used for billing purposes. You'll need to specify the list of protected users - in Step 3 of the email service connection procedure. This setting affects only those bundles that have Email as their leading channel.

  13. Click Next.

    The "Add TXT Records" dialog box opens. This dialog box includes the TXT record names and TXT record values, that you'll need in order to add and verify the TXT records for your domain - in Step 2.

    If multi-region is enabled, there will be details for TXT records in both the primary and secondary regions. For details about the multi-region functionality, see Multi-region.

You must now verify the new domains that you added above. For details, see Step 2- Verifying your domains [Microsoft 365].

See also: