This page includes:
About integrating Microsoft 365 email services
You can integrate FortiMail Workspace Security with Microsoft 365. This enables FortiMail Workspace Security to protect incoming mail into a Microsoft 365 installation. [This refers to Microsoft Exchange Online]
When you integrate FortiMail Workspace Security with Microsoft 365, you can select either of the following integration methods:
|
Inline |
Emails are scanned [and can be blocked if they are found to be malicious] before they are delivered to the end-user inbox. Requires adding a TXT record to the DNS and then running an automated onboarding script. Includes a more complex onboarding process. For details, see Step 1 - Onboarding Microsoft 365 [Inline] |
|
Microsoft API |
Emails are scanned in parallel with the delivery of the email. The email first arrives in the end-user inbox, and only after scanning, is the email removed if it is found to be malicious. End users may therefore see malicious emails in their inboxes for a few seconds before the email is deleted. Doesn't require a TXT record. Includes a simple onboarding process. For details, see Onboarding Microsoft 365 [API] |
Flow chart diagram 
|
Note:
|
Comparing the Inline and API integration methods
The table below should help you to choose the better integration method for your scenario - Inline or API...
|
|
Inline |
API scanning |
|---|---|---|
|
1 |
Operates in prevention mode: Scans and blocks malicious emails pre-delivery |
Operates in detection and remediation mode: Scans emails in parallel with the delivery of the emails |
|
2 |
More complex onboarding procedure - typically requiring addition of a domain, verifying a TXT record, and running an automation script |
Simpler and quicker onboarding procedure - typically requiring just 3 mouse-clicks |
|
3 |
Requires adding a TXT record to the DNS |
Adding a TXT record is not required |
|
5 |
Adds an extra hop to the email |
Scans in parallel and therefore doesn't add a hop |
|
6 |
End users won’t see any emails with malicious scan verdicts in their Inboxes |
End users may see malicious emails in their Inboxes for a few seconds - before the scan is completed and the email is quarantined |
|
7 |
Supports hybrid environments [Exchange Online and Exchange On-Prem] |
Supports only Microsoft 365 environments [Exchange Online] |
|
8 |
Supports billing for full protection of a Microsoft 365 account - not partial protection | Supports billing for full or partial protection of a Microsoft 365 account |
|
9 |
Allows remediation |
Allows remediation |
|
10 |
Supports scanning of inbound, internal*, and outbound* email * Performed using the API scanning method |
Supports scanning of inbound, internal, and outbound email |
|
|
For details, see Step 1 - Onboarding Microsoft 365 [Inline] |
For details, see Onboarding Microsoft 365 [API] |
[Inline vs API]
Maximum email sizes for scanning
Microsoft 365 Inline integrations
FortiMail Workspace Security scans email messages up to a maximum size of 40 MB [including attachments]. Larger email messages are not scanned by FortiMail Workspace Security, and will be delivered to the specified recipients.
|
Note:
|
Microsoft 365 API integrations
FortiMail Workspace Security scans email messages up to a maximum size of 500 MB [including attachments].
Other Microsoft 365 integration options
-
If you have integrated FortiMail Workspace Security with Microsoft 365, you can enable the additional FortiMail Workspace Security-Microsoft 365 ATO [account take over] functionality. This functionality monitors your Microsoft 365 accounts to detect if any of them have possibly been taken over. For details, see Configuring Microsoft 365 - ATO detection.
See also:
