Step 3 - Configuring Microsoft 365 [Inline]

You can integrate Perception Point with Microsoft 365. This enables Perception Point to protect all incoming mail.

This page describes Step 3 of the procedure to integrate Microsoft 365 with Perception Point:

This page includes:

About configuring Microsoft 365

To enable your Microsoft 365 integration with Perception Point, some configurations must be made in your Microsoft 365 account. You can perform these configurations either:

  • automatically - using the script that is available at the end of the onboarding wizard

    - or -

  • manually - as described below

Automatic configuration

See the available video.

You can use the automatic script to perform the required Microsoft 365 account configurations. This is the recommended way to perform these configurations.

Note:

  • Before you run the automatic script, make sure that your required domains are verified, as described in Step 2- Verifying your domains [Microsoft 365].

    If the multi-region functionality is enabled, make sure that your required domains are verified for both the pr

    imary region and the secondary region. [see Multi-region]

  • Even though the script is largely automatic, while the script runs, you may be required to perform some actions, as described in the procedure below.

  • If you want to protect only a few specified users or groups [and not all the users in your domains], you can perform the required configurations automatically - and then you must modify the redirect rule that was created by the script. For details about modifying the rule, see Modifying the list of users to protect [Microsoft 365 - Inline]. Contact Perception Point Support [support@perception-point.io] for assistance - if required.

  • The automatic script performs the required multi-region configurations when the multi-region functionality is enabled. [see Multi-region]

To perform the required configurations automatically:

  1. On the right of the Perception Point X‑Ray banner, click the Add Services [] icon. The "Add and Configure Services" wizard opens.

    Note: If your domain is verified, and the "Add and Configure Services" wizard doesn't appear, refresh the page.

  2. Click Complete configuration for existing services, locate and click your domain, and then click Next. The Complete your configuration dialog box opens.

    Note: If you don't see the Complete configuration for existing services option, click Refresh in your browser.

  3. Under Automatic Script, click Run Script.

    The script will begin to run, and soon the Granting Access dialog box will appear.

  4. Granting Access:

    1. Click the Copy icon [] to copy the code that appears.

    2. Click the link that appears below: 2. Paste the code in the link below. The Enter Code pop-up opens.

    Note: If the pop-up does not appear, make sure that pop-ups are not blocked on your computer.

  5. Paste the code into the Code field, and click Next.

  6. In the Pick an account dialog box that appears, click your Microsoft account.

    Note: You must be a global administrator in that account.

    A "confirmation required" dialog box opens.

  7. Click Continue. A "confirmation" dialog box opens.

  8. Close the pop-up that contains the above message.

    The automatic script will continue processing and setting the required configurations - in the background. This process will take about 10 minutes to complete. You can continue with other work on your computer while the script runs.

  9. Click Enable configuration to close the "Authentication completed successfully" dialog box.

    What's next

    • Perception Point will send you an email to let you know when the configuration is complete. The email will indicate if the configuration was successful or not.

      Important:

      • The email will be sent to the email address of the user that is signed-in to Perception Point X‑Ray.

      • The email should take about 10 minutes to arrive.

      • Your organization will be protected by Perception Point X‑Ray only if the email indicates that the configuration was successfully performed.

    • If the email indicates that the script did not complete the configuration successfully, see Microsoft 365 Integration: Troubleshooting automatic onboarding.

      Note: In the Account > Bundles and Channels page, under Enabled Channels, Email Service should now appear as Active. If it appears as Inactive, contact Perception Point Support [support@perception-point.io].

  10. If you want to configure this Microsoft 365 integration to operate in monitoring mode, continue with Configuring monitoring mode below.

Manual configuration

Perform the procedures below to manually configure the Microsoft 365 integration with Perception Point X‑Ray.

See the available video.

Note: The procedures below may differ slightly depending on the versions of the applications that you are using.

  1. Open the Microsoft 365 admin center.

  2. Click Security > Policies & rules > Threat policies > Anti-spam policies > Connection filter policy (Default) > Edit connection filter policy.

    [Click here: https://security.microsoft.com/antispam]

  3. Add the IP addresses below to the Always allow messages from the following IP addresses or address range list.

    Note: Select the correct set of IP addresses for the environment of your organization.

    1. In Perception Point X‑Ray, go to Account > Preferences.

    2. The Environment of your organization will appear under General > Info: US, EU, or AUS.

    For US environments

    For EU environments

    For AUS environments

    • 3.81.182.154

    • 3.93.155.149

    • 3.95.118.12

    • 3.95.142.181

    • 54.227.64.76

    • 52.12.169.124 [required only if Muti-region is enabled]

    • 99.81.216.78

    • 34.249.190.60

    • 108.128.137.108

    • 99.80.189.20

    • 52.12.169.124 [required only if Muti-region is enabled]

    • 13.236.255.231

    • 54.66.125.250

    • 52.12.169.124 [required only if Muti-region is enabled]

  4. Select Turn on safe list.

  5. Click Save.

This connector directs the email from your Microsoft 365 tenant to Perception Point.

  1. Open the Microsoft Exchange admin center, and then click Mail flow > Connectors > Add a connector.
    [Click here: https://admin.exchange.microsoft.com/#/connectors]

    • Connection from: Office 365

    • Connection to: Partner organization

  2. Click Next.

  3. Enter Name: Perception Point Scanning

  4. Make sure that What do you want to do after connector is saved? > Turn it on is selected.

  5. Click Next.

  6. Select Only when I have a transport rule set up that redirects messages to this connector.

  7. Click Next

  8. Select Route emails through these smart hosts and add one of the following Amazon SES FQDNs, depending on the environment in which your organization is located: [Open the drop-down below for details on your environment.]

    1. In Perception Point X‑Ray, go to Account > Preferences.

    2. The Environment of your organization will appear under General > Info: US, EU, or AUS.

     

    		 Multi-region enabled Multi-region not enabled

    For US environments:

    us.mx-pp.com

    inbound-smtp.us-east-1.amazonaws.com

    For EU environments:

    eu.mx-pp.com

    inbound-smtp.eu-west-1.amazonaws.com

    For AUS environments:

    australia.mx-pp.com

    inbound-smtp.eu-west-1.amazonaws.com

  9. Click Next.

  10. Keep the default TLS settings.

    Note that Perception Point X‑Ray supports TLS 1.2

  11. Click Next.

  12. In the validation screen, use [and then validate] the following email address:

    noreply@perception-point.io

  13. Click Next, and then click Create connector.

This connector directs the email from Perception Point back to your Microsoft 365 tenant.

  1. Open the Microsoft Exchange admin center and then click Mail flow > Connectors > Add a connector.
    [Click here: https://admin.exchange.microsoft.com/#/connectors]

    • Connection from: Partner organization

    • Connection to: Office 365

  2. Click Next.

  3. Enter: Name: Disable IP Throttling on Perception Point Connector

  4. Make sure that What do you want to do after connector is saved? > Turn it on is selected.

  5. Click Next.

  6. Select the second option: By verifying that the IP address of the sending server matches one of the following IP addresses, which belong to your partner organization, and add one set of IP addresses below, depending on the environment in which your organization is located: [Open the drop-down below for details on your environment.]

    1. In Perception Point X‑Ray, go to Account > Preferences.

    2. The Environment of your organization will appear under General > Info: US, EU, or AUS.

    For US environments

    For EU environments

    For AUS environments

    • 3.81.182.154

    • 3.93.155.149

    • 3.95.118.12

    • 3.95.142.181

    • 54.227.64.76

    • 52.12.169.124 [required only if Muti-region is enabled]

    • 99.81.216.78

    • 34.249.190.60

    • 108.128.137.108

    • 99.80.189.20

    • 52.12.169.124 [required only if Muti-region is enabled]

    • 13.236.255.231

    • 54.66.125.250

    • 52.12.169.124 [required only if Muti-region is enabled]

  7. Click Next.

  8. Leave the default TLS settings.

    Note that Perception Point X‑Ray supports TLS 1.2

  9. Click Next.

  10. Click Create connector.

In this step, you use a routing rule to define the users that will be protected by Perception Point X‑Ray. You can specify to protect all the users in the domain [full protection], or just a sub-set of the users in the domain [partial protection].

Note: The procedure below differs slightly depending on whether you are implementing the scanning to protect:

  • an entire domain

[full protection]

  • a group or groups of users

[partial protection]

  • just a few specified users

[partial protection]

IMPORTANT: If you select one of the partial protection options above, make sure to inform your Account Executive/VAR/CSM for Perception Point X‑Ray so that the correct billing arrangements will be implemented.

  1. In the Exchange admin center, click Mail flow > Rules > Add a rule > Create new rule.
    [Click here: https://admin.exchange.microsoft.com/#/transportrules]

  2. Under Name, enter Perception Point Redirect Rule.

  3. Specifying which users to protect [Microsoft 365 - Inline]

    Note: After onboarding the Microsoft 365 integration, you can change the set of users that are protected by modifying the rule. For details, see Modifying the list of users to protect [Microsoft 365 - Inline].

    Under Apply this rule if, select one of the following options:

    To protect...

    Instructions

    an entire domain

    "The recipient" > domain is. Add only domains that have verified TXT records.

    a group or groups of users

    "The recipient" > "is a member of this group" > "Select a group from the list" > and then click OK.

    Note: This option refers to Microsoft 365 groups. Each group must have an associated email address.

    only one or more specified users

    "The recipient" > "is this person" > "Select a user from the list" > and then click OK.

    See the available video.

  4. Click "+" to add a condition.

  5. Select The sender > is external/internal.

  6. In the "select recipient location" box that appears, select Outside the organization - and then click Save.

  7. Under Do the following, select Redirect the message to > the following connector > and then select the Perception Point Scanning connector that you created above.

  8. Click "+" to add another condition.

  9. Select Modify the message properties > set a message header

    • Message header: X-PERCEPTION-POINT-CUSTOM

    • Value: <Any value>, for example: acme2023

      You'll need to enter this value later on in this procedure [in Step 10].

  10. Under Except if, select The message headers... > includes any of these words

    • Message header: X-PERCEPTION-POINT-CUSTOM

    • message header includes: <The value that you entered in Step 9 above>

  11. Click "+" to add an exception.

  12. Select The sender> IP address is in any of these ranges or exactly matches, and enter one set of IP addresses below, depending on where your domain is located:

    1. In Perception Point X‑Ray, go to Account > Preferences.

    2. The Environment of your organization will appear under General > Info: US, EU, or AUS.

    For US environments

    For EU environments

    For AUS environments

    • 3.81.182.154

    • 3.93.155.149

    • 3.95.118.12

    • 3.95.142.181

    • 54.227.64.76

    • 52.12.169.124 [required only if Muti-region is enabled]

    • 99.81.216.78

    • 34.249.190.60

    • 108.128.137.108

    • 99.80.189.20

    • 52.12.169.124 [required only if Muti-region is enabled]

    • 13.236.255.231

    • 54.66.125.250

    • 52.12.169.124 [required only if Muti-region is enabled]

  13. Click "+" to add an exception.

  14. Select The message > size is greater than or equal to, and then add a size limit of 40000KB.

  15. Click Next.

  16. Under Set rule settings, select "Stop processing more rules".

  17. Under Match sender address in message, select Header.

  18. Click Next.

  19. Change the priority to 0 (highest priority).

    If you have existing block using IP rules, set the priority of this rule higher than Perception Point, and then select "Stop processing more rules"

  20. Save the changes.

  21. Review the rule and click Finish.

  22. Select and then enable the rule.

[This step is optional.]

If an email is identified by Microsoft's Exchange Online Protection (EOP) as being high-confidence spam (the SCL is 7, 8, or 9), then this rule sets the SCL to 9. This will cause all emails that are assigned a clean verdict by Perception Point X‑Ray and a high spam confidence level by EOP, to be sent to the Junk Email folder or quarantined [depending on your Microsoft Exchange settings]. In this manner, Microsoft's (EOP) supplements Perception Point X‑Ray, offering an additional layer of protection.

  1. In the Exchange admin center click Mail flow > Rules > Add a rule > Create a new rule.
    [Click here: https://admin.exchange.microsoft.com/#/transportrules]

  2. Under Name, enter Send Office 365 spam emails to Junk folder (High).

  3. Under Apply this rule if:

    1. Select The message headers... > matches these text patterns

      1. Click Enter text, and then enter X-PP-Forefront-Antispam-Report

      2. Select Enter text patterns, and then enter SCL:9, SCL:8, SCL:7

  4. Under Do the following, select Modify the Message Properties > Set the spam confidence level (SCL) to, and then enter 9.

  5. Click Next.

  6. Click Finish.

[This step is optional.]

If an email is identified by Microsoft's Exchange Online Protection (EOP) as being low-confidence spam (the SCL is 5 or 6), then this rule sets the SCL to 6. This will cause all emails that are assigned a clean verdict by Perception Point X‑Ray and a low spam confidence level by EOP, to be sent to the Junk Email folder or quarantined [depending on your Microsoft Exchange settings]. In this manner, Microsoft's (EOP) supplements Perception Point X‑Ray, offering an additional layer of protection.

  1. In the Exchange admin center, click Mail flow > Rules > Add a rule > Create a new rule.
    [Click here: https://admin.exchange.microsoft.com/#/transportrules]

  2. Under Name, enter Send Office 365 spam emails to Junk folder (Low).

  3. Under Apply this rule if:

    1. Select The message headers... > matches these text patterns

      1. Click Enter text, and then enter X-PP-Forefront-Antispam-Report

      2. Click Enter text patterns, and then enter SCL:6, SCL:5

  4. Under Do the following, select Modify the message properties > set the spam confidence level (SCL) to, and then enter 6.

  5. Click Next.

  6. Click Finish.

  1. In the Exchange admin center, click Mail flow > Rules >Add a rule > Create a new rule.
    [Click here: https://admin.exchange.microsoft.com/#/transportrules]

  2. Under Name, enter Perception Point Spam Rule.

  3. Under Apply this rule if:

    1. Select The message headers... > matches these text patterns

      1. Click Enter text, and then enter X-PERCEPTION-POINT-SPAM

      2. Click Enter text patterns, and then enter FAIL

  4. Under Do the following, select Modify the message properties > set the spam confidence level (SCL) to, and then enter 6.

  5. Click Next.

  6. Click Finish.

    The spam will now be sent to the user’s Junk folder.

This step enables the Perception Point remediation app. For details on the remediation app, see Remediation App.

  1. In Perception Point X‑Ray, in the left navigation menu, select Account > Bundles and Channels.

  2. Under Enabled Channels, locate Email Service > Microsoft 365, and then click Activate.

    A new browser tab will open, enabling you to sign-in to Microsoft 365.

  3. Use the credentials of a global admin to sign in, review the required permissions, and then approve them.

Your email is now scanned and protected by Perception Point X‑Ray.

If you want to configure this Microsoft 365 integration to operate in monitoring mode, continue with Configuring monitoring mode below.

Configuring monitoring mode

Important: Perform this procedure only if you want your Microsoft 365 Inline integration to operate in monitoring mode.

Monitoring mode is typically used for PoC implementations.

In monitoring mode [also known as passive, silent, or detection mode], Perception Point X‑Ray will not:

  • quarantine malicious emails

  • route spam to the Junk folder

To configure the integration to operate in monitoring mode:

  1. Open the Account > Bundles and Channels page.

  2. On the right, click Default Channel Settings.

  3. Click Edit [].

  4. Under Detection, clear the Malicious, Restricted, and Spam check boxes.

    Note:Perception Point X‑Ray will not quarantine any malicious emails.

  5. Click Save.

  6. In the Exchange admin center, disable the following rules:

    • Perception Point Spam Rule

    • Send Office365 spam emails to junk folder (High)

    • Send Office365 spam emails to junk folder (Low)

    Your Microsoft 365 Inline Integration is now configured to operate in monitoring mode.

    Perception Point X‑Raywill not quarantine any malicious emails or route spam to Junk folders.

See also: