This page includes:
About onboarding Microsoft 365 - Inline
You can integrate Perception Point X‑Ray with Microsoft 365. This enables Perception Point X‑Ray to protect all incoming mail from Microsoft 365.
This page describes how to integrate Perception Point X‑Ray with Microsoft 365 using the inline method. For details on how to integrate Perception Point X‑Ray with Microsoft 365 using the Microsoft API, see Onboarding Microsoft 365 [API]
-
For a comparison between the Microsoft API and Inline connection methods, see Comparing the Inline and API connection methods.
By default, the Microsoft 365 integrations monitor incoming emails only - not outgoing emails.
-
[Outbound monitoring can be configured for Microsoft 365 - see Onboarding Microsoft 365 - Outbound]
-
By default, internal email is not monitored. To add monitoring for internal email, contact Perception Point Support [support@perception-point.io]. There may be additional licensing requirements for enabling internal scanning.
This page describes Step 1 of the procedure to integrate Microsoft 365 with Perception Point:
A bit more about the Microsoft 365 - inline integration
Onboarding process
-
Customer onboarding involves adding the domain name and verifying a TXT record in the system.
-
There is a Perception Point script to automatically add and configure the required rules and connectors, and to allowlist the Perception Point IPs.
Email flow overview
-
Inbound emails initially route through the
-
Leveraging
Scanning and response
-
Clean: Emails that are assigned the clean verdict are sent back to the
-
Spam: Emails that are assigned the spam verdict are given a "X-PERCEPTION-POINT-SPAM: FAIL" header.
-
In Microsoft 365, the SCL (spam confidence level) is adjusted to 6 via Rule, designating the email as spam.
-
-
Malicious: Emails that are assigned the malicious verdict do not return to the
-
This proactive prevention stops the malicious emails from reaching the recipient's Inbox.
-
|
Note: When using the inline integration method, all emails are scanned by Microsoft Defender before being redirected to Perception Point X‑Ray for further scanning. In some cases, Microsoft Defender may quarantine the email during its initial scan. As a result, the email won't be redirected to Perception Point X‑Ray for scanning, and no scan will be created. Scan details may not appear in Perception Point X‑Ray. For additional details, see Quarantined by Microsoft. |
Step 1 - Onboarding Microsoft 365
Step 1 adds one or more domains that contain the email addresses that will be protected by Perception Point X‑Ray.
Step 1 includes Step 1A and Step 1B.
[Note: Both Step 1A and Step 1B are mandatory.]
|
|
See the available Step 1A
Perform Step 1A in Microsoft 365 Defender:
Add entries to the Tenant Allow/Block List
-
In Microsoft 365 Defender, go to this location: https://security.microsoft.com/tenantAllowBlockList?viewid=SpoofItem
-
Click (+) Add.
-
Add the Perception Point X‑Ray IP addresses for the environment of your organization [see below].
Important: For each entry that you add, make sure to add "*," before the IP address - to create the required domain pairs. For example:
*,54.227.64.76
Note: Select the correct set of IP addresses for the environment of your organization. [Open the drop-down below for details on your environment.]
What is the environment of your organization 
-
In Perception Point X‑Ray, go to Account > Preferences.
-
The Environment of your organization will appear under General > Info: US, EU, or AUS.
For US environments
For EU environments
For AUS environments
-
3.81.182.154
-
3.93.155.149
-
3.95.118.12
-
3.95.142.181
-
54.227.64.76
-
52.12.169.124 [required only if Muti-region is enabled]
-
99.81.216.78
-
34.249.190.60
-
108.128.137.108
-
99.80.189.20
-
52.12.169.124 [required only if Muti-region is enabled]
-
13.236.255.231
-
54.66.125.250
-
52.12.169.124 [required only if Muti-region is enabled]
Select-and-Copy below
*,3.81.182.154
*,3.93.155.149
*,3.95.118.12
*,3.95.142.181
*,54.227.64.76Select-and-Copy below
*,99.81.216.78
*,34.249.190.60
*,108.128.137.108
*,99.80.189.20Select-and-Copy below
*,13.236.255.231
*,54.66.125.250
-
-
Make sure that under Action, Allow is selected.
For more information about the Tenant Allow/Block List, see the official Microsoft documentation
. -
In Microsoft 365 Defender, go to this location: https://security.microsoft.com/antispam
-
In the edit Anti-spam inbound policy (Default) window on the right, scroll down and then click Edit actions.
-
In the Actions window that opens:
-
under Spam, select "Move message to Junk Email folder"
-
under High confidence spam, select "Move message to Junk Email folder"
-
under Phishing, select "Move message to Junk Email folder"
-
under High confidence phishing, select "Quarantine message"
-
-
Scroll down and click Save.
Step 1B
This step of the onboarding process includes enabling the Perception Point X‑Ray remediation application [also known as the M365 APP - see step 7 below]. This application enables emails to be removed from a user's Inbox if a malicious scan verdict is assigned - after the email has been delivered. For details on the remediation app, see Remediation App.
Perform Step1B in Perception Point X‑Ray:
-
On the right of the Perception Point X‑Ray banner, click the Add Services [
] icon. -
Click Add New Domain - if this option appears.
Note: If the pop-up does not appear, make sure that pop-ups are not blocked on your computer.
-
Select the Organization - if necessary.
-
Specify the Escalation Contacts. For details, see Escalation contacts.
-
For Email Service, select Microsoft 365.
-
For Connection Method, select Inline.
-
Click ENABLE M365 APP or Next - in the bottom right corner. [This is the remediation app.]
Important: If the ENABLE M365 APP button is not enabled, make sure that you have specified an escalation contact above.
-
You'll be redirected to sign-in to your Microsoft account.
Note: If the Microsoft sign-in pop-up does not appear, make sure that pop-ups are not blocked on your computer.
-
Sign-in to your Microsoft account as a global admin.
You'll see a list of the permissions that are required.
-
Click Accept.
The next step in the wizard appears.
-
-
On the right of Domains, click Host, and select the domain that will be protected.
Note: The list of domains shows only the domains that were detected in your organization's Microsoft 365 account - and only those domains that are not already configured to be protected.
-
Click FIND SMTP to the right of the domain name.
This should populate the SMTP Servers field. This is the address to which mail will be sent after it has been scanned and marked as being clean.
Important:
-
The required SMTP server is a server in your domain - as it appears in the MX record.
-
Do not enter a value such as smtp.office365.com or outlook.office365.com
Checking your SMTP server manually
You can perform the look-up procedure below to check that the SMTP server that appears is correct:
-
-
In Domain Name, enter your domain name - and then click MX Lookup.
Your required SMTP server will appear under Hostname.
-
-
[Optional] Click Add Domain - for each additional domain to be protected - and enter the required details [as described in the previous 2 steps].
-
Licenses: By default, Perception Point X‑Ray will protect all email users in the domains that you specified above. To protect only a limited number of users, contact Perception Point Support [support@perception-point.io].
-
Click Next.
The "Add TXT Records" dialog box opens. This dialog box includes the TXT record names and TXT record values, that you'll need in order to add and verify the TXT records for your domain - in Step 2.
If multi-region is enabled, there will be details for TXT records in both the primary and secondary regions. For details about the multi-region functionality, see Multi-region.
|
You must now verify the new domains that you added above. For details, see Step 2 Step 2- Verifying your domains [Microsoft 365]. |
See also:
