Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Ignite /16/2017 1:30 PM

Published byHenry Parsons Modified over 9 years ago

Similar presentations

Presentation on theme: "Microsoft Ignite /16/2017 1:30 PM"— Presentation transcript:

1 Microsoft Ignite 2015 4/16/2017 1:30 PM
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Using Connectors & Mail Routing in O365
BRK3159 Using Connectors & Mail Routing in O365 Khushru Irani Program Manager Transport Team, O365

3 Session Objectives And Takeaways
Tech Ready 15 4/16/2017 Session Objectives And Takeaways How mailflow works in Office 365 So why do I need connectors? Dispel myths about connectors New Connector UI demo © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Customer Type and Mailflow
MEC 2014 4/16/2017 1:30 PM Customer Type and Mailflow Exchange Online (EXO) Hosted – all mailboxes are in Office 365 Hybrid – some mailboxes are in Office 365, some are in on-premises Exchange Online Protection (EOP) All mailboxes are hosted in on-premises, use EOP for protection only Customer type determines configuration and how mail flows through Office 365 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Mail flow participants
Office 365: Your cloud subscription (EXO and EOP), hosts your cloud mailboxes. It also acts as a hub for all mailflow of Office 365 customers Your organization server (a.k.a. on-premises server): This is an server that you manage. It could be MS Exchange, or any other server such as Lotus Notes. Cloud-only organizations won't have one. Partner Organization: A partner can be an organization you do business with, such as a bank. Service Provider: A cloud service provider that provides services such as archiving, anti-spam, etc. Internet: sent from the Internet that doesn't originate from your organization servers or rest of the participants. Internet Your organization server Service Provider Partner organization e.g. e.g. MessageLabs

6 Scenario: Fully Hosted

7 Fully Hosted Contoso.com
Microsoft Ignite 2015 4/16/2017 1:30 PM Fully Hosted Contoso.com Add domain contoso.com in O365 and verify you own the domain by adding a txt record (at DNS provider) Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Fully Hosted Contoso.com MX Record
Microsoft Ignite 2015 4/16/2017 1:30 PM Fully Hosted MX Record Add domain contoso.com in O365 and verify you own the domain by adding a txt record (at DNS provider) Add users Change MX record for contoso.com to point to O365 (at DNS provider) Contoso.com Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Fully Hosted Contoso.com MX Record Region based IPs
Microsoft Ignite 2015 4/16/2017 1:30 PM Fully Hosted MX Record Add domain contoso.com in O365 and verify you own the domain by adding a txt record (at DNS provider) Add users Change MX record for contoso.com to point to O365 (at DNS provider) contoso.com MX preference = 10, mail exchanger = contoso-com.mail.protection.outlook.com contoso-com.mail.protection.outlook.com internet address = contoso-com.mail.protection.outlook.com internet address = contoso-com.mail.protection.outlook.com internet address = Contoso.com Region based IPs Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Fully Hosted Contoso.com Do we need a connector for this scenario? NO
Microsoft Ignite 2015 4/16/2017 1:30 PM Fully Hosted From: To: Do we need a connector for this scenario? NO MX Record Add domain contoso.com in O365 and verify you own the domain by adding a txt record (at DNS provider) Add users Change MX record for contoso.com to point to O365 (at DNS provider) contoso.com MX preference = 10, mail exchanger = contoso-com.mail.protection.outlook.com contoso-com.mail.protection.outlook.com internet address = contoso-com.mail.protection.outlook.com internet address = contoso-com.mail.protection.outlook.com internet address = Contoso.com Region based IPs Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Fully Hosted Contoso.com Do we need a connector for this scenario? NO
Microsoft Ignite 2015 4/16/2017 1:30 PM Fully Hosted From: To: Do we need a connector for this scenario? NO SPF Record Register a SPF record (TXT) for contoso.com (at DNS provider) "v=spf1 include:spf.protection.outlook.com -all“ SPF effectively tells the world that contoso.com can send mail using O365 IPs, thereby reducing the chances of your mail being considered as spam Contoso.com Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 Fully Hosted + Scanner/Printer
Microsoft Ignite 2015 4/16/2017 1:30 PM Fully Hosted + Scanner/Printer From: To: Can it talk SMTP using TLS 1.0 & higher? Yes Can your scanner authenticate using a username+password? Yes Contoso.com Do we need a connector for this scenario? NO Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Fully Hosted + Scanner/Printer
Microsoft Ignite 2015 4/16/2017 1:30 PM Fully Hosted + Scanner/Printer From: To: Can it talk SMTP using TLS 1.0 & higher? Yes Can your scanner authenticate using a username+password? Yes smtp.office365.com (Username + Password) Use SMTP Client submission to authenticate to O365 and send mail [connect to smtp.office365.com] If you have multiple devices you can share the username/password You can even send mail outside O365 Contoso.com Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Fully Hosted + Scanner/Printer
Microsoft Ignite 2015 4/16/2017 1:30 PM Fully Hosted + Scanner/Printer From: To: Can it talk SMTP using TLS 1.0 & higher? Not sure Can your scanner authenticate using a username+password? No You will have to use “direct send”; especially if you don’t have a dedicated IP to send from (Mail highly prone to be marked as spam) Contoso.com Contoso.com is registered as an accepted domain Do we need a connector for this scenario? NO © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Fully Hosted + Email marketing
Microsoft Ignite 2015 4/16/2017 1:30 PM Fully Hosted + marketing From: Display From: To: Reply to: Marketing.com This mail should NOT pass through O365 at all Contoso.com Do we need a connector for this scenario? NO Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Fully Hosted + Hosted Website/App
Microsoft Ignite 2015 4/16/2017 1:30 PM Fully Hosted + Hosted Website/App From: To: Authenticate using EWS Create a user account in O365 (it could be shared) Use EWS API to authenticate & log in Send mail from that user account (subject to sender & recipient limits) Contoso.com Do we need a connector for this scenario? NO Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Scenario: Hybrid (customers that have their own organization email servers)

18 Hybrid – Before the move to O365
Microsoft Ignite 2015 4/16/2017 1:30 PM Hybrid – Before the move to O365 MX Record From: To: Contoso.com contoso.com      MX preference = 20, mail exchanger = mail.contoso.com contoso.com      MX preference = 10, mail exchanger = mailbackup.contoso.com mail.contoso.com internet address = mailbackup.contoso.com    internet address = © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Hybrid Contoso.com Contoso.com MX Record
Microsoft Ignite 2015 4/16/2017 1:30 PM Hybrid Add domain contoso.com in O365 and verify you own the domain by adding a txt record (at DNS provider) Add users you want to host in O365 MX Record contoso.com MX preference = 10, mail exchanger = contoso-com.mail.protection.outlook.com contoso-com.mail.protection.outlook.com internet address = contoso-com.mail.protection.outlook.com internet address = contoso-com.mail.protection.outlook.com internet address = Move MX to point to O365 (preferred method, since it avoids many issues with SPF, DKIM, DMARC, etc.) Contoso.com Contoso.com Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Hybrid – Primary reason for having connectors
Microsoft Ignite 2015 4/16/2017 1:30 PM Hybrid – Primary reason for having connectors You want one happy family organization Cloud + On-premises appear as one organization (Exchange headers are retained between the two) MX Record Contoso.com Contoso.com Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 Hybrid – Connector From O365 To Your Org
Microsoft Ignite 2015 4/16/2017 1:30 PM Hybrid – Connector From O365 To Your Org MX Record Receive Connector (Firewall to accept mails from mail.protection.microsoft.com IPs) Connector (Direction of mail flow) From: O365 To: Your organization servers (PSH: Outbound On-premise Connector) For all Accepted domains Point to your organization’s smarthost Contoso.com Contoso.com Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Hybrid – Connector From O365 To Your Org
Microsoft Ignite 2015 4/16/2017 1:30 PM Hybrid – Connector From O365 To Your Org From: To: From: To: MX Record Receive Connector (Firewall to accept mails from mail.protection.microsoft.com IPs) Connector (Direction of mail flow) From: O365 To: Your organization servers (PSH: Outbound On-premise Connector) For all Accepted domains Point to your organization’s smarthost Contoso.com Contoso.com Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Hybrid – Mail queued to your org smart host
You will see a Message Center post + an notification to your admin

24 Connector: From O365 To Your Organization Servers
4/16/2017 Connector: From O365 To Your Organization Servers Demo © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Hybrid – Authoritative Domain
Microsoft Ignite 2015 4/16/2017 1:30 PM Hybrid – Authoritative Domain From: To: MX Record Contoso.com domain is of type = Authoritative [This gives you Directory Based Edge Blocking*] Users+Groups in your organization need to be synced to O365 For every user with a mailbox in your on-premises org, have a mail user with an External Address Contoso.com Contoso.com Contoso.com is registered as an accepted domain of type = Authoritative * As long as you don’t have Public Folders or Dynamic Distribution Groups © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 Hybrid – Internal Relay Domain
Microsoft Ignite 2015 4/16/2017 1:30 PM Hybrid – Internal Relay Domain From: To: MX Record If you don’t want to sync users+groups in your organization to O365, then mark your domain as Internal Relay You will not get DBEB (Directory Based Edge Blocking) Contoso.com Contoso.com Contoso.com is registered as an accepted domain of type = Internal Relay © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Hybrid – Connector From Your Org To O365
Microsoft Ignite 2015 4/16/2017 1:30 PM Hybrid – Connector From Your Org To O365 From: To: Send Connector (All mail goes via smarthost contoso- com.mail.protection.outlook.com) Connector (Direction of mail flow) From: Your organization servers To: O365 (PSH: Inbound On-premise Connector) Prove Identity using certificate or IP [Sender domain must match Accepted domain] Contoso.com Contoso.com Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Hybrid – Connector From Your Org To O365
Microsoft Ignite 2015 4/16/2017 1:30 PM Hybrid – Connector From Your Org To O365 From: To: "v=spf1 include:spf.protection.outlook.com –all” SPF Record Send Connector (All mail goes via smarthost contoso- com.mail.protection.outlook.com) Connector (Direction of mail flow) From: Your organization servers To: O365 (PSH: Inbound On-premise Connector) Prove Identity using certificate or IP [Sender domain must match Accepted domain] Contoso.com Contoso.com Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Connector: From Your Organization Servers To O365
4/16/2017 Connector: From Your Organization Servers To O365 Demo © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Hybrid – In Summary Contoso.com Contoso.com
Microsoft Ignite 2015 4/16/2017 1:30 PM Hybrid – In Summary You create 2 connectors because – You want one happy family organization Cloud + On-premises appear as one organization (Exchange headers are retained between the two) Keep in mind – You MUST have dedicated IPs (those IPs MUST belong to your organization) More secure way of proving mail comes from on-premises is TLS using certificate (issued by well-known CA) vs. IPs Sender domain MUST match accepted domain Between O365 and your on-premises there MUST be no other service provider SPF Record MX Record Contoso.com Contoso.com Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Hybrid – Retain Exchange Internal Headers
MEC 2014 4/16/2017 1:30 PM Hybrid – Retain Exchange Internal Headers For Mail flow between O365 and your org Exchange Servers Exchange internal headers are used by some Exchange components (such as DL permission management, calendar). Note: Transport rule no longer requires this. All Exchange internal headers (X-MS-Exchange-Organization-xxxx) are stripped off by O365 before coming into or leaving from O365 To retain these headers between the two environments Mailflow In On-premises (Your organization servers) In O365 On-premises->O365 Ex 2013: Sendconnector(CloudServicesMailEnabled) Ex 2010: RemoteDomain (TrustedMailOutboundEnabled) UI: “Retain Exchange internal headers” Cmdlet: Inbound connector(CloudServicesMailEnabled) O365->On-premises Ex 2013: Default Frontend ReceiveConnector: TlsCertificateName <Subjectname> TlsDomainCapabilities:mail.protection.outlook.com:AcceptCloudServicesMail Ex 2010: RemoteDomain (TrustedMailInboundEnabled) Outbound connector(CloudServicesMailEnabled) © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Hybrid + Scanner/Printer or In-house App
Microsoft Ignite 2015 4/16/2017 1:30 PM Hybrid + Scanner/Printer or In-house App From: To: SPF Record MX Record You can use existing connectors to send mail from the scanner or app Contoso.com Contoso.com Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 Hybrid – Force TLS with certain partners
Microsoft Ignite 2015 4/16/2017 1:30 PM Hybrid – Force TLS with certain partners From: To: Partner – bank.com From: To: SPF Record Bank.com sends mail to Contoso.com like any other org on the Internet O365 will apply TLS for mail from bank.com to O365, if bank.com chooses to apply TLS O365 will apply TLS for mail from O365 to bank.com, if bank.com supports TLS MX Record Contoso.com Contoso.com Contoso.com is registered as an accepted domain Do we need a connector for this scenario? NO, but… © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 ...If you want to force TLS with certain partners
Microsoft Ignite 2015 4/16/2017 1:30 PM ...If you want to force TLS with certain partners From: To: Partner – bank.com From: To: Connector (Direction of mail flow) From: Your partner organization To: O365 (PSH: Inbound partner connector) Connector (Direction of mail flow) From: O365 To: Your partner organization (PSH: Outbound partner connector) SPF Record MX Record Contoso.com Contoso.com Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 ...If you want to force TLS with certain partners
Microsoft Ignite 2015 4/16/2017 1:30 PM ...If you want to force TLS with certain partners From: To: Partner – bank.com From: To: SPF Record MX Record From Partner Organization to O365: Force TLS; If TLS isn’t used, then reject incoming connection Contoso.com From O365 to Partner Organization: Force TLS; If TLS isn’t supported by partner, then do not send mail to partner Contoso.com Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 4/16/2017 Connector: From O365 To Partner Organization and From Partner Organization to O365 Demo © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 Hybrid – Instead of MX pointing on-premises
Microsoft Ignite 2015 4/16/2017 1:30 PM Hybrid – Instead of MX pointing on-premises MX Record Contoso.com contoso.com      MX preference = 20, mail exchanger = mail.contoso.com contoso.com      MX preference = 10, mail exchanger = mailbackup.contoso.com mail.contoso.com internet address = mailbackup.contoso.com    internet address = © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 Hybrid – MX points to a (shared) service
Microsoft Ignite 2015 4/16/2017 1:30 PM Hybrid – MX points to a (shared) service MX Record From: To: Contoso.com contoso.com MX preference = 10, mail exchanger = cluster9.us.messagelabs.com cluster9.us.messagelabs.com internet address = cluster9.us.messagelabs.com internet address = cluster9.us.messagelabs.com internet address = Do we need a connector for this scenario? NO, but… © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39 ...If you want to force TLS + route all outbound mail
Microsoft Ignite 2015 4/16/2017 1:30 PM ...If you want to force TLS + route all outbound mail MX Record Connector (Direction of mail flow) From: Your partner organization To: O365 (PSH: Inbound partner connector) Connector (Direction of mail flow) From: O365 To: Your partner organization (PSH: Outbound partner connector) Recipient domain = * Contoso.com Contoso.com Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

40 ...If you want to force TLS + route all outbound mail
Microsoft Ignite 2015 4/16/2017 1:30 PM ...If you want to force TLS + route all outbound mail MX Record From: To: From: To: From Partner Organization to O365: Force TLS; If TLS isn’t used, then reject incoming connection (Identify the partner via these IPs) Contoso.com From O365 to Partner Organization: Force TLS; If TLS isn’t supported by partner, then do not send mail to partner (Because recipient domain=*; we route mail outside using the connector) Contoso.com Contoso.com is registered as an accepted domain © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

41 Hybrid – Which Connector does O365 pick?
Microsoft Ignite 2015 4/16/2017 1:30 PM Hybrid – Which Connector does O365 pick? MX Record From: To: Which Connector does O365 pick? From O365 to partner organization Recipient domain = * Send mail to partner IPs Contoso.com From O365 to your organization Recipient domain=Accepted domains Send mail to Org IPs Contoso.com Contoso.com is registered as an accepted domain Closer match on recipient domain wins © 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

42 Summary

43 Who Needs to Create Connectors in O365
MEC 2014 4/16/2017 1:30 PM Who Needs to Create Connectors in O365 You have a standalone Exchange Online Protection (EOP) subscription (required) You are a hybrid organization with an Exchange Online subscription (required) You have an Exchange Online subscription and your organization needs to send messages from non-mailboxes, such as printers/scanners (optional) You often exchange with business partners, and you want to apply certain security restrictions (optional) © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

44 Questions

45 Please evaluate this session
4/16/2017 1:30 PM Please evaluate this session Your feedback is important to us! Visit Myignite at or download and use the Ignite Mobile App with the QR code above. © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

46 4/16/2017 1:30 PM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Download ppt "Microsoft Ignite /16/2017 1:30 PM"

Similar presentations

Comprehensive protection Multi-engine antivirus Continuously evolving anti-spam protection Policy enforcement Enterprise class reliability Geographically.

Comprehensive protection Multi-engine antivirus Continuously evolving anti-spam protection Policy enforcement Enterprise class reliability Geographically.
Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of emails a day Using Thousands of servers Across dozens of.

Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of s a day Using Thousands of servers Across dozens of.
On-premises Exchange Online Protection Office 365 Directory Sync ADFS (optional) Single sign on Secure mail flow Existing email environment.

On-premises Exchange Online Protection Office 365 Directory Sync ADFS (optional) Single sign on Secure mail flow Existing environment.
Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.

Module 6 Implementing Messaging Security. Module Overview Deploying Edge Transport Servers Deploying an Antivirus Solution Configuring an Anti-Spam Solution.
Curtis Parker | December 2010 | Microsoft Corporation.

Curtis Parker | December 2010 | Microsoft Corporation.
© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.

© 2007 Convio, Inc. Implementation of Sender ID Bill Pease, Chief Scientist Convio.
Microsoft Ignite /16/2017 1:31 PM

Microsoft Ignite /16/2017 1:31 PM
Connector- Based Customer Delivery Pool Mailbox (On-premises) Mailbox or Application (On-premises) Higher Risk High Risk Delivery Pool Resolve.

Connector- Based Customer Delivery Pool Mailbox (On-premises) Mailbox or Application (On-premises) Higher Risk High Risk Delivery Pool Resolve.
Sender policy framework. Note: is a good reference source for SPFhttp://www.openspf.org/

Sender policy framework. Note: is a good reference source for SPFhttp://
Understanding Microsoft Forefront Online Protection for Exchange Robert Gillies Solution Architect Microsoft Corporation EXL201.

Understanding Microsoft Forefront Online Protection for Exchange Robert Gillies Solution Architect Microsoft Corporation EXL201.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
Security challenges Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of emails a day Using Thousands of.

Security challenges Used by many 100,000s of customers Used by many 10,000,000s of users Processing Billions of s a day Using Thousands of.
IT:Network:Applications.  Exchange Recipients  Defining Email Addresses  Managing Mailboxes  Mailbox Types  Assigning Permissions.

IT:Network:Applications.  Exchange Recipients  Defining Addresses  Managing Mailboxes  Mailbox Types  Assigning Permissions.
Office 365 SMTP Relay June 2013. Relay Method Send to rcpts in domain Relay to Internet via O365 Configuration Requirements Requires Authentication.

Office 365 SMTP Relay June Relay Method Send to rcpts in domain Relay to Internet via O365 Configuration Requirements Requires Authentication.
Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.

Version 2.0 for Office 365. Day 1 Administering Office 365 Day 2 Administering Exchange Online Office 365 Overview & InfrastructureLync Online Administration.
IMAP migration Cutover migration Staged migration 2010 Hybrid2013 Hybrid Exchange 5.5 Exchange 2000 Exchange 2003 Exchange 2007 Exchange 2010 Exchange.

IMAP migration Cutover migration Staged migration 2010 Hybrid2013 Hybrid Exchange 5.5 Exchange 2000 Exchange 2003 Exchange 2007 Exchange 2010 Exchange.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Protect communications Multi-engine anti-malware and enhanced spam filtering to help protect your email environment from threats Enforce policy Flexible.

Protect communications Multi-engine anti-malware and enhanced spam filtering to help protect your environment from threats Enforce policy Flexible.
Configuring Hybrid Exchange the Easy Way

Configuring Hybrid Exchange the Easy Way
Exchange On-Premises “The Internet” Exchange Online (Office 365) “Virtual Exchange Organization”

Exchange On-Premises “The Internet” Exchange Online (Office 365) “Virtual Exchange Organization”

Similar presentations

Ads by Google