Connect Application: Securing Your Inbound Email (Office 365)

Document created by user.oxriBaJeN4 Employee on Sep 22, 2016Last modified by user.oxriBaJeN4 Employee on May 29, 2019
Version 13Show Document
  • View in full screen mode

Applies To...


This page applies to new clients connecting with Mimecast using the Connect Application with Office 365 Exchange Online. 


Setting Us as Your Trusted Email Source


Once you have completed all the Connect Application tasks, we recommended locking down your inbound email flow in Office 365 to only allow mail from Mimecast IP addresses.


This ensures your emails are scanned by the Mimecast security systems to prevent viruses and spam from reaching your internal environment. 


To secure your inbound email:

  1. Log on to the Office 365 Exchange Admin Console.
  2. Click on the Mail flow menu item on the left hand side.
  3. Click on the Connectors link at the top. Your connectors are displayed.
  4. Click on the + icon.
  5. Complete the Select Your Mail Flow Scenario dialog as follows:
    FromPartner organization
    ToOffice 365
    The text at the bottom of the wizard changes to, "Creating a connector is optional for this mail flow scenario. Create a connector only if you want to enhance security for the email messages sent between your partner organization or service provider and Office 365. You can create multiple connectors for this scenario, each applying to different partner organizations or service providers.”
  6. Click the Next button.
  7. Change the connector's name to Mimecast to Office 365.
  8. Click the Next button.
  9. Select the Use the Sender's Domain option in the "How do you want to identify the partner organization?” dialog.
  10. Click the Next button.
  11. Click on the + icon to add the * as the domain.
  12. Click on the OK button.
  13. Click the Next button.
  14. Leave the Reject Email Messages if They Aren't Sent Over TLS option with the default value on the “What security restrictions do you want to apply?” dialog. Mimecast will send the message on to Office 365 with Opportunistic TLS.
  15. Select Reject email messages if they aren't sent from within this IP address range.
  16. Click on the + icon to add the Mimecast IP address ranges depending on your region.
    See the Adding Network Ranges to Office 365 page for more information.
  17. Click the Next button. A summary page is displayed. Check this to ensure it has all the correct information.
  18. Click the Save button.

Testing Your Office 365 Inbound Security


Once you have locked down your firewall, you can run the firewall test from the Connect Application to determine if the lockdown was successful.


To test your firewall and complete the task:

  1. Click on the Gateway | Secure Your Inbound Email menu item.
  2. Click on the Start button. Our Inbound IP Ranges are displayed.
  3. Ensure you have set up Mimecast as your only trusted email source. See the "Securing Your Inbound Email" section above.
  4. Click on the Next button.
  5. Click the Test Host link to test your Office 365 connection. A popup dialog is displayed.
    The test attempts to establish a connection to your Office 365 host name from a Mimecast IP address that isn't part of the data centers you've set up. This uses the SMTP protocol up to the “RCPT” command.
  6. Enter a valid internal email address and click Test. Your firewall's status is displayed as one of the following:

    • Secured: The host has rejected the recipient. This is the desired outcome.
    • Not Secured: The host has accepted the recipient. 
    Test O365
  7. Click the More or Less link to toggle the view of your domain's route information.
  8. When you're ready, click the Confirm button. A summary of your secure inbound email connection is displayed.


See Also...