Configure Microsoft 365 Sync
The Microsoft 365 sync functionality is designed to simplify onboarding of Microsoft 365 customers into Mail Assure. Mail Assure's New Interface and Dashboard includes access to the configure Microsoft 365 synchronization feature. This tool allows you to connect to your Microsoft 365 Admin center to import Domains and Mailboxes into Mail Assure easily and quickly.
Please note Microsoft 365 is the new name of Microsoft's Office 365 service. The name for this was officially changed on April 21st 2020 and information on the change can be found here: https://docs.microsoft.com/en-us/deployoffice/name-change
- Accessing the new dashboard and interface
- What is configured during sync
- Add Domains and Mailboxes
- Next Steps
- Editing and Removing Domains and Mailboxes
If Microsoft 365 Sync is enabled, any current LDAP Mailbox Sync configuration will be disabled.
The Microsoft 365 Sync has the following requirements that must be met:
- You must have access to the Microsoft Global Administrator Account
- Must be logging in to Mail Assure using a SolarWinds Single Sign On (SSO) login at an Admin level user. Information can be found here for Setup SolarWinds Single Sign-On.
- Must be viewing the dashboard as an Admin level user
- Have access to the new interface and dashboard. The steps for accessing this can be found below.
- Once the domains and mailboxes are added, you must follow the Next Steps to ensure filtering is configured correctly
Using the Microsoft 365 sync allows for secure and easy addition of multiple domains and mailboxes at the same time using your Microsoft 365 credentials.
This functionality also helps to keep usage under control with scheduled automatic synchronization of added and deleted mailboxes.
You can also easily set the timezone, date and time formatting and reporting options for new mailboxes within the Microsoft 3655 sync wizard.
The following limitations should be considered before using the Microsoft 365 sync tool:
- If you wish to set the region for each domain, you should add the domain manually, using the regular Add a Domain method as region selection is not configured within the Microsoft 365 wizard.
- As stated above, this feature is only accessibly through new dashboard and interface, when logged in with SolarWinds SSO, so if you do not use this login method, you will not be able to access this feature.
- If you want to disable outgoing protection for a mailbox, this cannot be done outside of the 365 sync wizard.
- Domain aliases are not added during the sync so must be added manually after. See Manage Domain Aliases for information on adding these.
All domains must be created/synchronized with a one-to-one Microsoft tenant administrator account to Mail Assure administrator account relationship. Note: Configuring an additional Microsoft account with an already configured synchronization, will disable any previously configured domain synchronizations. To help prevent this the Microsoft 365 sync wizard shows which tenant the admin is connected to.
To avoid accidentally connecting the admin to a different tenant, which would prevent access to the original tenant’s sync settings. We recommend using a sub-admin for each client, and configuring sync for the client tenant against the client sub-admin. This is covered in the Knowledge Base Article How to configure the Microsoft 365 sync with Mail Assure and multiple tenants.
In order to access this new feature, you must:
- Log in as an Admin level user, using the Login with SolarWinds Single Sign-On (SSO) button:
- Click on the Try the new beta interface link at the top right of the page.
- Using the side menu on the left of the page, navigate to General > Domains Overview.
- Once on the Domains Overview page, select ConfigureMicrosoft 365 Sync which can be found just below the page description.
For information on using the synchronization tool, see Adding Domains and Mailboxes via Microsoft 365 sync.
When using the Microsoft 365 Sync tool, the following configuration is completed:
- If the domain does not already exist, it is added.
- All selected mailboxes in Microsoft 365 for the selected domains are added to Mail Assure
- The mailbox type is set automatically based on the type in Exchange, ie. distribution list, shared mailbox, regular mailbox.
- Any mailbox aliases are added for selected mailboxes.
- If the mailbox is newly added, the selected services (Incoming Protection, Outgoing protection, Archiving) are enabled as per the choices made in the Wizard.
- If the mailbox already exists, no changes are made to the service selection. If you deselect a previously selected mailbox during sync, all services are removed for the mailbox.
- Reject email to mailboxes not listed in the "Mailboxes" tab is enabled in the Domain level Mailboxes Configuration > Configuration Tab.
- Mailbox protection and processing mode is set to Protect specific mailboxes only in the Domain level Mailboxes Configuration > Configuration Tab.
- The destination routes are set per domain
- An outgoing authenticating user is created per domain. This is set up to:
- permit re-authentication
- allow outgoing mail from any Microsoft 365 IP
- If selected during the process, an Automatic ESR is created for the mailboxes imported using Microsoft 365 sync
- If selected, Archiving is enabled for the domain.
- If the "enable SSO" option is selected within the wizard, the mailbox is permitted to use Microsoft 365 authentication to log in to Mail Assure
- The chosen time zone, date format, and time format are set for each of the selected mailboxes.
Once you have completed configuration, and all Domains and Mailboxes are successfully showing in Mail Assure, there are a few further steps that are required in order for Mail Assure to function correctly.
- In Mail Assure, you need to:
- Check all settings configured during the sync are correct
- Check all Branding and Email Scout Report (ESR) options
- Configure SSO/OAuth with Microsoft 365
- Outside of Mail Assure, there are a few further steps that are required for correct filtering:
- For incoming filtering, update the MX Records
- If using outgoing filtering, configure Microsoft 365 to use Mail Assure as a smart host
- If using archiving, ensure you Configure Journaling in Mail Assure/Exchange
- Disable Microsoft 365's integrated filtering and restrict incoming delivery to Mail Assure. This can be done by following the steps here.