Connect Process - Configuring Microsoft 365 Journaling

Updated

This article contains information on configuring journaling in Mimecast and Microsoft 365, including setting up journal definitions, subdomains, external contacts, send connectors, journaling rules, and verifying configurations.

For information on Microsoft 365 plans that support journaling read this Microsoft Technet article: Exchange Online Service Description | Microsoft 365 Service Descriptions and exchange-online-service-description. It describes the Exchange Online Protection (EOP) security feature set most commonly provided with Microsoft 365, which has replaced legacy FOPE services. Microsoft doesn't support self-email journaling (journaling from yourself to yourself).

  • Your Microsoft 365 tenant domain must be added to the list of internal domains available in the Mimecast Administration Console. See the Configuring Internal Domain / Subdomains page for complete details.
  • Journaling is typically configured after recipient validation options are considered. See the Connect Process Guides for further details.

If your Mimecast subscription includes journaling, which started after 26th March 2015, you'll find that a journal connector has automatically been created for you. This includes a journal:

  • Sub-domain called journal. (Where journal is the domain you provided as your primary mail domain).
  • The contact is called journaling@journal.domain.com. Use this address as the mail attribute for the external contact you create in Exchange to send journal messages.

If your Mimecast subscription started before 26th March 2015, or you want to add a journal connector, you must manually add a journal domain, journal address, and journal connector, as detailed below. This is likely if you're configuring journaling in a hybrid Microsoft 365 or On-Premise environment, as you require two journal connectors or journal sub-domains.

Configuring a Journal Definition

To configure a Journal definition:

  1. Log in to the Mimecast Administration Console.
  2. Navigate to Archive | Journaling.
  3. Either click on the:
      • New Journal Service Definition button.
      • Journal Service Definition to be changed.
  1. Complete the Journal Service Properties section as required:
Field/ Option
Description
Description
Enter a name for the definition.
Transport Type
Select the "SMTP" option.
Disabled
Leave this option unchecked. If checked, the definition isn't active.
  1. Complete the Connection Properties section as required:
Field/ Option
Description
Service Email Address
Enter a Service Email Address using the format journaling@journal.domain.com (where domain.com is the primary SMTP domain).

This is used throughout the rest of the journal configuration process.
Additional Source IP Ranges
Enter the IP Addresses from which we'll receive journaled messages. These are typically the external IPs of the Transport Service in the environment. IP Addresses are expected with a CIDR mask, so ranges can be added in a single line. The proper syntax for a single address is /32. For journaling from Microsoft 365 accounts, customers- must contact Mimecast Support to add the Microsoft 365 IP ranges to their account.

Authorized Outbound IP addresses are automatically allowed; therefore, this field can be left blank. This also applies to hosted environments sharing IP addresses or ranges. You will also need to add the Authorized Outbound IP addresses if you forward emails using the journaling connector; please refer to the Maintaining Authorized Outbound Address article for guidelines.
Use SMTP Authentication
An additional field is displayed if selected to allow a password to be entered. This password and the journal email address are used as the SMTP-AUTH credentials.

An SMTP Send Connector is required on the Exchange server for SMTP Journaling to use the authentication option.
Initial Process Delay
Leave the default value (0) unless you're working on a journaling issue with Mimecast Support. Determines the time to wait before attempting to match a message to the archive.
Delivery Wait Attempts
Leave the default value (3) unless you're working on a journaling issue with Mimecast Support. Determines the number of tries the system attempts to match a message before it is archived.
Period of Inactivity Allowed
Defines how long the SMTP connector is allowed to be inactive without receiving any messages before it is reported as being "down" (default = 180 minutes). Consider the setting carefully according to your Exchange Server environment. For example, if you operate in an environment with low email volumes, the connector will likely handle a small Exchange database. There- fore, you can set this to a much higher value than the default to cater for quiet periods (e.g., overnight) and/or smaller email databases.
Journal Type
Specify either Exchange Envelope Journaling (EEJ) or Standard EML.

We support journaling in standard EML (without the EEJ wrapper) and EEJ formats. EML files can only be assigned to mailboxes based on the message headers. This may not be reliable and doesn't include BCC recipients. EEJ- messages are the preferred option in terms of accuracy when determining the recipients of a message. EEJ also "steps down" to handle incorrectly enveloped messages in an EEJ mailbox. On occasion, journal mailboxes may receive non-envelope journaled emails. These messages would normally cause the journal service to fail. We auto-detect these malformed messages and absorb them as normal emails, even though the journal mailbox is set to EEJ.
Encrypted
This option is selected by default but isn't required. If selected, we'll only accept journal messages over TLS. Journal messages not sent over TLS are rejected.
Prefer Clear Text Version
Enable this for Active Directory Rights Management Services protected journal items.
Extended De-Duplication
If selected, we wait ten minutes for the gateway item after receiving the internal message via the Journal Connector for de-duplication purposes. Only enable this option if internal messages are journaled via remote/local infrastructure and delivered via the Mimecast gateway.
Remove Journal Headers
Enable this option to instruct us to remove potentially sensitive journal headers that Microsoft Exchange might have added.

Headers that will be removed are X-MS-Ex- change-Organization-BCC and X-MS-Ex- change-CrossPremises-BCC. All other headers will be respected.
Journal Non-Internal Addresses
If selected, messages processed that don't hold any internal addresses are archived.
Journal Unknown Internal Addresses
If selected, messages processed that are sent from or to unknown internal addresses are archived.
  1. Click on the Save and Exit button.

Configuring a Journaling Sub Domain

This step isn't required when setting up Microsoft 365 in a hybrid environment, and you've previously set up a journal sub-domain and connector. Only one journal connector is required on the Mimecast side, and both the On-Premises server and M365 can be configured to send journal messages to the same email address (e.g.journaling@journal.domain.com where domain.com is the primary SMTP domain).

With the journal.domain.com email address configured, you must add the journal subdomain. To accomplish this:

  1. Log in to the Mimecast Administration Console.
  2. Navigate to Users & Groups | Internal Directories.
  3. Select the Add Subdomain button.
  4. Complete the dialog by entering the value in the Journaling Value column:
 Field/ Option Description Journaling Value
Domain Name(s) Enter up to 100 subdomains, with each on a separate line.  journal..com
Inbound Checks Select the inbound checks on all external messages directed to the subdomain(s). Accept all Inbounds for this Domain
Add Anti-Spoofing Policy If selected, Anti-Spoofing Policies are applied to all messages directed to the subdomains, preventing them from being spoofed from outside sources. Unselected
  1. Click on the Save and Exit button.

For editing subdomains, see the Configuring Internal Domain / Subdomains page.

Configuring an External Contact in Microsoft 365

This guide describes the correct navigation through the Classic Exchange Admin Center (Classic EAC). Administrators can use either the Classic EAC or the new Exchange Admin Center (new EAC).

Administrators linked to this article from the Email Security Setup Wizard (ESSW) must follow the steps for Configuring an External Contact, Configuring a Send Connector, and Creating an M365 Journaling Rule in this article.

To configure an external contact in Microsoft 365:

  1. Log in to the Exchange Admin Center.
  2. Select Recipients | Contacts.
  3. Click the + Add a Contact option to create a new contact.
  4. Complete the values on the form.
  5. Click on the Add button.

Ensure that the External Email Address for your contact matches the address used in the journal connection.

Configuring a Microsoft 365 Send Connector

To configure a Microsoft 365 send connector:

  1. Log in to the Exchange Admin Center.
  2. Select Mail Flow | Connectors.
  3. Click on +Add a connector to create a new connector.
  4. Create a connector by completing the dialog as follows:
Variable
Description
Connection from
Select Microsoft 365 
Connection to
Select Partner Organization 
  1. Click on the Next button.
  2. Complete the New Connector dialog as follows:
Field/ Option
Description
Name
Provide a name for the connector (e.g., Microsoft 365 to Mimecast).
Description
Describe the connector.
Turn It On
If selected, the connector is enabled.
  1. Click on the Next button.
  2. Select the Only When Email Messages are Sent to These Domains option.
  3. Enter the Domain of the external contact you created for this journal connection (e.g., journal.).
  4. Click on the Icon to add the recipient domains that should use this connector.
  5. Click on the Next button.
  6. Select the Route Email Through These Smart Hosts option.
  7. Add the Smart Hosts from the table below for the relevant region. E.g., ca-smtp-journal-2.mimecast.com
Region
Hostname
Europe (Excluding Germany)
eu-smtp-journal-1.mimecast.com
eu-smtp-journal-2.mimecast.com
Germany
de-smtp-journal-1.mimecast.com
de-smtp-journal-2.mimecast.com
United States of America
us-smtp-journal-1.mimecast.com
us-smtp-journal-2.mimecast.com
United States of America (B)
usb-smtp-journal-1.mimecast.com
usb-smtp-journal-2.mimecast.com
Canada
ca-smtp-journal-1.mimecast.com
ca-smtp-journal-2.mimecast.com
South Africa
za-smtp-journal-1.mimecast.co.za
za-smtp-journal-2.mimecast.co.za
Australia
au-smtp-journal-1.mimecast.com
au-smtp-journal-2.mimecast.com
Offshore
je-smtp-journal-1.mimecast-offshore.com
je-smtp-journal-2.mimecast-offshore.com
USPCOM
uspcom-smtp-journal-1.mimecast-pscom-us.com
uspcom-smtp-journal-2.mimecast-pscom-us.com
  1. Click on the + Icon to add the smart hosts from above using this connector.
  2. Click on the Next button.
  3. Ensure the following options are selected:
      • Always Use Transport Layer Security (TLS) to Secure the Connection
      • Issued by a Trusted Certificate Authority (CA)
  1. Click on the Next button.
  2. Click on the + Icon.
  3. Enter the Journal Email Address created in the journaling profile of your Mimecast account.
  4. Click on the Validate button.
  5. Disregard any errors in the validation and click on the Save button.

Configuring a Microsoft 365 Journaling Rule

Before creating a journal rule in Exchange Online, you must specify the alternate journaling recipient for undeliverable journal reports. If a journal report can't be delivered to the journaling mailbox specified in a journal rule, it is queued in Exchange Online for some time. If the condition persists for longer and queued journal reports can't be delivered to the Journaling mailbox, they're delivered to the alternate journaling recipient.

Screenshot 2022-10-13 at 13.26.11.png

You can specify an alternate journaling recipient for undeliverable journal reports, by using the following steps:

  1. Click on the Compliance menu item in the Microsoft 365 Admin Center.
  2. The Microsoft Purview Platform will be displayed.
  3. Navigate to Settings | Data Lifecycle Management | Exchange (legacy).
  1. Enter an Undeliverable reports email address.
  2.  Click on Save.

You can create a Journal rule, by using the following steps:

  1. On the Microsoft Purview Platform, navigate to Solutions | Data Lifecycle Management | Exchange (legacy) | Journal rules.
  2. Click on + New rule.
  1. On Define journal rule settings, Complete as below:
Option Setting
Send Journal Reports to Enter the email address of your journal contact. This receives the journal reports.
Journal rule name Enter a name for the journal rule.
Journal messages sent or received from* Select the "Everyone" option.
Type of message to journal* Select the "All Messages" option.
  1. On Define journal rule settings, Complete as below:
  2. Click on the Next button.
  3. Click on Submit.
  4. Click On Done.

Verifying Microsoft 365 Premium Journaling

Once your journaling configuration is complete, verify that the connections are working:

  1. Log in to the Mimecast Administration Console.
  2. Navigate to Archive | Journaling.
  3. Click on the Queue Details button to list the journaling items.

If the connector configuration isn't successful, see the Troubleshooting Journaling page.

  1. Note the Service Status of the Journaling connector.

Journaling-800-s.jpg

For Exchange Envelope Journal Format (EJF), the recipient is displayed as the sender and the journal address as the recipient.

Related to

Was this article helpful?
7 out of 8 found this helpful

Comments

0 comments

Please sign in to leave a comment.