This article contains information on configuring Microsoft 365 with Mimecast, including outbound email routing, recipient validation, journaling setup, MX record modifications, and inbound email flow lockdown to ensure secure and efficient email management.
Migrating to Microsoft 365 from an On-Premise or Hybrid Exchange requires you to complete a series of steps outlined below. Where possible, the information required is listed on this page. Where a step requires you to perform an external task, or the task is itself complex, a link to another article is provided.
It is recommended you complete the steps in the order displayed below.
Setting Up Your Outbound Email
SMTP connectors must be set up to route all your outbound emails through Mimecast. See the Microsoft 365: Configuring Outbound Delivery Routing page for full details.
To set up your outbound email:
- Create a single outbound Connector to Mimecast, adding the following hostnames to the Smart Host section:
-
- xx-smtp-o365-outbound-1.mimecast.com (where xx is the region identifier where your account is hosted).
- xx-smtp-o365-outbound-2.mimecast.com (where xx is the region identifier where your account is hosted).
- Check your Email Flow through Mimecast by clicking the Message Center | Accepted Messages menu item in the Mimecast Administration Console. Any accepted outbound, inbound, and internal messages are displayed.
Setting Up Recipient Validation
It is important that Recipient Validation is completed before routing inbound mail to Mimecast.
Recipient validation enables us to verify the email addresses to which you receive emails. This ensures only messages destined for valid internal email addresses are accepted. Those that can't be matched against a valid internal address are rejected. To enable you to do this, you have the following options:
- Azure LDAP Synchronization: Designed for customers with or without an onsite Active Directory. See the Enabling Azure Active Directory Synchronization for Microsoft 365 page for further details.
- Directory Synchronization: Designed for customers who want to connect to their onsite Active Directory. See the Enabling LDAP Directory Synchronization for Active Directory page for further details.
- Import Users Spreadsheet: User management is manually controlled either through your internal domains or using a spreadsheet import. See the Importing Users via a Spreadsheet page for further details.
Setting Up Your Journaling
The Mimecast archive allows copies of all internal emails to be extracted from Microsoft 365, and housed offsite in a secure and feature-rich environment. With journaling enabled, you'll have:
- An up-to-date view of your email (both internal and external).
- The ability to review and search all emails.
- Email recovery to your Inbox.
- The ability to generate full email usage statistics.
- Individual user access to log in and query their message archive.
To successfully set up journaling, you'll have to configure both your Microsoft 365 and Mimecast accounts. See the Configuring Microsoft 365 Journaling page for full details.
To set up your journaling:
- Create a dedicated outbound Journal Connector using the following journal-specific smart hostnames:
-
- xx-smtp-journal-1.mimecast.com (where xx is the region identifier where your account is hosted).
- xx-smtp-journal-2.mimecast.com (where xx is the region identifier where your account is hosted).
- Check your Email Flow through Mimecast by clicking the Message Center | Accepted Messages menu item in the Administration Console. Any accepted outbound, inbound, and internal messages are displayed.
Modifying Your MX Record
For us to accept your inbound email flow and deliver it to your organization via the configured delivery routes, you must modify your MX records. Before doing this, it is important you configure your Microsoft 365 inbound delivery route. This requires you to:
- Whitelist the Mimecast IP addresses in the Microsoft 365 spam-checking policy. This ensures a message released in Mimecast doesn't get blocked by Microsoft 365. See the Connect: Configuring Inbound Delivery Routing for Microsoft 365 article for full details.
- Test the delivery routing between Mimecast and Microsoft 365. See the Testing Delivery Routing Connectivity article for full details.
To modify your MX record:
- Change your MX Records to point at the following Mimecast services:
-
- MX priority 10 - xx-smtp-inbound-1.mimecast.yy (where xx is the region identifier where your account is hosted and yy is the domain relevant to your region).
- MX priority 10 - xx-smtp-inbound-2.mimecast.yy (where xx is the region identifier where your account is hosted and yy is the domain relevant to your region).
- Check your Email Flow through Mimecast by clicking the Message Center | Accepted Messages menu item in the Administration Console. Any accepted outbound, inbound, and internal messages are displayed.
- Allow 48 hours for your changes to propagate through the internet before locking down your firewall (see below).
Locking Down Your Inbound Email Flow
Read the Connect Process: Locking Down Your Microsoft 365 Inbound Email Flow page for further details.
Comments
Please sign in to leave a comment.