Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            STEP 6 - Locking Down O365 Connections

            Created by Jason Carreiro, Modified on Tue, 13 Jun 2023 at 09:29 AM by Marc Chouinard

            Scenario:

            with the introduction of ProofPoint Essentials it is common practice that new security procedures will be required. This is true if the adoption of ProofPoint Essentials with Azure Office 365. One must be prepared to tighten or lock down Office 365 to only accept or receive emails from our cloud solution.



            Tightening Security on O365 for ProofPoint Essentials: 


            1- Sign-In to the Office 365 Admin portal.

            2- Click on Admin menu this will launch Admin Center


            3- In the Admin Center click on Show All.



            4- Then click on Exchange under the Admin Centers which will launch the Exchange Admin Center.



            5- Once in the Exchange Admin Center select Mail Flow - Rules.


            6- Click the plus sign " " and select Restrict messages by sender or recipient...



            7- Provide the rule with a name. Then for "Apply this rule if ..." select "The Sender is located..." and "Outside the organization". 



            7- For "Do the following..." select  "Reject the Message with the Explanation..." Then enter text "Unauthorized IP" and click OK.



            8- Uncheck audit this rule with severity level.



            9- For "Choose a mode for this rule" select "Enforce".



            10- Click More options.


            11- Click Add exception.


            12- For "Except If... " select "The sender" then select "IP address is in any of these ranges or exactly matches".

            13- In the windows that opens up, add the IP address from the 

            Getting Started  with ProofPoint Essentials labeled port 25 one by one. The list is listed below.


            67.231.149.0/24 

            67.231.152.0/24           

            67.231.153.0/24

            67.231.154.0/24           

            67.231.155.0/24

            67.231.156.0/24           

            67.231.144.0/24

            67.231.145.0/24           

            67.231.146.0/24

            67.231.147.0/24           

            67.231.148.0/24

            148.163.128.0/19       

            69.172.217.0/24 (Vircom)



            14- Click OK.


            15- At this point the lock down rule should look as indicated below.


            16- We strongly recommend you also another exception for calendar forwards after the "except if sender Ip address is in the range" ... there's a bug with O365 where calendar forwards are seen as external instead of internal emails.

            • Click on add another exception
            • Chose "Message header ."  
            • Click on "Matches these text patterns" . 
            • Click on "Enter text " then paste the following  "X-MS-Exchange-MeetingForward-Message
            • Click on  "These text patterns"  enter the word "Forward"  
            • Click on SAVE.   




            17- Click Save.


            18- You have now completed the on-boarding of a new client on ProofPoint Essentials.


            19- You can now proceed to STEP 7 - Inbound TLS Connection Rule.





            Preview
            0 of 0