HENNGE Email DLP Connection Setup (Microsoft 365)

Target

This applies to customers using HENNGE Email DLP with Microsoft 365.

Objective

Set up emails sent outside the organization from Microsoft 365 (Exchange Online) to go through HENNGE Email DLP.

Notes

1. After this connection setup, the sending path will change. Ensure you thoroughly consider the scope of impact and time of work.

2. The content of this article is based on the product as of October 2024 and is subject to change without notice.

Detailed Procedures and Explanations

Pre-check Items

1. Register SPF Record

Add SPF Record

2. Verify Impact on Email Routes

If you have any pre-existing settings, please send us a screenshot of the settings before the connection setup for prior confirmation to ensure there is no impact.

・[ Exchange Admin Center] Left Menu [ Mail Flow ] - [ Rules ]

・[ Exchange Admin Center] Left Menu [ Mail Flow ] - [ Connectors ]

 

1. Create a Send Connector

1.1. Go to [ Mail Flow ] - [ Connectors ] in the [ Exchange Admin Center ] left menu and click [ + Add a connector ].

1.2. Select a Send Connector.

Specify the mail flow scenario.

Source: Office 365

Destination: Partner Organization

Click [ Next ] to proceed.

 

1.3. Set the Connector Name.

Name: HENNGE Email DLP

Ensure [ Turn it on after saving the connector ] is checked.

Click [ Next ] to proceed.

 

1.4. Configure Connector Usage.

Select [ Only when I have a transport rule set up that redirects messages to this connector ].

Click [ Next ] to proceed.

 

1.5. Set Routing.

Select [ Route mail through these smart hosts ].
Enter the following FQDN of the smart host in the text box.

gwsmtp.mo.hdems.com

Click the add button [ + ] to add the smart host, then click [ Next ] to proceed.

 

1.6. Configure Security Restrictions.

Enable TLS protection for connections from Microsoft 365 to HENNGE Email DLP.

Ensure [ Always use Transport Layer Security (TLS) to secure the connection (recommended) ] is checked.

Select [ Issued by a trusted certificate authority (CA) ].

Check [ Match subject name or subject alternative name (SAN) to this domain name ] and enter the following:

gwsmtp.mo.hdems.com

Click [ Next ] to proceed.

 

1.7. Send a Verification Email.

Enter the email address, click the add button [ + ], then click the [ Verify ] button.
* The verification process may take some time.

After a successful verification, click [ Next ] to proceed.
* If verification fails and the issue is not resolved, please contact our support team.

 

1.8. Review the Connector Settings.

Review the settings summary to ensure everything is correct, then click [ Save ] to create the connector.

 

2. Creating Transport Rules

The following steps will be implemented for emails sent by all users within the organization via HENNGE Email DLP.
If you want to filter emails sent only by specific users through HENNGE Email DLP, please refer to the following article.
I want only emails from specific senders to go through HENNGE Email DLP

2.1. Create a [ New Transport Rule ].

Access [ Mail flow ] - [ Rules ] in the left menu of the [ Exchange Admin Center ], and select [ Add a rule ] - [ Create a new rule ].

2.2. Specify the conditions for the rule.

Set the following values.

Name: Rule for HENNGE Email DLP

[ Apply this rule to ] - [ Sender ] - [ Is external/internal ] - select [ Inside the organization ], and click [ Save ].

Click the add button [ + ] for [ Apply this rule to ] and add a rule for [ And ].

Select [ Recipient ] - [ Is external/internal ] - select [ Outside the organization ], and click [ Save ].

Select [ Do the following ] - [ Redirect the message to ] - select [ The following connector ].

In [ Select connector ], select [ HENNGE Email DLP ], and click [ Save ].

Select [ Except if ] - [ Message header... ] - select [ Includes these words ].

Click [ Enter text ] and enter the following in [ Specify header name ], then click [ Save ].

From

Click [ Enter words ] and enter the following in [ Specify words or phrases ], then click [ Add ].

noreply@mo.hdems.com

After adding, check the checkbox for noreply@mo.hdems.com, and click [ Save ].

Click the add button [ + ] for [ Except if ] and add a rule for [ Or ].

Select [ Message properties ] - [ Includes message types ].

Select [ Select message type ] - select [ Read receipt ], and click [ Save ].

Click the add button [ + ] for [ Except if ] and add a rule for [ Or ].

Select [ The Sender ] - [ Domain is ].

Enter the following in [ Specify domain ], and click [ Add ].

onmicrosoft.com

After adding, check the checkbox for onmicrosoft.com, and click [ Save ].

 

After setting the above rules, click [ Next ].

 

2.3. Specify the settings for the rule.

Select the following settings.

Rule mode: Apply

Importance: None specified

Matches the sender address of the message: Header or envelope

Click [ Next ].

 

2.4. Confirm and complete.

Review the settings, and click [ Finish ].

Once you see [ The transport rule has been created successfully ], click [ Finish ].

 

2.5. Set the priority.

In the rule list, check the box for [ Rule for HENNGE Email DLP ], then select [ Move up ] or [ Move down ] at the top to change the priority as desired.

2.6. Enable the rule.

Select [ Rule for HENNGE Email DLP ], click [ Enable or disable the rule ], and set it to [ Enabled  ].

 

3. Checking the Connection

3.1. Confirm successful routing.

Follow the instructions in the article below to check the connection status.

HENNGE Email DLP Test (Microsoft 365)

3.2. Notify HENNGE One administrator upon completion.

Once you confirm that the connection has been successfully completed, please make sure to notify your HENNGE One administrator.