Target
This article is for customers who will use HENNGE Email DLP with Microsoft 365.
Purpose
This article explains the process of configuring emails sent from Microsoft 365 (Exchange Online) to external organizations to be routed through HENNGE Email DLP.
Cautions
1. After this connection is established, the sending route will change. Please carefully consider the scope and timing of the operation.
2. The content of this article is based on product information as of July 2024 and may be subject to change without notice.
Detailed Steps and Explanation
Prerequisites
1. SPF Record Registration
2. Confirmation of impact on Email route
If there are existing settings in the following sections, please send us screenshots of the configuration before performing this connection.
・[ Exchange admin center ] - [ Mail flow ] - [ Rules ]
・[ Exchange admin center ] - [ Mail flow ] - [ Connectors ]
1. Creation of Sending Connector
1.1. Access [ Exchange admin center ] → [ Mail flow ] → [ Connectors ], and click [ + Add a Connector ].
1.2. Select the Sending Connector.
You will be prompted to select the mail flow. Select [ Microsoft 365 ] in [ Connection from ], then select [ Partner organization ] in [ Connection to ].
Once selected, click [ Next ] to proceed.
1.3. Enter "HENNGE Email DLP" in the Name field.
Check [ Turn it on ] under [ What do you want to do after connector is saved? ].
Once selected, click [ Next ] to proceed.
1.4. Select [ Only when I have a transport rule set up that redirects messages to this connector ].
Once selected, click [ Next ] to proceed.
Later in Step 2, you will configure sending rules that utilize this connector.
1.5. Select [ Route email through these smart hosts ] and enter FQDN.
The FQDN of the smart host is the following:
gwsmtp.mo.hdems.com
1.6. Click the [ + ] Add button to add a smart host and click [ Next ].
1.7. Enable protection with TLS when connecting from Microsoft 365 to HENNGE Email DLP.
Ensure [ Always use Transport Layer Security (TLS) to secure the connection (recommended) ] is checked.
Select [ Issued by a trusted certificate authority (CA) ].
Check [ Add the subject name or subject alternative name (SAN) matches this domain name ].
The domain name is the following:
gwsmtp.mo.hdems.com
Once entered, click [ Next ] to proceed.
1.8. Perform connector validation.
Enter an email address, click the [ + ] button, and then click the [ Validate ] button.
Wait for a while as the validation process completes.
If the validation doesn't complete successfully, please try multiple times until it succeeds.
If the issue persists, please contact your HENNGE One onboarding guide / support guide.
1.9. Review the Configuration.
Once reviewed, click [ Create Connector ] to create the connector.
2. Creating Transport Rules
The following steps should be performed if you want all users' sent emails to go through HENNGE Email DLP.
If you want to filter only specific users' sent emails through HENNGE Email DLP, please refer to the following article:
Setting Up Distribution Group for Specific HENNGE Email DLP Users
2.1. Add a [ Rule ]
Go to [ Exchange admin center ] - [ Mail flow] - [ Rules ] - [ Add a rule ] - Select [ Create a new rule ].
2.2. Specify the Rule Conditions
Set the following values.
Name: Rule for HENNGE Email DLP
Apply this rule if:
[ The sender ] - [ Is external/internal ] - select sender location - [ Inside the organization ] and select Save.
Press the [ + ] under [ Apply this rule if ] to add a rule with "And".
[ The recipient ] - [ Is external/internal ] - select recipient location - [ Outside the organization ] and select Save.
Do the following:
Select [ Redirect the message to ] - [ the following connector ].
Under [ Select connector ] - choose [ HENNGE Email DLP ].
Click [ Save ].
Except if:
Select [ The message headers... ] - select [ Includes any of these words ].
Click [ Enter text ] and in specify header name, specify [ From ].
Click [ Save ].
Click [ Enter words ], in specify words or phrases, enter "noreply@mo.hdems.com" and click [ Add ].
Click the check mark for [ noreply@mo.hdems.com ].
Click [ Save ].
Select [ + ] under [ Except if ] and add [ Or ].
Under [ Or ] - [ The message properties ] - select [ include the message type ].
Under [ select message type ] - choose [ Read receipt ].
Click [ Save ].
Click [ Next ].
2.3. Specify Set Rule Settings.
Select [ Rule mode ] as [ Enforce ].
Select [ Severity ] - [ Not specified ].
Select [ Matches sender address in message ] - [ Header ].
Click [ Next ].
2.4. Review and finish
Select [ Finish ].
After confirming the display of [ Transport rule created successfully ], click [ Done ].
2.5. Set Priority
Check the rule created in the list, then select [ Move up ] at the top to change the priority as needed.
2.6. Enable the Rule
Select the created rule, choose [ Enable or disable rules ], and set it to [ Enabled ].
3. Confirmation of Connection
3.1. Verify the successful completion of the connection.
Follow the instructions in the following article to check the connection status:
HENNGE Email DLP Configuration Check (Microsoft 365)
3.2. Notify HENNGE One Onboarding Guide of the connection completion.
Once you've confirmed that the connection has been successfully completed, be sure to contact your HENNGE One onboarding guide.