Back to top

Search Results

Microsoft 365

This article describes how to configure simple routing rules such as #secure and more complex DLP rules with Microsoft 365 & DeliverySlip.

The DeliverySlip Crypto Gateway connects with Microsoft 365 to help cast a wider net for data leakage protection. It is offered as a cloud service, and it is designed to emulate the ‘old school’ secure email gateways (or what we like to call, gateway-style DLP). It sits in-line between your mail server and the DeliverySlip API to offer high availability processing. For users, this translates into transparent outbound encryption, with all secure messages stored decrypted in the mail server. Both internal and external guest users continue to benefit from all the same DeliverySlip apps, plug-ins and mobile access.

Your Microsoft 365 administrator can set this up within minutes without any MX record changes required. The crypto gateway service is available at https://g.deliveryslip.com but will ignore all traffic unless the source of the traffic has been ‘whitelisted’ with DeliverySlip. This URL is configured behind an Azure traffic manager to assure that regional traffic is routed through the correct jurisdiction. The connection to the DeliverySlip Crypto Gateway service is done using SMTP via port 25. The STMP session must use the STARTTLS command to assure the SMTP messages are transmitted securely.

The following information is necessary to start sending secure messages using either the #secure routing rule or advanced DLP rules:

  • IP address of sending server so we can whitelist the address – you can also ask Wilson about creating a filter for Exchange Online servers, simply indicate that your email server is Office 365 in your request).
  • Primary Domain and all associated domains for the company.
  • Customer portal if different from Primary domain.

Once identified, please send this information to wilson@deliveryslip.com for configuration. Once configured, the sending mail service can be configured to route messages to the crypto gateway service.
 
 

Configuring Office 365 for #secure

The simplest way to get going is to set up a routing rule to send all emails containing ‘#secure’ in the subject line to be sent secure. The routing rule required for this set-up is available with all Microsoft 365 subscription and does not require the E3 license with DLP functions. Once configured, the DeliverySlip Crypto Gateway service will effectively become a gateway-style encryption set-up and used as an outbound gateway for sending secure messages. Emails are received from an Exchange Online via an Exchange Connector. Transport Rules within the Office 365/Exchange Online environment will route the messages to the outbound Connector that then deliver the message to the Crypto Gateway.
 
 

Create New Connector in Office 365:

  1. Navigate to Exchange admin center >> Mail flow >> Connectors
  2. Press + to add new Connector
  3. Select your mail flow scenario:
    1. From: Office 365
    2. To: Partner organization

    IMAGE MISSING—–

  4. Name Connector: DeliverySlip Crypto Gateway
  5. Select box to turn it on and press Next
  6. When do you want to use this connector?
    1. Select the first option: Only when I have a transport rule setup up that redirects messages to this connector, then press Next
  7. How do you want to route email messages?
    1. Select: Route email through these smart hosts
    2. Press + sign and specify the fully qualified domain name: g.deliveryslip.com
  8. How should Office 365 connect to your partner organization’s email server?
    1. Select: Always use TLS
    2. Select: Any digital certificate, including self-signed certificates, press next twice
  9. Validate Connector
    1. Press + and add any email address and press ok
    2. Press Validate button at bottom of screen
    3. Close confirmation screen
    4. Press Save
  10. Connector is now setup and ready to send email to the Crypto-Gateway.

 
 

Configuring Microsoft 365 DLP Rules

DLP rules are primarily compliance driven and will typically be setup by your compliance office or compliance team. The following is using existing templates only and intended as guidelines.

We will setup a DLP policy template and Keyword Rules Rule following this.

#Secure Keyword Rule
Setting up your own keyword policy is as easy as the previous but will need to be made from a blank rule using the following steps

1. Select + symbol on tab at top of rules

2. Select: Create a new rule

a. Give rule a name: i.e. Crypto-Gateway Keyword Rule”

b. Apply Rule if Sender is inside organization

c. Click on the More options link at bottom of page

d. Add a condition to the Apply this rule if… section

e. Select The subject includes… and enter #secure as the keyword

f. Under Do the following, select Use the following connector…

g. Then select the previously configured Crypto Relay connector

h. Add an Exception to the rule so that message generated by the Outlook Add-In are ignored.

Secure Messaging Page 6

i. Select A message header matches…

i. Header name: x-secure-message-id

ii. Value: [0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}

3. Click on Save button to save the rule.