1. Paubox Email Suite
  2. Paubox Email Suite: Getting started

Outbound Security setup for Microsoft 365 (detailed)

Overview

What you’ll need:

  1. Trial subscription with Paubox (don't have one? sign up here!)
  2. A Microsoft 365 account (Business Basic, Standard, or Premium)
  3. Microsoft 365: Admin access to your organization's Microsoft Exchange Admin  (https://admin.exchange.microsoft.com/#/homepage)
  4. Domain: Admin access to your organization's Domain Host (for ex. GoDaddy or Cloudflare)
  5. The smarthost value - provided by Paubox during setup

Note: Make sure you can log into Microsoft 365 & Domain Host as an admin before proceeding. If you don’t have login credentials or permissions, reach out to who set up your Microsoft 365 account and/or website.

What you’ll do:

  1. Domain: Update the records in your domain host
  2. Microsoft 365: Create a connector 
  3. Paubox dashboard: List the email addresses for secure sending, and upload your organization's logo
  4. Test: Send a test email & see it in your Paubox dashboard

Questions? Stuck? We’re here for you!  support@paubox.com

Step-by-step guide

Part I: Your domain - update your records  

  1. Log in to your domain host
  2. Click on the Control Panel (may also be called DNS Zone Editor, or just DNS)
  3. If you see a record of type TXT with a value similar to: v=spf1 include:spf.protection.outlook.com -all
    • Edit the record and insert "include:_spf.paubox.com" just before the -all; for example:
      v=spf1 include:spf.protection.outlook.com include:_spf.paubox.com -all
    • Note: there may be other "includes" or IP numbers in the record, that is fine, just insert the "include:_spf.paubox.com" right before the -all
    • Click Save
  4. If you do not see a record of type TXT that starts with v=spf1, create a new one: 
    • In the Records section, click Add (may also be called Add Record)
    • For Type, enter TXT
    • In the Host Field, type: @  (if it does not accept the @ symbol, enter your domain)
    • In the TXT value or Text field, type this line:

                 v=spf1 include:spf.protection.outlook.com include:_spf.paubox.com -all

    • Leave the default value in the TTL field
    • Click Save

Part II: Microsoft 365 - create a connector                                 

  1. Log in to the Microsoft 365 Exchange Admin Center using admin-level credentials (https://admin.exchange.microsoft.com/#/homepage)
  2. In the navigation pane on the left, click mail flow. Then click connectors. You should see a screen like this:
    kb_Outbound Security setup for Microsoft 365 (detailed)1
  3. Click + Add a connector 
  4. On the pop-up window that follows, select From: Office 365 and To: Partner organization
    kb_Outbound Security setup for Microsoft 365 (detailed)2
  5. Then click Next
  6. Under *Name: enter Paubox. Make sure the checkbox labeled Turn it on is checked, then click Next
    kb_Outbound Security setup for Microsoft 365 (detailed)3
  7. On the next screen, under Specify when you want to use this connector., select Only when email messages are sent to these domains 
    kb_Outbound Security setup for Microsoft 365 (detailed)4
  8. In the Add domain field, enter * then click the blue box with the + sign 
    kb_Outbound Security setup for Microsoft 365 (detailed)5
  9. Click Next
  10. Choose Route email through these smart hosts 
    kb_Outbound Security setup for Microsoft 365 (detailed)6
  11. During setup, you'll be provided with the smarthost value to enter in the In the "add smart host" box
  12. Enter the provided smarthost, then click then click +
  13. Click Next
  14. On the next screen, make sure Always use Transport Layer Security (TLS) to secure the connection (recommended) and Any digital certificate, including self-signed certificates are selected. Click Next.
    kb_Outbound Security setup for Microsoft 365 (detailed)7
  15. Click Next again
  16. On the next screen, enter a test email address as the validator email address: paubox15@gmail.com
    ... and then click the box with the blue + sign 
  17. Click Validate
    kb_Outbound Security setup for Microsoft 365 (detailed)8
  18. After the test is successful, click Next
  19. Next, click Create Connector
    kb_Outbound Security setup for Microsoft 365 (detailed)9
  20. Click Done
  21. The Paubox connector for Microsoft 365 is now live.

Part III: Paubox dashboard - enter email addresses; upload logo

  1. Navigate to the Paubox dashboard (https://www.paubox.com & "Sign In")
  2. Log in with your email address and password (not sure? click "Forgot your password?")
  3. Click on "Encrypted Senders" and "Add Single Sender" to enter every email address that should be sending securely via Paubox if not already listed (at your limit? email support@paubox.com)
  4. Click on "Overview" and under "Domain Settings" upload your organization's logo

Part IV: Test email

Sending a test email

  1. Log in to your email account
  2. Compose a new email to: paubox15@gmail.com with the subject: Test
  3. Enter anything you like in the message body, and click Send
  4. Congratulations! You have sent your first secure email via Paubox!

 Verifying a test email

  1. Navigate to the Paubox dashboard 
  2. Log in with your email address and password (not sure? click "Forgot your password?")
  3. Under Outbound, click on Statistics 

                  Verify green bar graph shows outbound email count passing through our servers

    4. Under Outbound, click on Mail Log

                 Verify that your test email to paubox15@gmail.com appears in the log

 

In addition, check your email inbox for replies to the emails you send - and note the security footer that appears on the bottom of your messages, confirming they were sent securely via Paubox. 

Note: internal emails (sent to people in your organization) are secure, but will not have the security footer at the bottom.