Paubox Email Suite: Getting started
      Back to home
      2. Paubox Email Suite
      3. Paubox Email Suite: Getting started

      Inbound Security setup for Microsoft 365 with Microsoft Defender

      NOTE: Coordinate with the Paubox team for inbound security setup.

      • Paubox team will provide the appropriate mx value 
      • Mail relays must be set on the Paubox side or mail will not be delivered

      Overview

      What you’ll need:

      1. Trial subscription with Paubox (don't have one? sign up here!)
      2. A Microsoft 365 account (Business Basic, Standard, or Premium)
      3. Microsoft 365: Admin access to your organization's Microsoft Exchange Admin  (https://admin.exchange.microsoft.com/#/homepage)
      4. Microsoft Defender
      5. Domain: Admin access to your organization's Domain Host (for ex. GoDaddy or Cloudflare)
      6. The appropriate mx value for your domain - provided by Paubox during setup

      Note: Make sure you can log into Microsoft 365 & domain host as an admin before proceeding. If you don’t have login credentials or permissions, reach out to who set up your Microsoft 365 account and/or website.

      What you’ll do:

      1. Microsoft 365: Create a connector
      2. Microsoft 365 Defender: Enable enhanced filtering for connectors ("skip listing")
      3. Domain: Update your domain's mx record

      Questions? Stuck? We’re here for you!  support@paubox.com

      Step-by-step guide

      Part I: Microsoft 365 - create an inbound connector 

      1. Log in to the Microsoft 365 Exchange Admin Center using admin-level credentials (https://admin.exchange.microsoft.com/#/homepage)
      2. In the navigation pane on the left, click mail flow. Then click connectors.
      3. Click + Add a connector 
      4. On the pop-up window that follows, select
        From: Partner Organization and To: Office 365. Then click Next
      5. Under *Name: enter Paubox Inbound. Make sure the checkbox labeled Turn it on is checked, then click Next
      6. Change the radio button to:"By verifying that the IP address of the sending server..."  In the Add ip address field, enter 165.140.171.0/24 then click then the blue box with the + symbol
      7. Click Next
      8. On the next screen, keep Reject messages if they aren't using TLS selected, leave the other box unchecked. Click Next.
      9. On the next screen, click Create Connector 
      10. Next click Done
      11. The Paubox inbound connector for Microsoft 365 is now live.

      Part II: Microsoft Defender - enable enhanced filtering for connectors ("skip listing")

      1. Open the Microsoft 365 Defender portal
      2. In the sidebar on the left, click Email & Collaboration
      3. Click on Policies & Rules => Threat Policies
      4. In the Rules section, click Enhanced Filtering
      5. Select the connector just created ("Paubox Inbound")
      6. In the following popup:
      • Select the radio button: Automatically detect and skip the last IP address
      • For "Apply to these users" select: Apply to entire organization
      • Click Save 

      Note: If there is a rule in place to bypass SCL (Spam Confidence Level), disable the rule. See Microsoft's full best practices, here

      Part III: Domain update - MX record

      If your organization’s domain name is example.com, Microsoft 365 asks you to setup your MX record like this:

      MX 10 example-com.mail.protection.outlook.com.

      To get Paubox inbound security going, you’ll need to change your MX record so that it has just one MX record:

      <appropriate mx value supplied by Paubox Team during setup>

       

      Note: if there are multiple MX records, edit the record of the lowest value (usually "10") and replace the existing value with the appropriate Paubox mx value. Save; then delete all other records of type MX. 

      This update will start routing all inbound email for your domain to Paubox when the DNS record change finishes propagating.