Direct SMTP Setup in Microsoft / Office 365

Note: Direct SMTP is typically used in circumstances where traditional allowlisting is insufficient for bypassing all security measures. Your implementation specialist will help you determine if Direct SMTP is right for your environment.

Administrators can configure their SMTP server to route AwareEd and PhishSim emails directly to their employees’ inboxes. Enabling this option will help prevent false positives and ensure deliverability by bypassing any security scans that occur before delivery. This article will help administrators configure Direct SMTP sending in an Office/Microsoft 365 environment.

There a few steps to setting up Direct SMTP:

• Configure a Partner Connection
• Submit Your Microsoft 365 Hostname to IQ Support
• Setup Your Office 365 Allowlisting (if not already completed)

Configure a Partner Connector

First, you'll need to configure a partner connector to accept mail from Infosec IQ sending IPs:

1. Login to the Exchange Admin Console
   
2. Select Mail Flow and click on Connectors
   
3. Click + Add a connector
4. In the Mail Flow Scenario window select:
   • From: Partner Organization
   • To: Office 365
     
     

     Newconnector.png978×432 8.65 KB
5. Click Next
6. Provide a name for your Name and Description for your new Connector (Example: Infosec IQ Direct SMTP Sending)
7. (Optional) If you do not want this connector to be enabled once saved, uncheck the “turn it on” box
8. Click Next
9. Select By verifying that that the IP address of the sending server matches one of the following IP addresses, which belong to your partner organization
   
   

   ConnectorIP.png1014×304 9.91 KB
10. Specify the sender IP address range by entering the below IP addresses.
    • NA Instance: 52.1.22.105, 34.202.49.109
    • EU Instance: 54.155.87.88, 54.75.182.245
11. Click Next
12. Leave Reject email messages if they aren’t sent over TLS selected and click Next
    
    

    ConnectorSecurity.png1043×299 7.63 KB
13. Review settings and click save

Submit Your Microsoft 365 Hostname to IQ Support

We will need your hostname in Microsoft 365 so we can configure Infosec IQ to use Direct SMTP. Follow the instructions below to find the hostname:

1. Click the Settings drop down menu (if not visible click Show All)
2. Select Domains
3. Select your primary mailing domain.
4. Click DNS records in the top row of options on this page
5. Under the ‘Microsoft Exchange’ section, in the row where the Type is MX, copy the contents of the Value column

Once you have this value, share it with the Infosec IQ specialist you’re working with.

Setup Your Microsoft 365 Allowlisting

If you haven’t already setup allowlisting in Microsoft 365, you can follow the instructions in our knowledge base article-> Additional O365/Exchange Allowlist Rules. Follow the instructions under the heading MX Record Doesn’t Point to Office 365.