Office 365 as MX Record
In this tutorial, you will learn how to configure Microsoft Office 365 with Email Security as its MX record.
- Go to the Anti-spam policies page ↗ > Select Edit connection filter policy.
- In Always allow messages from the following IP addresses or address range, add IP addresses and CIDR blocks mentioned in Egress IPs.
- Select Save.
- Microsoft recommends disabling SPF Hard fail when an email solution is placed in front of it:
- Return to the Anti-spam option ↗.
- Select Default anti-spam policy.
- Select Edit spam threshold and properties ↗ > Mark as spam > SPF record: hard fail, and ensure it is set to Off.
- Select Save.
- Set up a connector ↗.
- Select Partner organization under Connection from.
- Provide a name for the connector:
- Name:
Email Security Inbound Connector - Description:
Inbound connector for Enhanced Filtering
- Name:
- Provide a name for the connector:
- In Authenticating sent email, select By verifying that the IP address of the sending server matches one of the following IP addresses, which belongs to your partner organization.
- Enter all of the egress IPs in the Egress IPs page.
- In Security restrictions, accept the default Reject email messages if they aren't sent over TLS setting.
Now that the inbound connector has been configured, you will need to enable the enhanced filtering configuration of the connector.
- Go to the Security admin console ↗, and enable enhanced filtering ↗.
- Select Automatically detect and skip the last IP address and Apply to entire organization.
- Select Save.
Now that you have completed the prerequisite steps, you can set up MX/Inline on the Cloudflare dashboard.