Office 365
In Office 365 solution, you have to enable the Exchange Online Protection. You have to use Global Admin or an Exchange Company Administrator account.
The Directory Based Edge Blocking (DBEB) feature from Office 365 enables users to reject messages for nonexistent recipients.
For enabling DBEB, follow these steps:
- Ensure the domain is set to Internal Relay, by going to EAC > Mail Flow > Accepted Domains > Select your domain and click Edit > check if the domain type is set to Internal relay, if not change it to Internal relay and click Save.
- Add your valid users to office 365 via Directory synchronization, remote Windows Powershell or directly from the Exchange Admin Center (EAC).
- Now set your domain to Authoritative. Follow the same path as above, Mail Flow > Accepted Domains > select your domain and set it to Authoritative. After you click Save, please confirm that you wish to enable Directory Based Edge Blocking.
Here is the Microsoft documentation related to this chapter: https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/use-directory-based-edge-blocking
Last Steps
Now, when you configured everything, you have to change your MX records in order to point to our Enterprise Mail Filtering servers.
Do not forget to adapt your SPF entry in your DNS to include the Microsoft O365 entries according to their documentation, but also to add the IPs of our filtering servers too.
Info: a warning on the Office 365 dashboard will inform you that your MX are not pointed to Microsoft. You can ignore it.
