Use the steps in this article if you have multiple domains within your Microsoft 365 tenant and you want to scan only certain domains outbound.
Step 1. Create the Connector
Note that the following steps use the new Exchange admin center user interface.
- Log into the Microsoft 365 admin center.
- In the left pane, click Mail flow, and click Connectors.
- Click the Add a connector button, and use the wizard to create a new connector.
- For the Connection from, select Office 365. For the Connection to, select Partner organization.
- Enter a Name and (optional) Description to identify the connector:
- Click Next. Select Only when I have a transport rule set up that redirects messages to this connector:
- Click Next. Select Route email through these smart host, and click on your outbound hostname:
- Click Next. Use the default settings for the Security restrictions: Always use Transport Layer Security (TLS) to secure the connection (recommended) > Issues by Trusted certificate authority (CA):
- Click Next. In the confirmation page, verify your settings and click Next. Microsoft 365 runs a test to verify your settings:
- When the verification page displays, enter a test email address, and click Validate. Once the verification is complete, your mail flow settings are added.
Step 2. Create Transport Rule
- Log into the Microsoft 365 admin center, and go to Admin centers > Exchange.
- In the left pane, click mail flow, and click rules.
- Click the + symbol, and click Create new rule.
- In the new rule page, enter a Name to represent the rule.
- Click more options towards the bottom of the page.
- From the Apply this rule drop-down menu, select The sender is located > is external/internal > Inside the organization.
- Click Add Condition.
- From the drop-down menu, select The sender's domain is....
- Enter the domains you want to route through Email Gateway Defense.
- From the Do the following drop-down menu, select Redirect the message to… > the following connector, and select the connector you defined in Step 1. Create the Connector.
- Click Add Exception.
- From the drop-down menu, select The Recipient is located > is external/internal > Inside the organization.
- Towards the bottom, from the Match sender address in message drop-down menu, select Header or envelope.
- Click Save.