Trend Micro™ Email Security Integration with Microsoft ...

Trend Micro™ Email Security Integration with Microsoft™ Office 365

Trend Micro Integration Guide I April 2020

This document highlights the benefits of Trend Micro™ Email Security for

Microsoft™ Office 365 customers and provides step-by-step instruction on

integration.

Page 2 | Trend Micro Integration Guide Trend Micro™ Email Security Integration with Microsoft™ Office 365

Copyright ©2020 by Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, Trend Micro Security, and TrendLabs are trademarks or registered trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no way intended to represent any real individual, company, product, or event, unless otherwise noted. Information in this document is subject to change without notice.


Table of Contents Introduction ......................................................................................................................................... 4

Benefits of Combining Trend Micro Email Security and Microsoft Office 365 ........................................ 4

Understanding How E-mail Flow Works ............................................................................................... 5

Inbound Mail Setup ............................................................................................................................. 6

Configuring Trend Micro Email Security Settings .............................................................................. 6

Configuring Microsoft Office 365 Settings ......................................................................................... 7

Point the Domain’s MX Record to Trend Micro Email Security ........................................................ 10

Rule 1: Rule to bypass spam filtering .............................................................................................. 11

Rule 2: Rule to lock down Exchange Online .................................................................................... 12

Rule 3: Disable SPF Checking of Microsoft Office 365 ...................................................................... 13

Outbound Mail Setup ......................................................................................................................... 14

Configure Trend Micro Email Security Settings ............................................................................... 14

Configure Microsoft Office 365 Settings ......................................................................................... 14

Add an E-mail Flow Rule to Use the TMEMS Outbound Connector ................................................. 18


Introduction

Microsoft Office 365 is a cloud solution for accessing e-mail, calendar and Microsoft Office tools. It allows organizations to host their entire e-mail architecture at an off-site location. Trend Micro has designed Trend Micro Email Security for customers who are using either cloud-based or on-site e-mail. Unlike traditional on-site e-mail solutions where a simple cable could be moved in order to add a layer of protection, cloud-based solutions require a different approach. This document highlights the benefits of Trend Micro Email Security for Microsoft Office 365 customers, as well as step-by-step instruction on integration. This integration guide assumes a functioning Microsoft Office 365 deployment.

Benefits of Combining Trend Micro Email Security and Microsoft Office 365 Moving your e-mail to the cloud does not mean you have to reduce your security. By integrating Trend Micro Email Security with Microsoft Office 365, you can now have the best of both worlds. Trend Micro Email Security can provide the following features to enhance your Microsoft Office 365 e-mail security:

Layered protection: Provides protection on phishing, spam and graymail with multiple techniques including sender reputation, content and image analysis, machine learning, and more.

E-mail fraud protection: Protects against Business Email Compromise (BEC) with enhanced machine learning, combined with expert rules, analyzing both the header and content of the e-mail.

Cloud sandboxing: Includes cloud sandboxing for automatic in-depth simulation and analysis of potentially malicious attachments in a secure virtual environment hosted by Trend Micro. Cloud sandbox leverages proven Trend Micro™ Deep Discovery sandboxing technology, which has achieved a “Recommended” rating by NSS Labs.

Adding Trend Micro Email Security on top of Microsoft Office 365 offers enhanced security, especially with spear-phishing and targeted attack protection, providing you with an additional layer of security against advanced malware and zero-day exploits.


Understanding How E-mail Flow Works The figure below shows the flow of messaging traffic from the Internet, through the Trend Micro Email Security Servers and then to the Microsoft Office 365 Severs.

1. An e-mail is initiated from one organization to the other. Let’s say an e-mail from someone at

Trend Micro to someone at example.com is sent. 2. The Trend Micro mail server will look up the MX record of example.com. This record will contain

the Domain Name or IP address of the first hop in example.com’s e-mail architecture. This first hop is the first level of inspection that example.com performed on their e-mail.

3. Since example.com is using Trend Micro Email Security, this will be the first hop for the inbound e-

mail. 4. Trend Micro Email Security then inspects the e-mail via Trend Micro’s world class e-mail and web

reputation service for threats such as: a. Spam b. Phishing c. Viruses d. Spyware

5. If the e-mail passes the Trend Micro Email Security checks, it is then sent to example.com’s next

hop, which is their Microsoft Office 365 cloud e-mail server.

6. After further processing by Microsoft Office 365, the e-mail is then sent to the recipient’s mailbox.


Inbound Mail Setup Configuring Trend Micro Email Security Settings

1. Login to the Trend Micro Email Security administrator console.

2. Click Domains > Add.

3. Input the IP address or host name of your Microsoft Office 365 Server in the Inbound Servers

field. This can either be found by performing an nslookup or through the user interface in Microsoft Office 365. ------------------------------------------------------------------------------------------------------------- ----- Note: Microsoft generates MX records for your domains when you set them up in Exchange Online. ------------------------------------------------------------------------------------------------------------- -----

4. Input the Port for your Microsoft Office 365 server. Normally, it’s port 25.

5. Input the preference for your server which is valued from 1 to 100.

6. Click Add Domain button to save your setting.


Configuring Microsoft Office 365 Settings

1. Login to your Microsoft Office 365 administrator center account.

2. On the left pane, go to Admin > Exchange. The page will be redirected to the Exchange admin center.

3. Under Admin Centers, click mail flow from left navigation then connectors.


4. Add an inbound connector.

5. Connectors are where you will add the information about the inbound Trend Micro Email Security server. Be sure to define the connector name and the domain you want to accept. In the Name field, type a descriptive name for the inbound connector.


6. Choose: Use the sender’s IP address.

7. In Specify the sender IP addresses range field, enter the IP address or addresses for the

organization you want to add to the safe list. This will be the IP addresses of the Trend Micro

Email Security Server based on the region.

North America, Latin America and Asia Pacific: • 18.208.22.64/26 • 18.208.22.128/25 • 18.188.9.192/26 • 18.188.239.128/26 Europe, the Middle East and Africa: • 18.185.115.0/25 • 18.185.115.128/26 • 34.253.238.128/26 • 34.253.238.192/26


Australia and New Zealand: • 13.238.202.0 /25 • 13.238.202.128 /26

8. Select “Reject email messages if they aren’t sent over TLS” option then click Next.

9. Click Save.

Point the Domain’s MX Record to Trend Micro Email Security

---------------------------------------------------------------------------------------------------------------------------- ----------

Warning: This step should be performed last to guarantee mail flow.

---------------------------------------------------------------------------------------------------------------------------- ----------

The Mail Exchange (MX) record is the IP address or domain name that will be receiving your mail. This

has to be the first destination of the e-mail. In this case, it must be the public FQDN address of the

Trend Micro Email Security Server. This must be configured through your ISP or domain registrar.


1. Lower the TTL of the MX record to help increase delivery reliability

2. Migrate MX record to new TMEMS FQDN address based on the region:

North America, Latin America and Asia Pacific: <company_identifier>.in.tmes.trendmicro.com

Europe, the Middle East and Africa: <company_identifier>.in.tmes.trendmicro.eu

Australia and New Zealand: <company_identifier>.in.tmes-anz.trendmicro.com

Rule 1: Rule to bypass spam filtering

This rule ensures that only the spam filtering feature of Trend Micro Email Security will be used.

1. Login to Microsoft Office 365.

2. On the left pane, click Admin then Exchange.

3. Click mail flow from the left pane then select rules.

4. Select “Bypass spam filtering” from pull-down menu.

5. In the Rule window, complete the required fields.

a. Name: Turn off spam filter in Office 365

b. Apply this rule if

i. Select The sender… > IP address is in any of these ranges or exactly matches

ii. In the Specify IP address ranges window, enter the same IP addresses from step 7 of Microsoft Office 365 inbound connector configuration section above.

iii. Click the plus (+) icon for each range then click the OK button.

c. Do the following: Set the spam confidence level (SCL) to… > Bypass spam filtering

d. Except if: Do not add an exception

e. Audit this rule with severity level: Not specified

f. Choose a mode for this rule: Enforce

6. Click Save.


Rule 2: Rule to lock down Exchange Online

This rule will only accept e-mails from Trend Micro Email Security. Therefore, all e-mails which are not from Trend Micro Email Security will be rejected.



3. Click mail flow from the left pane then select rules.

4. Select “Restrict messages by sender or recipient …” from pull-down menu.

a. Name: Only accept inbound mail from TMEMS

b. Apply this rule if

i. Select The sender is located

ii. In the select sender location window, select Outside the organization

iii. Click the OK button.

c. Do the following: Delete the message without notifying anyone

d. Audit this rule with severity level: Not specified

e. Choose a mode for this rule: Enforce

5. In the Rule window, complete the required fields.

6. Add an exception to the allow e-mail flow from Trend Micro Email Security

a. Click More options...

b. Under Except if, click the add exception button.

c. Select The sender… > IP address is in any of these ranges or exactly matches

d. In the Specify IP address ranges window, enter the same IP addresses from step 7 of

Microsoft Office 365 inbound connector configuration section above.

e. Click the plus (+) icon for each range then click the OK button.

7. Click Save.


Rule 3: Disable SPF Checking of Microsoft Office 365 Since all incoming e-mails will come from Trend Micro Email Security IP addresses after provisioning is done, it may cause Microsoft Office 365’s SPF checking to fail on the said hosts. Trend Micro Email Security has its own SPF checking. Hence, it is recommended to disable the Microsoft Office 365’s SPF checking.



3. Click protection from the left pane then select spam filter.

4. Launch the default spam policy by clicking the edit icon to open it.

5. Choose advanced options from the left pane.

6. Find SPF record: hard fail then select Off for this option.

7. Click the Save button.


Outbound Mail Setup

Configure Trend Micro Email Security Settings

1. Login to the Trend Micro Email Security administrator console.

2. Click Domains. Choose the domain that you want to configure.

3. Enable outbound protection by checking the box next to it.

4. Check Office 365.

5. Click Save.

Configure Microsoft Office 365 Settings

1. Login to your Microsoft Office 365 administrator center account.

2. On the left pane, go to Admin > Exchange. The page will be redirected to the Exchange admin center.

3. On the left pane, click mail flow then select connectors.


4. Add an outbound connector.

5. In the Name field, type a descriptive name for the inbound connector. For example, type Trend Micro Email Security (Outbound).


6. Select “Only when I have a transport rule set up that redirects messages to this connector” option then click Next.

7. Select “Route email through these smart hosts” option. Click the plus (+) icon then add to the list:

• North America, Latin America and Asia Pacific: <company_identifier>.relay.tmes.trendmicro.com • Europe, the Middle East and Africa: <company_identifier>.relay.tmes.trendmicro.eu • Australia and New Zealand: <company_identifier>.relay.tmes-anz.trendmicro.com


8. Keep the default settings as shown in the screenshot below then click Next.

9. Review your setting. Add one test e-mail to verify this connector.

10. Validate this e-mail address and save the connector. When you have more than one domain in your Microsoft Office 365 system, the validation may not succeed for “Send test e-mail” part. Sometimes, it’s because the default domain is not the one you registered to Trend Micro Email Security. It is recommended to set the registered domain to default in Microsoft Office 365.


After that, try to set your collector again.

11. Click Save.

Add an E-mail Flow Rule to Use the TMEMS Outbound Connector

1. Login to your Microsoft Office 365.

2. On the left navigation pane, click Admin > Exchange.

3. Click mail flow from left navigation, select rules.

4. Click plus (+) icon and “Create a new rule…” then complete the following fields:

a. Name: “TMEMS Outbound”


b. Apply this rule if:

i. Select “The recipient is located…”, a new pop-up window will appear.

ii. Select “Outside the organization”, click OK.

iii. Click “More options…” to show more conditions.

5. Do the following:

a. In the drop-down menu, mouse over to the “Redirect message to…” and then select “the following connector”.

b. Select the outbound connector you created for Trend Micro Email Security.

6. Under Mode, select “Enforce” then click the Save button. Congratulations! You have completed the deployment process. Microsoft Office 365 is now secured by Trend Micro Email Security.

Date post:	23-Dec-2021
Category:	Documents
Upload:	others
View:	3 times
Download:	1 times

Trend Micro™ Email Security Integration with Microsoft ...

Documents