Configuring Microsoft365 with ExchangeDefender

If your Organization hasn't updated their SPF for Office365:

Step 1: Configuration

Your organization should have a SPF record for the domain(s) registered with Office 365. When implementing ExchangeDefender with Office 365, this record must be updated in the DNS zone for the relevant domain to include the following:

Remove: v=spf1 include: SPF.PROTECTION.OUTLOOK.COM –all
Replace with: v=spf1 include: EXCHANGEDEFENDER.COM -all


Step 2: Mail Flow

LOG IN to the Office 365 Administration Console.

Select the Admin | Exchange menu item. The Exchange Admin Center is displayed. Once displayed, in the menu on the left-hand side, CLICK 'mail flow' as shown.

Step 3: Select ‘Connectors’

Click the ‘+’ button and you’ll be greeted with the following context menu. Once you've selected 'Office365' and 'Partner Organization' click the 'Next' button.

Step 4: New Connector

ENTER the name of the connector (Can be a name of your choosing, we chose Exchange Defender for the purposes of this guide).

CLICK check box for “Turn it On”. Click NEXT -

Select the option for 'Only when email messages are sent to these domains' and click the '+' button to add the domains

Step 5: Set the Connector Scope

Put * in the domain name field and hit the 'Ok' button.

Step 6: Route Email

SELECT 'Route email through these smart hosts' and then hit the '+' button.

Step 7: Add a Smart Host

Add a smart host. Add 'outbound.exchangedefender.com' as you see it below.

Once you've entered the smart host hit the 'Save' button. From there you'll be taken to the TLS screen. Keep all options default as shown in the screenshot below. Click NEXT. Add a smart host. Add 'outbound.exchangedefender.com' as you see it below.

Step 8: Validate Settings

Validate your settings. NEXT , validatethat the connector works properly, so hit the '+' button to add a specific email to test it on. Click OK Hit VALIDATE.

Microsoft365 and ExchangeDefender Connection Filtering

Microsoft365 (Office365) can at times, typically during high load or attack on the tenant, randomly block partner organizations from connecting to deliver email. In order to work around this issue, you need to follow the following steps.

Step 9: M365 Admin Center

Login to Microsoft 365 admin center which is located at https://go.microsoft.com/fwlink/?linkid=2081615

Step 10

On the left toolbar under "Admin centers"

Step 11: Exchange Admin Center

You will be redirected to the "Exchange admin center" site. Click on Protection.

Step 12: Connection Filter

Look across the top and click on "connection filter"

Step 13

Click on "Default" then click on the pencil icon above it (to Edit)

Step 14

You will now be on the Default connector screen. Click on "connection filtering"

Step 15

Under "IP Allow list" you will see a + icon. Click on the + icon to add an allowed IP address. Type in

Step 16

Click on OK.

Step 17: IP Allow list

Under "IP Allow list" you will see a + icon. Click on the + icon to add an allowed IP address. Type in

Step 18

Click on OK. Click Save.

Congratulations, you're done!

Need assistance?

ExchangeDefender is easy to reach, and we are here to help with your IT: