Secure Messaging Crypto-Gateway Configuration for Office 365

Similar documents
How to Configure Office 365 for Inbound and Outbound Mail

Microsoft Exchange Online

Setting up Microsoft Office 365

Office 365 Inbound and Outbound SMX configuration. 4 th January 2018

You can find more information about the service at

Connect the Appliance to a Cisco Cloud Web Security Proxy

SR L09 - Messaging Gateway, Encryption and Data Loss Prevention: Three Great Things Even Better Together Hands-On Lab

Office 365 Integration Guide Software Version 6.7

Android Mobile Single Sign-On to VMware Workspace ONE. SEP 2018 VMware Workspace ONE VMware Identity Manager VMware Identity Manager 3.

Copyright and Legal Disclaimers

Virtru Microsoft Protection

Deploying VMware Identity Manager in the DMZ. JULY 2018 VMware Identity Manager 3.2

Administrator's Guide

Office 365 Standalone Security

Cirius Secure Messaging Enterprise Dedicated Cloud

DEPLOYMENT GUIDE DEPLOYING F5 WITH ORACLE ACCESS MANAGER

Firepower Threat Defense Site-to-site VPNs

BIG-IP Access Policy Manager : Secure Web Gateway. Version 13.0

Step 4 - Choose Your Deployment

How to Configure Esva for Office365

Lotus Protector Interop Guide. Mail Encryption Mail Security Version 1.4

McAfee Web Gateway Administration

McAfee Web Gateway Administration Intel Security Education Services Administration Course Training

Using Trustwave SEG Cloud with Cloud-Based Solutions

Office 365 Journaling

VII. Corente Services SSL Client

Cirius Secure Messaging Single Sign-On

VMware AirWatch Cloud Connector Guide ACC Installation and Integration

VMware Workspace ONE UEM VMware AirWatch Cloud Connector

Deploy the ExtraHop Discover 3100, 6100, 8100, or 9100 Appliances

CONNX SECURITY OVERVIEW

Step 1 - Set Up Essentials for Office 365

You should not have any other MX records for your domain name (subdomain MX records are OK).

User Identity Sources

Mail Assure. Quick Start Guide

Microsoft Office 365 TM & Zix Encryption

Microsoft Exam

Deploy Webex Video Mesh

Step 1 - Set Up Essentials for Office 365

Guest Access User Interface Reference

Evaluating Encryption Products

VMware Identity Manager Cloud Deployment. Modified on 01 OCT 2017 VMware Identity Manager

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

EFOLDER SHADOWPROTECT CONTINUITY CLOUD GUIDE

HIPAA Compliance. with O365 Manager Plus.

How to Install an Ingate E-SBC in Stand-alone Firewall mode or DMZ / LAN mode for an Aastra Teleworker Solution.

To create a few test accounts during the evaluation period, use the Manually Add Users steps.

Using Trustwave SEG Cloud with Exchange Online

Exchange 2007 Journaling Guide

Administrator's Guide

Mail Assure Quick Start Guide

Deploying VMware Identity Manager in the DMZ. SEPT 2018 VMware Identity Manager 3.3

SHORETEL APPLICATION NOTE

Cisco Cloud Web Security Troubleshooting Guide

Connecting to Mimecast

Oracle Eloqua HIPAA Advanced Data Security Add-on Cloud Service

Workshare Protect Server 3.9 on Microsoft Azure. Admin Guide

How to Configure a Route-Based VPN Between Azure and a Forcepoint NGFW TECHNICAL DOCUMENT

PROTECTION. ENCRYPTION. LARGE FILES.

User Identity Sources

Configuring Your Mail Server, Time Zone, and Locale

Sophos Mobile as a Service

VMware Identity Manager Administration. MAY 2018 VMware Identity Manager 3.2

Elastic Load Balancing. User Guide. Date

CLOUD MAIL End User Guide. (Version 1.0)

VMware AirWatch Content Gateway for Linux. VMware Workspace ONE UEM 1811 Unified Access Gateway

IBM Campaign Version-independent Integration with IBM Engage Version 1 Release 3.1 April 07, Integration Guide IBM

A 2012 RD Gateway server uses port 443 (HTTPS), which provides a secure connection using a Secure Sockets Layer (SSL) tunnel.

Workshare Protect Server 3.8. Solutions Guide

Guide to Deploying VMware Workspace ONE. VMware Identity Manager VMware AirWatch 9.1

BIG-IP Access Policy Manager : Portal Access. Version 12.1

Firewall XG / SFOS v16 Beta

GSX 365 Usage Reports & Security Audit

Enterprise Vault.cloud Journaling Guide

Virtual Tunnel Interface

Enterprise Vault Setting up Exchange Server and Office 365 for SMTP Archiving and later

Elastic Load Balance. User Guide. Issue 01 Date HUAWEI TECHNOLOGIES CO., LTD.

XG Firewall. What s New in v17. Setup, Control Center and Navigation. Initial Setup Wizard. Synchronized App Control Widget.

Cisco Network Plug and Play Connect Capability Overview. Customers

Cisco Cloud Web Security

University of Chicago Medical Center. Secure Gateway. Procedure. CBIS Information Security Office

IBM emessage Version 9 Release 1 February 13, User's Guide

Configuration of Microsoft Live Communications Server for Partitioned Intradomain Federation

Integrating AirWatch and VMware Identity Manager

Guide to Deploying VMware Workspace ONE. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager 3.1

Microsoft Exchange Proxy Settings Outlook 2010 Gpo

GLBA Compliance. with O365 Manager Plus.

CipherPost Pro Enterprise Dedicated Cloud

GSX 365 Usage Usage & Compliance Reporting Collect, Analyze & Anticipate

Communication. Identity

Optimal Performance and Installation Guide

ShareFile Technical Presentation

Enterprise Vault Setting up Exchange Server and Office 365 for SMTP Archiving and later

Cisco Plug and Play Feature Guide Cisco Services. Cisco Plug and Play Feature Guide Cisco and/or its affiliates.

Secure communications simplified

Single Sign-On. Introduction

Sophos Mobile in Central

GAME Self-Service Portal

Installing and Configuring vcloud Connector

VMware AirWatch Content Gateway for Windows. VMware Workspace ONE UEM 1811 Unified Access Gateway

Transcription:

Secure Messaging Crypto-Gateway Configuration for Office 365 Contents Overview... 1 Crypto-Gateway Configuration for Outbound Messages... 2 Request Crypto-Gateway Setup for Office 365... 2 Connecting to Crypto-Gateway... 2 Configuring Office 365... 2 Create New Send Connector in Office 365... 2 Configuring DLP Rules... 5 Using an existing Rule Template... 5 Keyword Rule... 7 Routing Internal Email Secure... 8 Overview The Secure Messaging Crypto-Gateway casts a wider net for facilitating data leakage protection. It sits in-line between the mail server and Secure Messaging to offer high availability processing. For users, this translates into transparent outbound encryption, with all secure messages stored decrypted in the mail server. External guest users continue to benefit from all the same plug-ins such as Microsoft Outlook and mobile apps with the ability to store decrypted content behind their firewall in their own mail server, without any special server configurations. Figure 1 below describes the scenario of on premise email and Gateway with Cloud third party archiving. Figure 1: Secure Messaging Crypto-Gateway with Office 365 User Outlook Office 365 Exchange connector Cloud Gateway Secure Messaging Platform Secure Messaging Page 1

Crypto-Gateway Configuration for Outbound Messages The Secure Messaging Crypto-Gateway service can be used as an outbound gateway for messages. Messages are received from an Exchange Online via an Exchange Send Connector. DLP Rules within the Office 365/Exchange Online environment will route the messages to the Send Connector that will deliver the message to the Crypto-Gateway. Request Crypto-Gateway Setup for Office 365 The Crypto-Gateway servers will ignore all traffic unless the source of the traffic has been whitelisted with the service. The following information is necessary to submit Outbound Messages: IP address of sending server so we can whitelist the address Cirius can also create filter for Exchange Online servers, simply indicate that your email server is Office 365. Primary Domain and all associated domains for the company Customer Portal if different from Primary domain Once identified, this information should be submitted to support@secure-messaging.com for configuration. Once configured, the sending mail service can be configured to Gateway messages to the Crypto-Gateway. Connecting to Crypto-Gateway The connection to the Secure Messaging Crypto-Gateway service is done using SMTP via port 25. The STMP session must use the STARTTLS command to assure the SMTP messages are transmitted securely. The following table provides information to access the Crypto-Gateway services: Environment US Test Crypto-Gateway (nonproduction) US Region Crypto-Gateway CA Region Crypto-Gateway UK Region Crypto-Gateway Address n/a cr-us.secure-messaging.com cr-ca.secure-notification.com cr-uk.secure-notification.com Secure Messaging support will reply with the FQDN of the configured Crypto-Gateway environment once the setup is complete. Configuring Office 365 Create New Connector in Office 365 1. Navigate to Exchange admin center >> Mail flow >> Connectors 2. Press + to add new Connector 3. Select your mail flow scenario: a. From: Office 365 Secure Messaging Page 2

b. To: Partner organization 4. Name Connector: Secure Messaging Crypto-Gateway 5. Select box to turn it on and press Next 6. When do you want to use this connector? a. Select the first option: Only when I have a transport rule setup up that redirects messages to this connector, then press Next 7. How do you want to route email messages? Secure Messaging Page 3

b. Select: Route email through these smart hosts c. Press + sign and specify the fully qualified domain name (FQDN) or IPv4 address provided by Secure Messaging Support, then press next 8. How should Office 365 connect to your partner organization s email server? d. Select: Always use TLS e. Select: Any digital certificate, including self-signed certificates, press next twice 9. Validate Connector Secure Messaging Page 4

f. Press + and add any email address and press ok g. Press Validate button at bottom of screen h. Close confirmation screen i. Press Save 10. Connector is now setup and ready to send email to the Crypto-Gateway. Configuring DLP Rules DLP Rules are primarily compliance driven and will typically be setup by your compliance office or compliance team. The following is using existing templates only and intended as guidelines. We will setup a DLP policy template and Keyword Rules Rule following this. Using an existing Rule Template 1. Login to Exchange admin center a. Navigate to Compliance Management b. Select data loss prevention tab at top of page c. Press + symbol Secure Messaging Page 5

d. Name Policy: i.e. HIPAA e. Select relevant policy: i.e. U.S. Health Insurance Act f. Press Save (this may take a few minutes while the new rules are added to Exchange) 2. Navigate to mail flow on left of Exchange admin center 3. Your rules should now show in your rules tab, selected by default 4. Edit a rule to enable the outbound Crypto-Gateway: Secure Messaging Page 6

a. In the action drop down menu do the following leaving a policy tool tip is a preference of the individual organization: i. Select the action drop down box ii. Pick the action: Redirect the message to iii. Select: the following connector iv. Pick the Secure Messaging Crypto-Gateway connector v. Press ok vi. Press save to complete changes to the rule 5. This action should be completed for all DLP policy rules that require secure transmission of the message. 6. By default this policy group (HIPAA) and others allow an override, which may not be necessary if all other policies redirect message to be encrypted and a bypass is not an option. Keyword Rule Setting up your own keyword policy is as easy as the previous but will need to be made from a blank rule using the following steps 1. Select + symbol on tab at top of rules 2. Select: Create a new rule a. Give rule a name: i.e. Keyword Policy Secure Messaging Page 7

i. Apply Rule if ii. Select: : The subject or body includes iii. Enter a keyword: I.E. insider 1. Add as many words as required by selecting the + symbol and ok for each word iv. Audit this rule with severity level: Optional Setting 1. You can use a DLP policy with rules that do not specify any audit severity level. The severity level setting is a property of a single rule that you can change. When you don t specify a severity level, the detections that are made for that rule show up in the DLP reports as Low data points. You can change the severity level that is associated with detected messages for a specific rule by using the DLP rules editor. Learn more about editing rules at Manage DLP policies. v. Set Priority: Optional Setting 1. Determines what order this rule is run against the other vi. More options: This will allow new rule options so that you can setup the messages to go to the Crypto-Gateway if triggered. vii. Once you select more options you will be able to edit the existing rule actions. Please follow step 4 in DLP rules to complete setting up the keyword Policy 3. Once completed any email that contains a keyword in the list will be redirected to the Crypt Gateway for encryption. Routing Internal Email Secure In order to secure internal messages, they will need to be routed to the Crypt Gateway as well and an additional rule will need to be created. Secure Messaging Page 8

1. Before you create the internal message rule you will first need to add an action to each DLP or routing rule that routes email to the Crypto-Gateway. a. Add Action, Do the following b. Set the message header to this value i. Header: Secure-0365 ii. Value: True 2. Select + symbol on tab at top of rules 3. Select: Create a new rule a. Give rule a name: i.e. Internal Messages Secure i. Apply Rule if Secure Messaging Page 9

ii. Sender is located: Inside the organization iii. Do the following 1. Set the message header to the following: a. Header: Secure-0365 b. Value: True iv. Add Action v. Use the following Connector 1. Pick the connector previously created to rout email to the Crypto-Gateway vi. Create 2 exceptions (This prevents message looping between the 2 servers) vii. Except if 1. A message header Includes: a. Header: X-SecMsg-GWSMNotifcations b. Value: True 2. A Message Header Matches a. Header: Secure-0365 b. Value: True viii. Set priority to preferred value, the lower the value the higher priority will be placed on the rule. Secure Messaging Page 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback