A Trend Micro Integration Guide I Aug 2018

Trend Micro™ Email Security Integration with

Microsoft Office 365

» This document highlights the benefits of Trend Micro™ Email Security (TMEMS) for
Microsoft™ Office™ 365 customers and provides step-by-step instruction on
integration.
TABLE OF CONTENTS

Introduction 3

Benefits from Combining TMEMS and Office 365 4

Understanding How Email Flows Works 5

Inbound Email Set Up 6

Outbound Email Set Up 18

Page 2 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
INTRODUCTION

Office 365 is Microsoft’s cloud solution for accessing email, calendar, and Microsoft office tools.
Office 365 allows organizations to host their entire email architecture at an off-site location,
and it allows Microsoft to manage all the day-to-day aspects of your organization’s email.

Trend Micro has designed Trend Micro™ Email Security (TMEMS) for customers who are using
either cloud-based or onsite email.

Unlike traditional onsite email solutions where a simple cable could be moved in order to add a
layer of protection, cloud-based solutions require a different approach. This document
highlights the benefits of TMEMS for Office 365 customers, as well as step-by-step instruction
on integration. This integration guide assumes a functioning Office 365 deployment.

Page 3 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
BENEFITS OF COMBINING TREND MICRO™ EMAIL SECURITY AND OFFICE 365

Moving your mail to the cloud does not mean you have to reduce your security. By integrating
Trend Micro™ Email Security with Microsoft Office 365, you can now have the best of both
worlds ̶ true enterprise email security with the convenience of the cloud.

TMEMS can provide the following features to enhance your Office 365 email security:
 Layered protection: Provides protection on phishing, spam, and graymail with multiple
techniques, including sender reputation, content and image analysis, machine learning, and
more.
 Email fraud protection: Protects against Business Email Compromise (BEC) with enhanced
machine learning, combined with expert rules, analyzing both the header and content of
the email
 Cloud sandboxing: Includes cloud sandboxing for automatic in-depth simulation and
analysis of potentially malicious attachments in a secure virtual environment hosted by
Trend Micro. Cloud sandbox leverages proven Trend Micro™ Deep Discovery™ sandboxing
technology, which has achieved a “Recommended” rating by NSS Labs.

Adding TMEMS on top of Microsoft Office 365 offers enhanced security, especially with spear-
phishing and targeted attack protection, providing you with an additional layer of security
against advanced malware and zero-day exploits.

Page 4 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
UNDERSTANDING HOW EMAIL FLOW WORKS

In order to better understand how TMEMS works in conjunction with Microsoft Office 365,
the path the email message takes must first be understood.

1. An email is initiated from one organization to the other. Let’s say an email from
someone at Trend Micro to someone at Example.com is sent.

2. The Trend Micro mail server will look up the MX record of Example.com. This record
will contain the Domain Name or IP address of the first hop in Example.com’s email
architecture. This first hop is the first level of inspection that Example.com wants
performed on their email.

3. Since Example.com is using Trend Micro Email Security, this will be the first hop for the
inbound email.

4. TMEMS then inspects the email via Trend Micro’s world class email and web
reputation service for threats such as:
a. Spam
b. Phishing
c. Viruses
d. Spyware

Page 5 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
 5. If the email passes the TMEMS checks, it is then sent to Example.com’s next hop,
which is their Microsoft Office 365 cloud email server.

6. After further processing by Microsoft Office 365, the email is then sent to the
recipient’s mailbox.

INBOUND EMAIL SET UP

Configuring your Trend Micro Email Security Settings

1. Configure the corresponding inbound settings in Trend Micro Email Security to route
emails sent to your domain to Office 365.
a. Log into the TMEMS main page
b. From the above column click on the following:
i. Domains
ii. Add
c. For the domain that is being routed:
i. Input the IP address or host name of your
Office 365 Server in the “Inbound Servers” field.
This can either be found by performing an
nslookup or through the user interface in
Microsoft Office 365.
Note: Microsoft generates MX records for your
domains when you set them up in Exchange
Online.
ii. Input the Port for your Office 365 server.
(Normally, it’s port 25)
iii. Input the preference for your server
(sometimes referred to as distance, is a value
from 1 to 100.)
d. Click “Add Domain” to save your setting.

Page 6 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
Configuring Microsoft Office 365 Settings

1. Log into your Microsoft Office 365 administrator center account

Page 7 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
 a. Click on ADMIN from navigation menu

b. Then Exchange under Admin Centers

c. Then mail flow from left navigation

d. Then connectors from top navigation menu

Page 8 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
2. Add an Inbound Connector.

Page 9 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
3. Connectors are where you will add the information about the inbound TMEMS server.

a. Be sure to define the Connector name and the domains you want to accept.

Page 10 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
4. In the Name field, enter a descriptive name for the inbound connector.

Page 11 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
5. Choose: Use the sender’s IP address

6. In Specify the sender IP addresses range field, enter the IP address or addresses for the
organization you want to add to the safe list. This will be the IP address of the TMEMS Server.
This information is available in the welcome email (not the license registration email) or
available in this support article: http://esupport.trendmicro.com/solution/en-us/1055066.aspx.

The IP addresses in the screenshots above may be subject to change without notice, always use
information from the welcome email or support article as primary source.

Page 12 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
7. Choose the security restrictions you want:

8. Click save

Page 13 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
Point the MX record of your domain to Trend Micro Email
Security

Important! This step should be performed last to guarantee mail flow.

The MX record or Mail Exchange record is the IP address or domain name that will be
receiving your mail. This has to be the first destination of the email. In this case, it must be
the public FQDN address of the TMEMS server. This address must be configured through your
ISP or domain registrar:
1. Lower the TTL of the MX record to help increase delivery reliability
2. Migrate MX record to new TMEMS FQDN address
Add an email flow rule to bypass spam filtering

Turn off spam filtering in Exchange Online and use Trend Micro Email Security only

1. Log into your Microsoft Office 365.

2. Go to Exchange admin center page (select Admin center| Exchange from title bar).

3. Click mail flow from left navigation, select rules.

4. Select “Bypass spam filtering” from pull-down menu.

5. In the Rule window, complete the required fields.

a. Name: Turn off spam filter in Office 365.

b. Apply this rule if

i. Select The sender… | IP address is in any of these ranges or exactly matches.

ii. In the Specify IP address ranges window, enter the same IP addresses from
step 6 of INBOUND MAIL SETUP section above.

iii. Click the add icon for each range.

iv. Click ok.

c. Do the following: Set the spam confidence level (SCL) to… - Bypass spam filtering

d. Except if: Do not add an exception

e. Audit this rule with severity level: Not specified

Page 14 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
 f. Choose a mode for this rule: Enforce

6. Click Save.

Add an email flow rule to lock down Exchange Online

This accepts only emails from Trend Micro Email Security to ensure spammers cannot bypass.

1. Log into your Microsoft Office 365.

2. Go to Exchange admin center page (select Admin center | Exchange from title bar).

3. Click mail flow from left navigation, select rules.

4. Select “Restrict messages by sender or recipient …” from pull-down menu.

a. Name: “Only accept inbound mail from TMEMS”

b. Apply this rule if

i. Select The sender is located.

ii. In the select sender location window, select Outside the organization

iii. Click ok

c. Do the following: Delete the message without notifying anyone

d. Audit this rule with severity level: Not specified

e. Choose a mode for this rule: Enforce

5. In the Rule window, complete the required fields.

6. Add an exception to the allow email flow from Trend Micro Email Security

a. Click More options

b. Under Except if, click add exception

c. Select The sender… | IP address is in any of these ranges or exactly matches.

d. In the Specify IP address ranges window, enter the same IP addresses from step 6 of
INBOUND EMAIL SETUP section above.

Page 15 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
 e. Click the add icon for each range

f. Click ok

7. Click save.

Disable SPF hard fail check

This accepts the emails from Trend Micro Email Security, which may fail SPF check.

1. Log into your Microsoft Office 365.

2. Go to Exchange admin center page (select Admin center| Exchange from title bar).

3. Click protection from left navigation, select spam filter.

4. Change the advanced options of your spam policy

a. Click the spam policy to open it

b. Choose advanced options from the left navigation

c. Find SPF record: hard fail and choose Off for this option

Page 16 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
 d. Click Save for this setting

OUTBOUND EMAIL SET UP

Configure your Trend Micro Email Security Settings

1. Configure the corresponding outbound settings in Trend Micro Email Security to route
emails sent from your domain from Office 365.
a. Log into the TMEMS main page

Page 17 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
 b. From the above column click on the following:

i. Domains

ii. Special domain name

c. Check the checkbox for Enable outbound protection

d. Select checkbox button for Office 365

e. Click Save

Configure Microsoft Office 365 Settings

1. Log into your Microsoft Office 365 administrator center account

a. Click on ADMIN from navigation menu

b. Then Exchange under Admin centers

c. Then mail flow from left navigation

d. Then connectors from top navigation menu

2. Add an Outbound Connector as follows:

Page 18 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
3. Name your connector and add description.

Page 19 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
4. Choose the way you want to use this connector.

Page 20 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
5. Add TMEMS Relay FQDN to: Route email through these smart hosts

Page 21 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
 Add the fully qualified domain name (FQDN) for the purpose of relay messages to this Trend
Micro Email Security MTA. This FQDN is located in the welcome email (sent to the
administrator after you have completed Trend Micro Email Security activation process).
(http://docs.trendmicro.com/all/smb/hes/vAll/en-us/olh/gsg/activating_service.html)

6. Choose the way to connect to TMEMS.

Page 22 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
Page 23 of 28 | Trend Micro Integration Guide
Trend Micro Email Security Integration with Microsoft™ Office™ 365
7. Review your setting.

8. Add one test email to verify this connector.

Page 24 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
9. Validate this email address and save the connector.

Note: when you have more than one domains in your Office 365 system, the validation may not
succeeded for “Send test email” part. Sometimes, it’s because that the default domain is not the one you
register to TMEMS. Choose the domain which you register to TMEMS and enable outbound filter and
make it as default domain like below:

Page 25 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
After that, try to set your collector again.

10. Click save.

Add an email flow rule to use the TMEMS Outbound connector

1. Log into your Microsoft Office 365.

2. Go to Exchange admin center page (select Admin centers | Exchange from title bar).

3. Click mail flow from left navigation, select rules.

Page 26 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
4. Click “+” sign and “create a new rule”

a. Complete the following fields:

i. Name: TMEMS Outbound

ii. Apply this rule if:

1. Select “The recipient is located”, a new pop out console will show.

2. Select “Outside the organization” click ok.

3. Click “More Options” to show more conditions

iii. Do the following:

1. In the dropdown menu, mouse over to “Redirect message to” and

then select “the following connector.”

2. Select the outbound connector you created for TMEMS.

iv. Choose Mode:

Page 27 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365
 1. Select “Enforce”

v. Click save

Congratulations! You have completed the installation process. Office 365 is now secured by
Trend Micro Email Security.

Trend Micro Incorporated is a pioneer in secure content and threat management. Founded in TREND MICRO INC.
1988, Trend Micro provides individuals and organizations of all sizes with award-winning U.S. toll free: +1 800.228.5651
security software, hardware and services. With headquarters in Tokyo and operations in phone: +1 408.257.1500
more than 30 countries, Trend Micro solutions are sold through corporate and value-added fax: +1408.257.2003
resellers and service providers worldwide. For additional information and evaluation copies of
Trend Micro products and services, visit our Web site at www.trendmicro.com.

©2017 by Trend Micro Incorporated. All rights reserved. Trend Micro, the Trend Micro t-ball logo, and Smart Protection Network are trademarks or registered
trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their owners. Information contained
in this document is subject to change without notice.

Page 28 of 28 | Trend Micro Integration Guide

Trend Micro Email Security Integration with Microsoft™ Office™ 365