Cloud App Security Administration Guide for Office 365
- Cloud App Security
- Understanding Cloud App Security
- Configuring Cloud App Security
- Managing Quarantine for Office 365 and Microsoft 365
- Setting Up a Quarantine Mailbox for Office 365 and Microsoft 365 Email (Exchange Online)
- Setting Up a Quarantine Folder for Office 365 and Microsoft 365 OneDrive
- Setting Up a Quarantine Folder for Office 365 and Microsoft 365 SharePoint
- Using the Quarantine View for Office 365 and Microsoft 365 Email (Exchange Online)
- Using the Quarantine Page
- Using the Quarantined File Creator Dashboard
- Using the User Dashboard for Office 365 and Microsoft 365
- Managing Restore Requests
- Using the SonicWall Cloud App Security Dashboard
- Managing Security Events
- Managing Policies
- Understanding Cloud App Security Policies
- Creating New Policy Rules
- Stopping Policy Rules
- Removing Policy Rules
- Managing Office 365 and Microsoft 365 (Exchange Online) Mail-Flow Rules
- Managing Spam and Anti-Phishing
- Managing Spam
- Managing User-Reported Phishing
- Customizing Warning Messages
- Managing Nickname Impersonation
- Managing the Anti-Phishing Exceptions
- Using the Mail Explorer
- Working with Office 365 and Microsoft 365 Email Encryption
- Configuring and Using Click-Time Protection
- Using Cloud App Security Analytics
- Configuring Cloud Applications in the Cloud App Store
- Managing Security Applications in the Security App Store
- Managing Anomaly Exceptions
- Managing Security Tool Exceptions
- Using the System Log
- Managing Cloud App Security Licenses
- SonicWall Support
Manually Configuring Office 365 and Microsoft 365 Cloud Applications During Activation
Cloud App Security can secure cloud applications with these subscription types:
- Business
- Microsoft 365 Apps
- Education
Office 365 and Microsoft 365 Personal and Home subscription plans are not supported by SonicWallCloud App Security.
To manually configure Office 365 cloud applications during activation
-
Select the installation mode you want to use to activate the Office 365 and Microsoft 365 cloud application.
- To manually activate the Office 365 and Microsoft 365 cloud application, select Manual Mode and click Ok. (For information on how to automatically activate the Office 365 and Microsoft 365 cloud application, see Activating Office 365 and Microsoft 365 Cloud Applications.
-
Click Continue to authorize any supporting applications.
-
Select your Office 365 and Microsoft 365 account from the list and, if prompted, log in using your Office 365 and Microsoft 365 account username and password.
-
Sign into your Office 365 and Microsoft 365 business account.
-
Click the in the upper left area of the page.
-
When the Apps area appears, select Admin.
-
From the Office 365 and Microsoft 365 admin center, click Show all.
-
Scroll down to Admin centers and click Exchange.
-
On the Exchange admin center page, click compliance management > journal rules.
-
In the Send journal reports to field, enter the email address in your domain to which the journal reports should be sent.
The journal rule is used for the monitoring mode. The journal rule configures Office 365 and Microsoft 365 to send all emails to the system.
- Click Save.
-
On the Exchange admin center page, click mail flow > connectors.
-
To configure the inbound connector, select it in the list and either double-click or click the Edit icon.
-
Enter a Name and Description for the inbound connector.
- Select Turn it on if you want to connector enabled after you complete its configuration.
- Click Next.
-
Select where to the use the domain name or the IP address of the sender.
- Click Next.
-
Select the IP addresses you want to use to identify your sender.
You can also add, edit, or delete sender IP addresses on this page.
- Click Next.
-
Select Reject email messages if they aren't sent over TLS to reject any email messages from the sender that are not sent using Transport Layer Security (TLS).
You can add an additional level of security by selecting And require that the subject name on the certificate that the partner uses to authenticate with Office 365 and Microsoft 365 matches this domain name and specifying a required domain name.
-
Verify your settings for the inbound connector and click Save.
-
-
To configure the outbound connector, select it in the list and either double-click or click the Edit icon.
-
Enter a Name and Description for the outbound connector.
- Select Turn it on if you want to connector enabled after you complete its configuration.
- Click Next.
-
Set when you want the connector to be used.
-
Set how you want the email messages routed.
-
Select Always use Transport Layer Security (TLS) to secure the connection (recommended) to only connect to the email server of the email recipient is TLS is used to secure the connection. (This option is selected by default.)
You can also increase the security of the connection by requiring the presence of an email server certificate, either self-signed or issued by a recognized certificate authority.
-
Verify your settings for the outbound connector and click Save.
-
- Navigate to mail flow > rules.
Select the rule that contains “Protect” and double-click on it or click the Edit icon.
- Set the values of the fields to use the connectors that you created.
Apply this rule if…: Set the condition(s) under which the rule should be applied.
In this example, the rule is only applied to emails that originate outside the organization/domain and the email address of the recipient is within the organization/domain.
Do the following…: Specify the action(s) to be taken when the rule is applied.
In this example, the header of the email message is assigned a specific value so that processed email messages can be more easily detected and then forwarded to the outbound connector that you created.
Except if…: Specify any exceptions for when the rule’s actions should not be taken.
One of your exceptions should include Sender’s IP address is in the range… that includes the IP addresse(s) specified in your inbound connectors to prevent the email messages from being processed in an endless loop.
In this example, the actions are not taken if the email message has already been classified by Microsoft as spam (an Spam Confidence Level [SCL] greater than 5) or is a message that is identified as having been processed.
- Select Stop processing more rules to end the processing if the email message was processed by this rule.
Every time you change the scope of the inline policy (such as when you add or remove users or groups), you will need to edit the Apply this rule if… The recipient is … section.
- Click Save.
Was This Article Helpful?
Help us to improve our support portal