Secure a connection between O365 and Exchange server using TLS1.2

ethernet cable

Use TLS1.2 to connect Office 365 to an on premises Exchange server

Posted on 24 April 2019 by Beaming Support

If you want to ensure that TLS1.2 is used to connect Office 365 and an on premises Exchange server, you need to make sure that the send connector is set up correctly.

Here we will show you how to set up the Office 365 connector, but the Exchange side will need to be set up to accept TLS connections also.

Please login to Office 365 and load the Exchange Admin Centre. From there, go to ‘Mail Flow’ on the left and choose the ‘Connectors’ option at the top.

Use the + symbol to create a new connector. Choose the following options:

From: Office 365

To: Partner Organisation

Press Next

Name: Add a familiar name for the connector. EG ‘ connector’

Description: Add a description if you need to.

Turn on: Tick the ‘Turn on’ box.

Press Next

 Connector use: Use the ‘Only when email messages are sent to these domain’ option and use the + symbol to add a domain. You can use either ‘*’ or ‘’ format. Click OK once you have added all needed domains.

Press Next

Routing: Unless you know the smart host address, leave the default option of ‘Use the MX record associated with the partner’s domain’ ticked.

Press Next

TLS: This is the important option, make sure the ‘Always use TLS to secure the connection’ option is ticked. If you trust the other side, you can use the ‘Any Digital  Certificate’ option, otherwise use the ‘Issued by a trusted certificate authority’ option.

Press Next

Summary: Make sure everything is configured as you expect and press Next.

Press Next

Validate: Here, Office 365 will attempt to validate the TLS connection. Use the + symbol and add an email address that is on the destination server. If the other side is set up  correctly, Office 365 will validate the connection. If it fails, you will be able to see why it failed and have the option to save the connector anyway (if for example the other side hasn’t finished configuration yet).

This is the Office 365 side complete, so once the Exchange side has been completed, you will have TLS 1.2 securing the connection between the two servers.


  • Sign up and receive a guide to spotting malicious emails

  • Email phishing scams have become sophisticated. Find out what you’re up against with our guide to recognising scam emails.

  • Subscribe to the Beaming Bulletin to receive monthly cyber threat alerts, the latest bug fixes from our team & news on the tech that works best for business, and we’ll send you our Business Guide to Phishing.
    • This field is for validation purposes and should be left unchanged.