Use TLS1.2 to connect Office 365 to an on premises Exchange server
Posted on 24 April 2019 by Beaming SupportIf you want to ensure that TLS1.2 is used to connect Office 365 and an on premises Exchange server, you need to make sure that the send connector is set up correctly.
Here we will show you how to set up the Office 365 connector, but the Exchange side will need to be set up to accept TLS connections also.
Please login to Office 365 and load the Exchange Admin Centre. From there, go to ‘Mail Flow’ on the left and choose the ‘Connectors’ option at the top.
Use the + symbol to create a new connector. Choose the following options:
From: Office 365
To: Partner Organisation
Press Next
Name: Add a familiar name for the connector. EG ‘Beaming.biz connector’
Description: Add a description if you need to.
Turn on: Tick the ‘Turn on’ box.
Press Next
Connector use: Use the ‘Only when email messages are sent to these domain’ option and use the + symbol to add a domain. You can use either ‘*.beaming.biz’ or ‘beaming.biz’ format. Click OK once you have added all needed domains.
Press Next
Routing: Unless you know the smart host address, leave the default option of ‘Use the MX record associated with the partner’s domain’ ticked.
Press Next
TLS: This is the important option, make sure the ‘Always use TLS to secure the connection’ option is ticked. If you trust the other side, you can use the ‘Any Digital Certificate’ option, otherwise use the ‘Issued by a trusted certificate authority’ option.
Press Next
Summary: Make sure everything is configured as you expect and press Next.
Press Next
Validate: Here, Office 365 will attempt to validate the TLS connection. Use the + symbol and add an email address that is on the destination server. If the other side is set up correctly, Office 365 will validate the connection. If it fails, you will be able to see why it failed and have the option to save the connector anyway (if for example the other side hasn’t finished configuration yet).
This is the Office 365 side complete, so once the Exchange side has been completed, you will have TLS 1.2 securing the connection between the two servers.