Manage mail flow in Exchange Online deployments
Managing mail flow for Exchange Online is the easiest way of configuring mail flow because it’s all configured by default and managed by Microsoft. As such, mail flow in Exchange Online is considered a “black box” because mail flow is handled internally within Exchange Online with no assistance from Exchange Administrators. While administrators can create other connectors to improve the organization's mail flow, they have no other impact on the mail flow process.
Because mail flow in Exchange Online is designed for ease of use, the only requirements an organization must configure in an Exchange Online deployment are:
- The organization's DNS MX record must point inbound to Exchange Online.
- Internet SMTP email must be sent out directly from Exchange Online Protection to the recipient’s mail server.
Manage mail flow in Exchange Online
Managing the mail flow for Exchange Online includes the creation of connectors, accepted domains, and optional mail flow rules. These features can be created in the Exchange Admin Center and with Exchange Online PowerShell.
There are also several features to configure in the Microsoft Defender portal to control the data loss prevention filtering for email flowing through your organization and anti-spam, anti-spoofing, and anti-malware settings.
Further reading. For more information, see Mail flow best practices for Exchange Online and Office 365 (overview).
Manage connectors in Exchange Online
Exchange Online was developed in a way that mail flow is configured automatically for the most common scenarios. However, there may be scenarios where you need to create a connector. The following table provides an overview of these scenarios.
Scenario | Description | Connector required? | Connector settings |
---|---|---|---|
You have a standalone EOP subscription. | You have your own on-premises email servers, and you subscribe to EOP only for email protection services for your on-premises mailboxes (you have no mailboxes in Exchange Online). | Yes | Connector for incoming email:
Connector for outgoing email:
|
Some of your mailboxes are on your on-premises email servers, and some are in Exchange Online. | Before you manually configure connectors, check whether an Exchange hybrid deployment better meets your business needs. | Yes | Connector for incoming email:
Connector for outgoing email:
|
All of your mailboxes are in Exchange Online, but you need to send email from sources in your on-premises organization. | You don't have your own email servers, but you need to send email from non-mailboxes: printers, fax machines, apps, or other devices. | Optional | Only one connector for incoming email:
|
You frequently exchange sensitive information with business partners, and you want to apply security restrictions. | You want to use Transport Layer Security (TLS) to encrypt sensitive information or you want to limit the source (IP addresses) for email from the partner domain. | Optional | Connector for incoming email:
Connector for outgoing email:
|
Knowledge check
Choose the best response for the following question. Then select Check your answers.