Mandatory Email TLS Mimecast and Office365

Craig Summers
Craig Summers used Ask the Experts™
on
Hi,

So we are working to configure Mandatory TLS security between 2 email domains. We have control of one, which we need to get this configured for.

They are currently using Office365 which routes through Mimecast for email filtering etc.

So my understanding of it is that we configure this on Mimecast only for incoming and outgoing mailflow, however, I am struggling to see how it works correctly, when it needs an SSL certificate from Office365 in order to work correctly?

Do we also need to configure inbound and outbound connectors for this TLS requirement on Office365?

Thanks

Craig
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2015
Distinguished Expert 2018

Commented:
You dont need a SSL certificate "from Office 365", you simply need to provide the certificate details as explained here: https://support.office.com/en-us/article/how-exchange-online-uses-tls-to-secure-email-connections-in-office-365-4cde0cda-3430-4dc0-b489-f2c0736c929f

Author

Commented:
Ok that part I've done. So do I only need to configure the TLS settings on Mimecast, or on both Mimecast and Office365 as Office365 is where the email would see the certificate?
Most Valuable Expert 2015
Distinguished Expert 2018

Commented:
You need it on both sides if you want to enforce TLS for both sent and received messages.
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Author

Commented:
The other company has already got it configured their end. I'm talking about just my end, we have Office365 which routes out to Mimecast before sending emails to receipients, and vice versa when people send to us it goes to Mimecast and then Office365. So with that, do I need to setup TLS on both of our Mimecast and Office365 portals? Or will just on Mimecast be sufficient?
Most Valuable Expert 2015
Distinguished Expert 2018

Commented:
You need to set it up on every hop alone the route.

Author

Commented:
OK, so both Mimecast and Office365 need inbound and outbound TLS routes configured. Thanks

Author

Commented:
I only needed to configure it on Mimecast and not Office365

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial