Mandatory Email TLS Mimecast and Office365

Hi,

So we are working to configure Mandatory TLS security between 2 email domains. We have control of one, which we need to get this configured for.

They are currently using Office365 which routes through Mimecast for email filtering etc.

So my understanding of it is that we configure this on Mimecast only for incoming and outgoing mailflow, however, I am struggling to see how it works correctly, when it needs an SSL certificate from Office365 in order to work correctly?

Do we also need to configure inbound and outbound connectors for this TLS requirement on Office365?

Thanks

Craig
Craig SummersAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
You dont need a SSL certificate "from Office 365", you simply need to provide the certificate details as explained here: https://support.office.com/en-us/article/how-exchange-online-uses-tls-to-secure-email-connections-in-office-365-4cde0cda-3430-4dc0-b489-f2c0736c929f
Craig SummersAuthor Commented:
Ok that part I've done. So do I only need to configure the TLS settings on Mimecast, or on both Mimecast and Office365 as Office365 is where the email would see the certificate?
Vasil Michev (MVP)Commented:
You need it on both sides if you want to enforce TLS for both sent and received messages.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Craig SummersAuthor Commented:
The other company has already got it configured their end. I'm talking about just my end, we have Office365 which routes out to Mimecast before sending emails to receipients, and vice versa when people send to us it goes to Mimecast and then Office365. So with that, do I need to setup TLS on both of our Mimecast and Office365 portals? Or will just on Mimecast be sufficient?
Vasil Michev (MVP)Commented:
You need to set it up on every hop alone the route.
Craig SummersAuthor Commented:
OK, so both Mimecast and Office365 need inbound and outbound TLS routes configured. Thanks
Craig SummersAuthor Commented:
I only needed to configure it on Mimecast and not Office365
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.