Inbound Shield™
  2. Home
  4. Docs
  6. Inbound Shield™
  8. Inbound Relay integration – Office365
  10. Bypassing Microsoft Defender

Bypassing Microsoft Defender

After connecting to Trustifi’s inbound relay, you may choose to disable and/or bypass Microsoft Defender’s default protection settings. This would typically be for 2 main reasons:

  1. To avoid having emails quarantined in Microsoft after already being released from Trustifi
  2. To maintain one, centralized quarantine management platform in Trustifi instead of having to also monitor the Microsoft quarantine

We offer the following combined approach for this solution.

Disabling Microsoft Defender protections

Trustifi has developed an automated wizard to help disable the default Microsoft Defender protections. To perform this process, follow these steps:

  1. In the Trustifi admin portal, navigate to “Inbound Management” > “Plan Settings” > “Email Relay Integration“.
    Then click on the “Disable Exchange Protection” button.


  2. In the wizard window, the first step will provide general information about the process. Click on “Next” to continue.
  3. In the next step, you will configure which Exchange protections you want to disable. Choose by clicking on the check box next to each protection type. We recommend disabling all available options.
    Note: Trustifi will automatically detect if you have the “Safe links” / “Safe attachments” service in your tenant and display or hide this option accordingly.


  4. In the “Authentication and Execution” step, Trustifi will generate an authorization token for single use. This token will be used to authenticate in Microsoft, which is necessary to run the API process.
    When the token has been generated, click on the copy icon next to it to copy the icon. Then, click on the “Configure” button below to authenticate in Microsoft.


  5. In the Microsoft pop-up, first paste and enter the token you copied in the previous step.
    Then, click on “Next“.


  6. You will now need to select and sign into a global admin account in Exchange to provide the necessary permissions.


  7. After selecting a global admin account, you will be prompted to confirm the API process.
    Click “Continue” in this window.


  8. After confirming the API process, you will be able to close the Microsoft sign-in pop-up.
    Note: do not yet close the Trustifi wizard window.


  9. The “Summary” step will show a description of which Microsoft protections are about to be disabled.
    Click on “Check Configuration” to check if the process has finished.


  10. When the process has finished successfully, you will see a green confirmation text on the screen.
    If you see an error instead, check the error description to understand what went wrong. Common reasons for failure are: (1) the selected admin account has insufficient permissions, or (2) API access is disabled in Exchange.


    When the process has finished successfully, you can click on “OK” to close this window.

Bypassing Microsoft clutter

After emails have finished being scanned by Trustifi and released back to Exchange, Microsoft may run additional scanning and processing on the email via the “clutter” mechanism.
This process can delay emails being received or even cause emails to not arrive in the inbox. To avoid this, we recommend setting up a basic mail flow rule to avoid this. Follow these instructions to set up the rule:

  1. Open the Mail Flow Rules page in the Exchange Admin Center.
    Then, click to create a new rule.


  2. Give the rule a descriptive name, for example “Trustifi Inbound Bypass Clutter”.


  3. Set the condition for the rule:
    If “The Sender” > “IP addresses belong to one of these ranges


  4. Enter the following Trustifi IPs (one by one) to the condition input:
    3.93.243.176, 3.93.139.220, 54.195.145.1, 3.251.32.127
    After all of the IPs have been added, click on “Save“.


  5. Create the first action of this rule:
    Select “Modify the message properties” > “Set the spam confidence level (SCL)


  6. Select “Bypass spam filtering” for the SCL level, then click on “Save“.


  7. Click on the “+” icon next to the first action to create another rule action.
    Then, select “”Modify the message properties” > “Set a message header


  8. In the first header input, add the following:
    X-MS-Exchange-Organization-BypassClutter
    Then, click on “Save“.


  9. In the 2nd header input, add the following:
    true
    Then, click on “Save“.


  10. Click on “Next” to continue to the rule settings screen.


  11. Check the box for “Stop processing more rules“.
    Then, click on “Next“.


  12. Now you can review the rule settings to make sure everything was set up correctly.
    If everything looks OK, click on the “Finish” button to create the rule.


  13. The rule has now been created. Depending on your settings, you may need to enable it manually for the rule to take affect.
    Make sure the rule is enabled and that this new rule comes after the Trustifi inbound relay mail flow rule.

How can we help?