Summary: This article explains how to ensure that Microsoft 365 will correctly accept mail from DuoCircle email services such as Email Gateway, Backup MX and Email Forwarding.  Creating a Partner Connector, configuring the Enhanced Filtering settings for it and setting up DuoCircle as a Trusted Arc Sealer are all required for correct evaluation of SPF/DKIM/DMARC by M365


IMPORTANT: This may take up to 24 hours to fully propogate the Microsoft environment, please plan accordingly. 


The following steps begin with logging into https://admin.exchange.microsoft.com using credentials authorized to make enterprise-wide email configuration changes.


1.  Create a Partner Connector


In the Exchange admin center (https://admin.exchange.microsoft.com/#/connectors), navigate to Mail Flow -> Connectors, and click on “Add a connector”



Configured your connector as a “Partner Organization”:


Name the connector “PhishProtection Inbound”, and optionally add notes:



When prompted, enter ALL of the IPs from ( https://support.duocircle.com/support/solutions/articles/5000524218-ip-addresses-for-firewalls)






Accept the remaining defaults to complete adding the connector:



2.  Upgrade to Enhanced Connector


Once the connector is saved, visit https://security.microsoft.com/skiplisting, to upgrade the connector to an Enhanced Connector. 


Click on the connector, and under “IP addresses to skip”, enter all of the IPs found at https://support.duocircle.com/support/solutions/articles/5000524218-ip-addresses-for-firewalls




3.  Add Trusted Arc Sealer


DuoCircle performs Arc-Sealing on relayed messages using the signing name 'mailhop.org'.  This needs to be added to the list of Trusted Arc Sealers in your tenant configuration. Refer to Microsoft's own instructions here for details: https://learn.microsoft.com/en-us/defender-office-365/email-authentication-arc-configure




Notes:

Example screen image of a configured Partner Connector




More information about connectors


https://www.undocumented-features.com/2019/08/13/exchange-online-protection-eop-best-practices-and-recommendations/#Enhanced_IP_Filtering_for_Connectors


https://docs.microsoft.com/en-us/Exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/enhanced-filtering-for-connectors


https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/manage-mail-flow-using-third-party-cloud