Summary: This article explains how to ensure that Microsoft 365 will correctly accept mail from DuoCircle email services such as Email Gateway, Backup MX and Email Forwarding. Creating a Partner Connector, configuring the Enhanced Filtering settings for it and setting up DuoCircle as a Trusted Arc Sealer are all required for correct evaluation of SPF/DKIM/DMARC by M365
IMPORTANT: This may take up to 24 hours to fully propogate the Microsoft environment, please plan accordingly.
The following steps begin with logging into https://admin.exchange.microsoft.com using credentials authorized to make enterprise-wide email configuration changes.
1. Create a Partner Connector
In the Exchange admin center (https://admin.exchange.microsoft.com/#/connectors), navigate to Mail Flow -> Connectors, and click on “Add a connector”
Configured your connector as a “Partner Organization”:
Name the connector “PhishProtection Inbound”, and optionally add notes:
When prompted, enter ALL of the IPs from ( https://support.duocircle.com/support/solutions/articles/5000524218-ip-addresses-for-firewalls)
Accept the remaining defaults to complete adding the connector:
2. Upgrade to Enhanced Connector
Once the connector is saved, visit https://security.microsoft.com/skiplisting, to upgrade the connector to an Enhanced Connector.
Click on the connector, and under “IP addresses to skip”, enter all of the IPs found at https://support.duocircle.com/support/solutions/articles/5000524218-ip-addresses-for-firewalls
3. Add Trusted Arc Sealer
DuoCircle performs Arc-Sealing on relayed messages using the signing name 'mailhop.org'. This needs to be added to the list of Trusted Arc Sealers in your tenant configuration. Refer to Microsoft's own instructions here for details: https://learn.microsoft.com/en-us/defender-office-365/email-authentication-arc-configure
Notes:
Example screen image of a configured Partner Connector
More information about connectors
https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/manage-mail-flow-using-third-party-cloud