The following instructions explain how to create a partner connector and a transport rule in Exchange Online (Microsoft 365) and how to deactivate Safe-Link in order to receive email scout reports.
Before you start the configuration, you should ensure that you are a member of the role group Organisation Management in Microsoft 365 Defender Portal and Exchange Online.
For more details on creating a partner connector and a rule in the classic EAC or the new EAC in Microsoft 365, please refer to Microsoft's documentation page, which you should read in full.
Log in to the Exchange Admin Center with your admin credentials.
Click on Mail Flow and then on Connectors.
Click on the plus sign (+) to add a connector.
Select the following:
Click on Next.
Assign a name and optionally a description for the connector (e.g. "EuropeanMX Incoming filter")
Make a note of the name of the connector, as you will need it later on!
Make sure that the setting What do you want to do after connector is saved is set to Turn it On.
Click on Next.
Select the option By verifying that the IP address of the sending server matches one of the following IP addresses, which belong to your partner organization and add the following IP address ranges via the plus sign (+), which we use for the delivery of incoming messages to your mail server:
130.117.251.9/25
185.201.16.0/22
IP sub ranges:
185.201.16.0/24
185.201.17.0/24
185.201.18.0/24
185.201.19.0/24
192.69.18.0/24
208.70.90.0/24
45.91.121.0/24
45.93.148.0/24
45.131.180.0/24
45.140.132.0/24
193.41.32.0/24
185.225.27.0/24
80.91.219.0/24
188.190.113.0/24
45.147.95.0/24
46.229.240.0/24
87.236.163.0/24
188.190.112.0/24
192.69.19.0/24
208.70.91.0/24
185.209.51.0/24
185.218.226.0/24
Click on Next.
Ensure that the option Reject email messages if they aren't sent over TLS is active and click on Next.
Check all settings again and then click on Create Connector.
Click on Done.
Log in to the Microsoft 365 Defender Security Portal with your admin access data.
Select the option Policies & Rules in the left-hand menu under Email & Collaboration.
Click on Threat Policies.
Now go to the area Rules and select the option Enhanced Filtering.
Now select the name of the connector that you created in step 1.
Click on the option Skip these IP addresses and enter the following IP address ranges:
185.201.16.0/22
192.69.18.0/24
208.70.90.0/24
45.91.121.0/24
45.93.148.0/24
45.131.180.0/24
45.140.132.0/24
193.41.32.0/24
185.225.27.0/24
80.91.219.0/24
188.190.113.0/24
45.147.95.0/24
46.229.240.0/24
87.236.163.0/24
188.190.112.0/24
192.69.19.0/24
208.70.91.0/24
185.209.51.0/24
185.218.226.0/24
130.117.251.9/25 (After adding, the IP address may change to 130.117.251.0/25. This is okay as both IPs belong to the same subnet.)
199.115.117.7/32
46.165.223.16/32
94.75.244.176/32
You must click on the IP address that matches the address entered for it to be added successfully.
Under Apply to theses users, select the option Apply to Entire Organisation.
Click on Save to save the settings.
An error when setting up the Partner Connector can result in messages from EuropeanMX not being delivered to the Microsoft servers.
In order to use the EuropeanMX inbound spam filter, the MX records of your domain must be replaced with the following records. Backup servers should not be used here, as spammers would otherwise have the opportunity to deliver spam messages directly to the backup server.
Global (recommended)
10 mx1.europeanmx.eu.
20 mx2.europeanmx.eu.
30 mx3.europeanmx.eu.
40 mx4.europeanmx.eu.
For redundancy reasons we recommend using our global data sets.
European Union
10 eu.mx1.europeanmx.eu.
20 eu.mx2.europeanmx.eu.
30 eu.mx3.europeanmx.eu.
40 eu.mx4.europeanmx.eu.
The numbers 10 - 40 represent the respective priority. Please pay attention to the dots at the end of the destination entry. Depending on the provider, these may be mandatory.
These 4 entries should be the only ones of type MX, others may have to be deleted. It is best to make a note of the original MX entries so that you can restore them later. If you have problems saving the MX entries, please contact your provider.
You can find more information in our FAQ entry "What are MX records and which ones should be used for incoming filtering?".
By using EuropeanMX and Microsoft 365, all links in incoming messages are scanned by Microsoft Advanced Threat Protection. However, when scanning the email scout reports, the tool triggers the links that are present in the reports, e.g. to approve and train messages or block senders. You can deactivate this behaviour with the following instructions:
Log in to the Exchange Admin Center with your admin access data.
Go to Mail flow and then to Rules.
Enter a name, e.g. EuropeanMX ATP ESR bypass, in the dialogue box Set rule conditions .
Now make the following settings:
![[EN]](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAB4AAAAUCAYAAACaq43EAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyRpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMy1jMDExIDY2LjE0NTY2MSwgMjAxMi8wMi8wNi0xNDo1NjoyNyAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNiAoTWFjaW50b3NoKSIgeG1wTU06SW5zdGFuY2VJRD0ieG1wLmlpZDpERTc5MkI3RjE3OEExMUUyQTcxNDlDNEFCRkNENzc2NiIgeG1wTU06RG9jdW1lbnRJRD0ieG1wLmRpZDpERTc5MkI4MDE3OEExMUUyQTcxNDlDNEFCRkNENzc2NiI+IDx4bXBNTTpEZXJpdmVkRnJvbSBzdFJlZjppbnN0YW5jZUlEPSJ4bXAuaWlkOkEyMTE0RjIyMTc4QTExRTJBNzE0OUM0QUJGQ0Q3NzY2IiBzdFJlZjpkb2N1bWVudElEPSJ4bXAuZGlkOkRFNzkyQjdFMTc4QTExRTJBNzE0OUM0QUJGQ0Q3NzY2Ii8+IDwvcmRmOkRlc2NyaXB0aW9uPiA8L3JkZjpSREY+IDwveDp4bXBtZXRhPiA8P3hwYWNrZXQgZW5kPSJyIj8+60cYSwAAAyhJREFUeNrElN1PU3cYxz/tOQUBD/aNymtbUAq2IOiUWXmZA40Iy2BzcW53y7JlyZLtZuE/8NaY7Gbe7WJbdJnTDOdQCbLKrERUotgCSodQ7AsFpK28yKT7rfsL2gv7JCcn+eV3zpPv5/l+H9X2xp65SqtJGfr1Fg3vNPD02SIhfwRniwP3pdvsOVxPaCHGs7+DOA/VJs8crXXEs3P48OfTfMIcU+SRaqlMzm8SNut2VuefIxvyydZIxFbWyX35iviLNZRiPZJaxdLyCkoiQUyc6cwFTPvC9FRkcbJMy7JaTrmxHIuvxaZm5xW7+Jl3NkKRaRt5OVlMjvuoqa9gwr9AgS4PvTYP78hjdtVVEAw9J+Kdxv7Td+hL8tGTeslGg8Jeexk3/riLs62O+cU441NBDjbZGbg+SlNbPYvRF9zzzHCoycFA/yhvCtRqnZbr5a1YEjGm5S2po1ZXfRHVaCTlWLODq24v1eWFGPVbuXH5Dh3vORm88xhziR5zoZ5rl9y0dx/ggS/EzGSQs5Ua3s39h7CUlbri0mKdUGzmijBXqzBXYH4Z931fsmlf7zBvd+wjIigMDI/TcbyRvt+GOSgUZ62uU3S2h8IdRgrTQK1S2T6PyhpZ+aB9LxcF2hpbCUUF27hy4S+Of/wWfUMeykuNVIin9/xNuj9qYWR8juknIc5szNC1voA/DdSypayAhlor57/vp/NEC7OBRfpveek+0cwvP/7JsfedhEWcLg8+pOtkMxfOuTjc5WSrSc+S6ymSQYtGyk5dsVT9/4zbhZmu3Z5IztggXOwSZjvSuZ+hUR9mEan/KAz+PkJb5z7GngSYdXu46T9Ho3EL6ZSKnZ9Fax0W5aFrDNuB6mROA6El7BYTnns+bPt3srK2gV+QcIjIPRLzrxL3ZkLLfB0c40udRCAd1EfFNioxaSG+Sl2NmchSnCKjwh6HBWlzk/rd1uTyMOTn8MbuctRiieyqLKbKbqXs4gSvQmFephOnRCIRFW+F11yyp/3TtD/eSKjYTM4rjcZh110yUZlDPfnVqcwovkppRhRnDrX/2x+UjKDuJXcuE4r/FWAAjBMttNdoYOEAAAAASUVORK5CYII=){kind=small}
List-Unsubscribe in the first text input field.lazaretto in the second text input field.X-MS-Exchange-Organization-SkipSafeLinksProcessing in the first text input field.1 in the second text input field.Now define the rule settings suitable for your organisation and then click on Next.
Check the settings in the overview and then click on Next to apply the settings.