Trend Micro Integration Guide I April 2020

Trend Micro™ Email Security Integration

with Microsoft™ Office 365

This document highlights the benefits of Trend Micro™ Email Security for
Microsoft™ Office 365 customers and provides step-by-step instruction on
integration.
Copyright ©2020 by Trend Micro Incorporated. All rights reserved.

Trend Micro, the Trend Micro t-ball logo, Trend Micro Security, and TrendLabs are trademarks or registered
trademarks of Trend Micro Incorporated. All other product or company names may be trademarks or registered
trademarks of their owners.

The names of companies, products, people, characters, and/or data mentioned herein are fictitious and are in no
way intended to represent any real individual, company, product, or event, unless otherwise noted. Information in
this document is subject to change without notice.

Page 2 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
Table of Contents
Introduction......................................................................................................................................... 4

Benefits of Combining Trend Micro Email Security and Microsoft Office 365 ........................................ 4

Understanding How E-mail Flow Works ............................................................................................... 5

Inbound Mail Setup ............................................................................................................................. 6

Configuring Trend Micro Email Security Settings .............................................................................. 6

Configuring Microsoft Office 365 Settings......................................................................................... 7

Point the Domain’s MX Record to Trend Micro Email Security ........................................................ 10

Rule 1: Rule to bypass spam filtering .............................................................................................. 11

Rule 2: Rule to lock down Exchange Online .................................................................................... 12

Rule 3: Disable SPF Checking of Microsoft Office 365 ...................................................................... 13

Outbound Mail Setup......................................................................................................................... 14

Configure Trend Micro Email Security Settings ............................................................................... 14

Configure Microsoft Office 365 Settings ......................................................................................... 14

Add an E-mail Flow Rule to Use the TMEMS Outbound Connector ................................................. 18

Page 3 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
Introduction

Microsoft Office 365 is a cloud solution for accessing e-mail, calendar and Microsoft Office tools. It
allows organizations to host their entire e-mail architecture at an off-site location.

Trend Micro has designed Trend Micro Email Security for customers who are using either cloud-based or
on-site e-mail.

Unlike traditional on-site e-mail solutions where a simple cable could be moved in order to add a layer
of protection, cloud-based solutions require a different approach. This document highlights the benefits
of Trend Micro Email Security for Microsoft Office 365 customers, as well as step-by-step instruction on
integration. This integration guide assumes a functioning Microsoft Office 365 deployment.

Benefits of Combining Trend Micro Email Security and Microsoft Office 365
Moving your e-mail to the cloud does not mean you have to reduce your security. By integrating Trend
Micro Email Security with Microsoft Office 365, you can now have the best of both worlds.

Trend Micro Email Security can provide the following features to enhance your Microsoft Office 365 e-
mail security:
 Layered protection: Provides protection on phishing, spam and graymail with multiple techniques
including sender reputation, content and image analysis, machine learning, and more.
 E-mail fraud protection: Protects against Business Email Compromise (BEC) with enhanced machine
learning, combined with expert rules, analyzing both the header and content of the e-mail.
 Cloud sandboxing: Includes cloud sandboxing for automatic in-depth simulation and analysis of
potentially malicious attachments in a secure virtual environment hosted by Trend Micro. Cloud
sandbox leverages proven Trend Micro™ Deep Discovery sandboxing technology, which has
achieved a “Recommended” rating by NSS Labs.

Adding Trend Micro Email Security on top of Microsoft Office 365 offers enhanced security, especially
with spear-phishing and targeted attack protection, providing you with an additional layer of security
against advanced malware and zero-day exploits.

Page 4 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
Understanding How E-mail Flow Works

The figure below shows the flow of messaging traffic from the Internet, through the Trend Micro Email
Security Servers and then to the Microsoft Office 365 Severs.

1. An e-mail is initiated from one organization to the other. Let’s say an e-mail from someone at
Trend Micro to someone at example.com is sent.

2. The Trend Micro mail server will look up the MX record of example.com. This record will contain
the Domain Name or IP address of the first hop in example.com’s e-mail architecture. This first
hop is the first level of inspection that example.com performed on their e-mail.

3. Since example.com is using Trend Micro Email Security, this will be the first hop for the inbound e-
mail.

4. Trend Micro Email Security then inspects the e-mail via Trend Micro’s world class e-mail and web
reputation service for threats such as:
a. Spam
b. Phishing
c. Viruses
d. Spyware

5. If the e-mail passes the Trend Micro Email Security checks, it is then sent to example.com’s next
hop, which is their Microsoft Office 365 cloud e-mail server.

6. After further processing by Microsoft Office 365, the e-mail is then sent to the recipient’s mailbox.

Page 5 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
Inbound Mail Setup

Configuring Trend Micro Email Security Settings

1. Login to the Trend Micro Email Security administrator console.

2. Click Domains > Add.

3. Input the IP address or host name of your Microsoft Office 365 Server in the Inbound Servers
field. This can either be found by performing an nslookup or through the user interface in
Microsoft Office 365.
------------------------------------------------------------------------------------------------------------- -----
Note: Microsoft generates MX records for your domains when you set them up in Exchange
Online.
------------------------------------------------------------------------------------------------------------- -----

4. Input the Port for your Microsoft Office 365 server. Normally, it’s port 25.

5. Input the preference for your server which is valued from 1 to 100.

6. Click Add Domain button to save your setting.

Page 6 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
Configuring Microsoft Office 365 Settings

1. Login to your Microsoft Office 365 administrator center account.

2. On the left pane, go to Admin > Exchange. The page will be redirected to the Exchange admin
center.

3. Under Admin Centers, click mail flow from left navigation then connectors.

Page 7 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
 4. Add an inbound connector.

5. Connectors are where you will add the information about the inbound Trend Micro Email
Security server. Be sure to define the connector name and the domain you want to accept. In
the Name field, type a descriptive name for the inbound connector.

Page 8 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
 6. Choose: Use the sender’s IP address.

7. In Specify the sender IP addresses range field, enter the IP address or addresses for the
organization you want to add to the safe list. This will be the IP addresses of the Trend Micro
Email Security Server based on the region.

North America, Latin America and Asia Pacific:

• 18.208.22.64/26
• 18.208.22.128/25
• 18.188.9.192/26
• 18.188.239.128/26

Europe, the Middle East and Africa:

• 18.185.115.0/25
• 18.185.115.128/26
• 34.253.238.128/26
• 34.253.238.192/26

Page 9 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
 Australia and New Zealand:
• 13.238.202.0 /25
• 13.238.202.128 /26

8. Select “Reject email messages if they aren’t sent over TLS” option then click Next.

9. Click Save.

Point the Domain’s MX Record to Trend Micro Email Security

---------------------------------------------------------------------------------------------------------------------------- ----------
Warning: This step should be performed last to guarantee mail flow.
---------------------------------------------------------------------------------------------------------------------------- ----------

The Mail Exchange (MX) record is the IP address or domain name that will be receiving your mail. This
has to be the first destination of the e-mail. In this case, it must be the public FQDN address of the
Trend Micro Email Security Server. This must be configured through your ISP or domain registrar.

Page 10 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
 1. Lower the TTL of the MX record to help increase delivery reliability

2. Migrate MX record to new TMEMS FQDN address based on the region:

 North America, Latin America and Asia Pacific:

<company_identifier>.in.tmes.trendmicro.com

 Europe, the Middle East and Africa:

<company_identifier>.in.tmes.trendmicro.eu

 Australia and New Zealand:

<company_identifier>.in.tmes-anz.trendmicro.com

Rule 1: Rule to bypass spam filtering

This rule ensures that only the spam filtering feature of Trend Micro Email Security will be used.

1. Login to Microsoft Office 365.

2. On the left pane, click Admin then Exchange.

3. Click mail flow from the left pane then select rules.

4. Select “Bypass spam filtering” from pull-down menu.

5. In the Rule window, complete the required fields.

a. Name: Turn off spam filter in Office 365

b. Apply this rule if

i. Select The sender… > IP address is in any of these ranges or exactly matches

ii. In the Specify IP address ranges window, enter the same IP addresses from step
7 of Microsoft Office 365 inbound connector configuration section above.

iii. Click the plus (+) icon for each range then click the OK button.

c. Do the following: Set the spam confidence level (SCL) to… > Bypass spam filtering

d. Except if: Do not add an exception

e. Audit this rule with severity level: Not specified

f. Choose a mode for this rule: Enforce

6. Click Save.

Page 11 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
Rule 2: Rule to lock down Exchange Online

This rule will only accept e-mails from Trend Micro Email Security. Therefore, all e-mails which are not
from Trend Micro Email Security will be rejected.

1. Login to Microsoft Office 365.

2. On the left pane, click Admin then Exchange.

3. Click mail flow from the left pane then select rules.

4. Select “Restrict messages by sender or recipient …” from pull-down menu.

a. Name: Only accept inbound mail from TMEMS

b. Apply this rule if

i. Select The sender is located

ii. In the select sender location window, select Outside the organization

iii. Click the OK button.

c. Do the following: Delete the message without notifying anyone

d. Audit this rule with severity level: Not specified

e. Choose a mode for this rule: Enforce

5. In the Rule window, complete the required fields.

6. Add an exception to the allow e-mail flow from Trend Micro Email Security

a. Click More options...

b. Under Except if, click the add exception button.

c. Select The sender… > IP address is in any of these ranges or exactly matches

d. In the Specify IP address ranges window, enter the same IP addresses from step 7 of
Microsoft Office 365 inbound connector configuration section above.

e. Click the plus (+) icon for each range then click the OK button.

7. Click Save.

Page 12 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
Rule 3: Disable SPF Checking of Microsoft Office 365

Since all incoming e-mails will come from Trend Micro Email Security IP addresses after provisioning is
done, it may cause Microsoft Office 365’s SPF checking to fail on the said hosts. Trend Micro Email
Security has its own SPF checking. Hence, it is recommended to disable the Microsoft Office 365’s SPF
checking.

1. Login to Microsoft Office 365.

2. On the left pane, click Admin then Exchange.

3. Click protection from the left pane then select spam filter.

4. Launch the default spam policy by clicking the edit icon to open it.

5. Choose advanced options from the left pane.

6. Find SPF record: hard fail then select Off for this option.

7. Click the Save button.

Page 13 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
Outbound Mail Setup

Configure Trend Micro Email Security Settings

1. Login to the Trend Micro Email Security administrator console.

2. Click Domains. Choose the domain that you want to configure.

3. Enable outbound protection by checking the box next to it.

4. Check Office 365.

5. Click Save.

Configure Microsoft Office 365 Settings

1. Login to your Microsoft Office 365 administrator center account.

2. On the left pane, go to Admin > Exchange. The page will be redirected to the Exchange admin
center.

3. On the left pane, click mail flow then select connectors.

Page 14 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
 4. Add an outbound connector.

5. In the Name field, type a descriptive name for the inbound connector. For example, type Trend
Micro Email Security (Outbound).

Page 15 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
 6. Select “Only when I have a transport rule set up that redirects messages to this connector”
option then click Next.

7. Select “Route email through these smart hosts” option. Click the plus (+) icon then add to the
list:

• North America, Latin America and Asia Pacific:

<company_identifier>.relay.tmes.trendmicro.com

• Europe, the Middle East and Africa:

<company_identifier>.relay.tmes.trendmicro.eu

• Australia and New Zealand:

<company_identifier>.relay.tmes-anz.trendmicro.com

Page 16 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
 8. Keep the default settings as shown in the screenshot below then click Next.

9. Review your setting. Add one test e-mail to verify this connector.

10. Validate this e-mail address and save the connector.

When you have more than one domain in your Microsoft Office 365 system, the validation may
not succeed for “Send test e-mail” part. Sometimes, it’s because the default domain is not the
one you registered to Trend Micro Email Security. It is recommended to set the registered
domain to default in Microsoft Office 365.

Page 17 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
 After that, try to set your collector again.

11. Click Save.

Add an E-mail Flow Rule to Use the TMEMS Outbound Connector

1. Login to your Microsoft Office 365.

2. On the left navigation pane, click Admin > Exchange.

3. Click mail flow from left navigation, select rules.

4. Click plus (+) icon and “Create a new rule…” then complete the following fields:

a. Name: “TMEMS Outbound”

Page 18 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365
 b. Apply this rule if:

i. Select “The recipient is located…”, a new pop-up window will appear.

ii. Select “Outside the organization”, click OK.

iii. Click “More options…” to show more conditions.

5. Do the following:

a. In the drop-down menu, mouse over to the “Redirect message to…” and then select
“the following connector”.

b. Select the outbound connector you created for Trend Micro Email Security.

6. Under Mode, select “Enforce” then click the Save button.

Congratulations! You have completed the deployment process. Microsoft Office 365 is now secured
by Trend Micro Email Security.

Page 19 | Trend Micro Integration Guide

Trend Micro™ Email Security Integration with Microsoft™ Office 365