Skip to main content
Contact Us
My preferencesSign out
Proofpoint, Inc.

Configuring Microsoft 365 Remote Journaling

  1. Last updated
  2. Save as PDF
Situation

We created a SMTP connector to O365 on a client's Proofpoint portal and both sides show good including journal rule, but the archiving feed is not working..
Solution
  1. Setup on Proofpoint Essentials Archive
  2. Configuring an Outbound Connector on Microsoft 365
  3. Configuring a Journal Rule on Microsoft 365
  4. Confirm Data is being Archived successfully

Office 365 / O365 has been rebranded as Microsoft 365.

Microsoft 365 provides a remote journaling functionality to send a copy of all mail sent or received by members of a defined security
group to a remote SMTP address. Proofpoint provides you with the SMTP address to use for this configuration.

Proofpoint Essentials Archive Configuration

  1. From the Proofpoint Essentials UI, click Archive. If Legacy Archive is enabled on the account, a prompt will display.
  2. Select Launch Email Archive
    archive_tab.JPG             
  3. Expand Data Management and then Connections.

    clipboard_ea4c71944cd874f3d751973b0427e7621.png
  4. Click Add Connection to create a new connection. 

     clipboard_e65904203d1976184d1c9a99a3550237d.png
  5. Provide an appropriate description for the connection and set the Connection Type to SMTP (Microsoft 365).


     clipboard_e7cf852ef0cd20f8b8fc04f26b81fb3ec.png
     
  6. Enter the appropriate address in the Undeliverable Journal Address field.

Note: 

DO NOT USE: support@proofpoint.com
This is suppose to be YOUR address

This must match the email address entered in Step 5 of the section Configuring a Journal Rule on Microsoft 365. If these do not match, Remote Journaling will not function. This email address will not be Journaled and is only used for error reporting.

7. Click Next.

8. Note the SMTP Address provided as it required for the configuration on Microsoft 365. This can be viewed again later by editing the connection. 
    clipboard_e68a5ad0bca7c9c146b49103485ba122f.png

9. Click Done

For more information on Managing Connections in Microsoft 365 and other versions of exchange Click Here

Configuring an outbound connector on Microsoft 365

Prerequisite: Enable Classic Exchange admin center experience. 

Expand Navigation Button > Classic Exchange admin center

clipboard_e4c4bd999675a495c46ede9b3f0d875cf.png

 

  1. Open the Microsoft 365 Admin Center.

    exchange_admin.JPG
  2. Click the Admin Centers icon on the left-hand sidebar and choose Exchange.                                                                             
  3. In the Exchange Dashboard, under the mail flow heading, click connectors.                                                               
  4. Click the sign to add a new connector.
  5. Select Microsoft 365 for the From dropdown menu and Partner Organization for the To menu.
  6. Click Next.
  7. Enter a descriptive Name (and optionally, Description) for the connector.
  8. Tick the checkbox Turn it on to turn on the connector when it is saved. You can also edit the connector and check the box at any time.
  9. Click Next.
  10. Select Only when email messages are sent to these domains, then click + and enter the fully qualified domain name of the mail server: *.earchive.cloud  will work.
  11. Click OK to return to the connectors screen.
  12. Click Next.
  13. Select Use the MX record associated with the partner’s domain.
  14. Click Next.

Leave the default settings for the How should Microsoft 365 connect to your partner organization's email server? step and click Next

The next screen will ask that you confirm your settings. Review these settings, clicking back should you need to make any corrections. Otherwise, click Next

     confirm_settings.jpg

In the Validate this Connector step, click and enter the following address: verification@us.earchive.cloud

Note: The above address should be used.  However, this will often fail verification but has no impact on success of the connector going forward. If this step fails.  You can continue with setup and testing.

When prompted to validate the connection, click Validate and wait for the validation operation to finish.

Click Save.                                                                                                                                                                                                                                                                                                             

Configuring a Journal Rule on Microsoft 365

This step assumes you are enabling journaling for all users.

  1. From the Exchange Admin dashboard, click Journal Rules under Compliance Management.
  2. Right above the action icons, where it says Send undeliverable journal reports to:, click Select address, click Browse, and select an admin email account. This account will receive notification of non-deliverable journal reports. 

Note: This must match the address set in Step 5 of Proofpoint Essentials Archive Configuration above.

  1. Click the + sign to create a new Journal Rule. 
  2. In the Send journal reports to field, enter the SMTP address of the journaling mailbox (e.g. 5er123acd-5432-123aa0a1-d9348328b71@us.earchive.cloud)

This was provided in Step 7 of Proofpoint Essentials Archive Configuration

  1. Enter a descriptive Name for the rule (e.g. Journaling to Proofpoint Archive).
  2. From the If the message is sent to or received from... list, choose Apply to all messages.
  3. From the Journal the following messages... list, choose All messages.
  4. Click Save.
  5. When prompted to confirm that you want the rule to apply to all messages, click Yes.

Confirm Data is being archived successfully

To confirm that data is now being archived successfully please make sure to login and search the Archive with a user that has Discovery User access to all Mailboxes. 

Set Discovery User Access for User

  1. Login to the Proofpoint Essentials Admin Console as an Organization Admin.
  2. Click the Archive tab.
  3. In the Archive UI, click on the Users icon.
  4. Search for the desired user and click on the more  clipboard_e85d172f819e9cf7cdcd4d21ba253380a.png   and manage permissions next to their address to edit their settings.
  5. Click Enable Discovery User .
  6. Select the All Mailboxes radio button.
  7. Click Save.