Microsoft Office 365 Setup

The below steps should assist you with creating a connector and a transport rule to route your outbound mail from Office 365 to ZixEncrypt.

ZixEncrypt Mail Flow Routing: O365

For additional details, please refer to the Microsoft Documentation site.
For a video version of this guide click here.

Create a conditional Connector:

  1. Login to Office 365
  2. Go to the “Admin Centers” > “Exchange”
  3. Go to “Mail Flow” > “Connectors”
  4. Press “+” to create a new connector and select the following
    From: Office 365
    To: Partner organization
  5. Press Next.
  6. Complete the “New Connector” as follows:
    Name: “Zix Outbound Encryption “
    Description: This connector routes all outbound email to the encryption smart host.
    Turn On: Select this option to enable the connector
  7. Press Next
  8. For “When to use Connector” select “Only when I have a transport rule setup that redirects messages to this connector”.
  9. Press Next.
  10. For “How do you want to route email” select “Route email through these smart hosts”.
  11. Click the “+” and enter the SmartHost servers from the email you received from BGG Operations, then press Save.
  12. Press Next
  13. Select the following options for “How should O365 connect to your partner”:
    Always use Transport Layer Security (TLS) to Secure the Connection (recommended)
    Issued by a trusted certificate authority (CA)
  14. Click the Next button to verify your settings
  15. Click the Next button to save the connector
  16. The next screen will be used to validate the settings
  17. Press “+” to add an external email address
  18. Add an email address of a recipient whose domain is external to your organization, you can use
  19. Click the Validate button
  20. Once Office 365 has been successfully validated, click the Save button

NOTE: If a validation test fails unexpectedly, contact for assistance.

The completed connector may look like this:

Create a Transport Rule to use the new connector:

This transport rule helps to prevents mail loops and ensures only your company’s outbound emails (ie, not external emails sent to internal distribution lists) are routed to the connector.

  1. Go to the “Admin Centers” > “Exchange”
  2. Go to “Mail Flow” > “Rules”
  3. Click the “+” and select “Create new rule” from the drop down. This will open a new window.
  4. Click “More Options” at the bottom of the screen
  5. Name the rule: Zix Encryption Rule
  6. Select the following options:
    1. Under “Apply this rule if”
    2. Select “The recipient…” > “is external/internal” -> “Outside the Organization”
    3. For Adding a single user, follow these steps
      1. Press Add Condition
      2. Select “The Sender is…” > “this person”
      3. Click on “Select people…” > Select the user.
      4. Under “Do the following”
      5. Select “Modify the message properties” > “set a message header”
    4. For Adding More than a single user, follow these steps, we suggest you set up a Security Group in Exchange Admin Center, then
      1. Press Add Condition
      2. Select “The Sender is…” > “a member of this group”
      3. Click on “Select group…” > Select the group.
      4. Under “Do the following”
      5. Select “Modify the message properties” > “set a message header”
    5. e. For Adding All users, follow these steps
      1. Under “Do the following”
      2. Select “Modify the message properties” > “set a message header”
      3. Set the message header ‘routeto’ to the value ‘zixserver’
  7. Press Add Action
  8. Select “Redirect the Message to” -> “the following connector” -> “Zix Outbound Encryption”
  9. Under “Except if…
  10. Press Add Exception
    a. Select “The sender..” > “is external/internal” -> “Outside of the organization”
  11. Press Add Exception
  12. Select “A message header” > “includes any of these words” -> ‘routeto’ header includes ‘zixserver’
  13. Press Save
  14. Open the rule and set the rule “Priority” to “0” (zero) if it isn’t already
  15. Click Save
  16. Lastly, Make sure the rule is set to “On”.

The completed transport rule may look like this:

The rule should take effect within 5 – 15 minutes, but can take up to an hour during busy periods on Exchange Online.