I am actually merging an Office 365 tenant to another Tenant.
So, the source tenant is using Sophos with a rule to bypass EOP for all messages coming for all users. (As proposed by the Sophos Documentation)
Now, this rule to bypass EOP should be only applied to messages for one domain coming from Sophos.
I know that the protected domain can be added in the rule as a filter. But, it is not secure for emails that could be droped directly to Office 365 without using MX;
Could it be possible to bypass EOP with a filter based on IP addresses coming from Sophos?
Thank you for contacting the Sophos Community.
I would suggest you reach out to your Sales Engineer, regarding this specific scenario.
As you mentioned adding the domain to the connector would be insecure.