Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Outbound Emails sent from Sophos" Connector Failed to Setup

I am attempting to setup Sophos Mailflow for a O365 tenant with Microsoft Basic Business licenses. The "Outbound Emails sent from Sophos" inbound connector fails to enable and when I try to enable it manually I get the error: 

Error executing request. For this service offering, you can't enable an inbound connector. Please contact Support to enable it. Organization '0f4eda73-53b3-4e46-ad7f-aec9d9ff6dad', Service Offering: 'O365_BUSINESS_ESSENTIALS'.

Apparently Microsoft made an unannounced change, that took affect 01/01/2023, restricting admins from activating newly-created inbound connectors for new tenants. This change affects the following SKUs:

 
Microsoft 365 Business Standard
Microsoft 365 Business Basic
Exchange Online Essentials

These connectors are created as “Disabled” by default. Customers that experience this behavior must contact Microsoft support with a business justification to enable an Inbound connector of OnPremises type within their tenant.

I have opened a ticket with Microsoft to enable the connector. I will update this post with my experience and steps.

https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/inbound-connector-faq



This thread was automatically locked due to age.
Parents
  • Update:

    After conversing with two different Microsoft Reps by both myself and a colleague, for over a week, the connector has been turned on.  However, I believe the Microsoft rep that I was dealing with nor the rep my colleague is dealing has a clue that this was done. At 3:30am CST, my colleague received a test email he sent 4 days ago to himself from one of the mailboxes that is protected by Sophos Email. We checked the inbound connector in O365 and it was enabled now. Neither of us have yet to receive any communication from our respective Microsoft reps informing us of anything.

    The last communication I received from my Microsoft rep was yesterday at 4:30pm EST stating "We have shared your concern regarding inbound connector with the engineering team and we haven't received any update on the same. I will update you once we received any update regarding your query."

    I am going to inquire upon Microsoft what are the "proper" steps to have an inbound connector of the sort enabled in the future without a back and forth with support for over a week.

    Stay tuned.

  • For information: Seem it's a "security feature" which was implemented by Microsoft for a few months ago, that you're not allowed to create an inbound connector. Just the activation must done via Microsoft Support.
    techcommunity.microsoft.com/.../3727793

  • Yes, I am familiar with the "security feature" Microsoft implemented. My issue is it took over a week to get Microsoft support to enable the connector. Several emails back and forth, remote sessions, and two Microsoft support reps later the connector was enabled without notice around 3:30am.

    This isn't practical for deploying Sophos Email Security. I work for an MSP and we deploy Sophos Email to almost every customer. I am WAY behind on deployments because of the effort and time that went into getting the connector enabled for this one deployment. I really hope Sophos can and will make adjustments to Sophos Mailflow configuration so that we don't have to involve Microsoft support. The reason we love Sophos Mailflow so much is we don't have involve the customer's webmaster or whomever manages their domain registrar to deploy Sophos Email. Having to deal with Microsoft support now completely negates this benefit.

Reply
  • Yes, I am familiar with the "security feature" Microsoft implemented. My issue is it took over a week to get Microsoft support to enable the connector. Several emails back and forth, remote sessions, and two Microsoft support reps later the connector was enabled without notice around 3:30am.

    This isn't practical for deploying Sophos Email Security. I work for an MSP and we deploy Sophos Email to almost every customer. I am WAY behind on deployments because of the effort and time that went into getting the connector enabled for this one deployment. I really hope Sophos can and will make adjustments to Sophos Mailflow configuration so that we don't have to involve Microsoft support. The reason we love Sophos Mailflow so much is we don't have involve the customer's webmaster or whomever manages their domain registrar to deploy Sophos Email. Having to deal with Microsoft support now completely negates this benefit.

Children
  • We are facing exactly the same problem. Hopefully there will be a solution soon. Otherwise we will have to look for an alternative provider to fulfill our managed services contracts. Hornet Security is supposed to be quite good...

  • I have another customer I am deploying Sophos Email where I experienced the same issue. I tried to address the issue via support chat this time. However, I had no additional luck. Microsoft support is still approaching this as an "issue" that requires troubleshooting. I now have another case open that is being investigated by Microsoft support again.