Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Outbound Emails sent from Sophos" Connector Failed to Setup

I am attempting to setup Sophos Mailflow for a O365 tenant with Microsoft Basic Business licenses. The "Outbound Emails sent from Sophos" inbound connector fails to enable and when I try to enable it manually I get the error: 

Error executing request. For this service offering, you can't enable an inbound connector. Please contact Support to enable it. Organization '0f4eda73-53b3-4e46-ad7f-aec9d9ff6dad', Service Offering: 'O365_BUSINESS_ESSENTIALS'.

Apparently Microsoft made an unannounced change, that took affect 01/01/2023, restricting admins from activating newly-created inbound connectors for new tenants. This change affects the following SKUs:

 
Microsoft 365 Business Standard
Microsoft 365 Business Basic
Exchange Online Essentials

These connectors are created as “Disabled” by default. Customers that experience this behavior must contact Microsoft support with a business justification to enable an Inbound connector of OnPremises type within their tenant.

I have opened a ticket with Microsoft to enable the connector. I will update this post with my experience and steps.

https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/inbound-connector-faq



This thread was automatically locked due to age.
Parents
  • I am now working with another customer who we are deploying Sophos Email for and having the same issue. After a month of back and forth with Microsoft support, I was told the following:

    "I got some response from our Senior Support engineer regarding for your Inbound Connector.

    Since the setup is involves Third Party connector, we are asking for a unique certificate domain name added as an accepted domain on their tenant.

    Please see this article: Scenario Integrate Microsoft 365 or Office 365 with an email add-on service | Microsoft Learn"

    In the link, there is a step to add a unique certificate domain, that Sophos would need to provide, to the M365 tenant. Of course there is a domain verification step next that would require us to add a TXT or MX record to the Sophos provided domain.

    I am really not happy with going back to the Sophos Mail Gateway setup as a resolve to have both inbound and outbound filtering per the Sophos article  mentioned. The Sophos Mailflow setup was so much easier and less disruptive to deploy.

Reply
  • I am now working with another customer who we are deploying Sophos Email for and having the same issue. After a month of back and forth with Microsoft support, I was told the following:

    "I got some response from our Senior Support engineer regarding for your Inbound Connector.

    Since the setup is involves Third Party connector, we are asking for a unique certificate domain name added as an accepted domain on their tenant.

    Please see this article: Scenario Integrate Microsoft 365 or Office 365 with an email add-on service | Microsoft Learn"

    In the link, there is a step to add a unique certificate domain, that Sophos would need to provide, to the M365 tenant. Of course there is a domain verification step next that would require us to add a TXT or MX record to the Sophos provided domain.

    I am really not happy with going back to the Sophos Mail Gateway setup as a resolve to have both inbound and outbound filtering per the Sophos article  mentioned. The Sophos Mailflow setup was so much easier and less disruptive to deploy.

Children
No Data