"Outbound Emails sent from Sophos" Connector Failed to Setup

Question

I am attempting to setup Sophos Mailflow for a O365 tenant with Microsoft Basic Business licenses. The "Outbound Emails sent from Sophos" inbound connector fails to enable and when I try to enable it manually I get the error: Error executing request. For this service offering, you can't enable an inbound connector. Please contact Support to enable it. Organization '0f4eda73-53b3-4e46-ad7f-aec9d9ff6dad', Service Offering: 'O365_BUSINESS_ESSENTIALS'. 
 Apparently Microsoft made an unannounced change, that took affect 01/01/2023, restricting a dmins from activating newly-created inbound connectors for new tenants. This change affects the following SKUs: 
 Microsoft 365 Business Standard Microsoft 365 Business Basic Exchange Online Essentials 
 These connectors are created as &ldquo;Disabled&rdquo; by default. Customers that experience this behavior must contact Microsoft support with a business justification to enable an Inbound connector of OnPremises type within their tenant. 
 I have opened a ticket with Microsoft to enable the connector. I will update this post with my experience and steps. https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/inbound-connector-faq

Tom Foucha · Accepted Answer

11-May-2023 - To update everyone on this thread. Since last week Microsoft Product Management Team and the Sophos Management Team have been engaged in discussions and plans to fix this for Sophos customers. Microsoft made the change to protect their environment and customers from bad actors creating IP based connectors, dumping a bunch of spam and then tearing down those connectors. Like it or not they did this with good intentions. Sophos was not aware of the change and as a result it has impacted many of you. 
 So what is being done about it? We are in the process of getting an IP exemption rule in place at Microsoft for a time period while we build customer specific certificate based connectors. This requires Sophos to develop the infrastructure and processes required to issue our customers domain based certificates. This process will likely take 6-9 months for development, QA and field testing. During that time the IP exception will be in place so MFR will operate as before. 
 When? As mentioned I am in communication daily with Microsoft about getting this exemption rule in place and as soon as we have validated it is working I will update this community. 
 We appreciate your understanding and cooperation as we work through this. 
 Regards, 
 Tom Foucha 
 Sr. Director Product Management - Messaging

emmosophos · Answer

Hello there, 
 Just to let you know this is already being investigated under XGE-28188 
 This is currently under review. 
 Regards,

emmosophos · Answer

Hello Stefan, 
 Thank you for the Case ID, it seems your case is being escalated to GES, to confirm if you&rsquo;re being affected by XGE-28188 
 This is already with DEV and they have been able to replicate the issue, they are working towards a resolution.

"Outbound Emails sent from Sophos" Connector Failed to Setup

Top Replies