Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 25 replies
  • Answers 1 answer
  • Subscribers 21 subscribers
  • Views 18649 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

"Outbound Emails sent from Sophos" Connector Failed to Setup

it_samurai

I am attempting to setup Sophos Mailflow for a O365 tenant with Microsoft Basic Business licenses. The "Outbound Emails sent from Sophos" inbound connector fails to enable and when I try to enable it manually I get the error: 

Error executing request. For this service offering, you can't enable an inbound connector. Please contact Support to enable it. Organization '0f4eda73-53b3-4e46-ad7f-aec9d9ff6dad', Service Offering: 'O365_BUSINESS_ESSENTIALS'.

Apparently Microsoft made an unannounced change, that took affect 01/01/2023, restricting admins from activating newly-created inbound connectors for new tenants. This change affects the following SKUs:

 
Microsoft 365 Business Standard
Microsoft 365 Business Basic
Exchange Online Essentials

These connectors are created as “Disabled” by default. Customers that experience this behavior must contact Microsoft support with a business justification to enable an Inbound connector of OnPremises type within their tenant.

I have opened a ticket with Microsoft to enable the connector. I will update this post with my experience and steps.

https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/use-connectors-to-configure-mail-flow/inbound-connector-faq



This thread was automatically locked due to age.
Parents
  • +1

    11-May-2023 - To update everyone on this thread. Since last week Microsoft Product Management Team and the Sophos Management Team have been engaged in discussions and plans to fix this for Sophos customers. Microsoft made the change to protect their environment and customers from bad actors creating IP based connectors, dumping a bunch of spam and then tearing down those connectors. Like it or not they did this with good intentions. Sophos was not aware of the change and as a result it has impacted many of you. 

    So what is being done about it? We are in the process of getting an IP exemption rule in place at Microsoft for a time period while we build customer specific certificate based connectors. This requires Sophos to develop the infrastructure and processes required to issue our customers domain based certificates. This process will likely take 6-9 months for development, QA and field testing. During that time the IP exception will be in place so MFR will operate as before.

    When? As mentioned I am in communication daily with Microsoft about getting this exemption rule in place and as soon as we have validated it is working I will update this community.

    We appreciate your understanding and cooperation as we work through this.

    Regards,

    Tom Foucha

    Sr. Director Product Management - Messaging

Reply
  • +1

    11-May-2023 - To update everyone on this thread. Since last week Microsoft Product Management Team and the Sophos Management Team have been engaged in discussions and plans to fix this for Sophos customers. Microsoft made the change to protect their environment and customers from bad actors creating IP based connectors, dumping a bunch of spam and then tearing down those connectors. Like it or not they did this with good intentions. Sophos was not aware of the change and as a result it has impacted many of you. 

    So what is being done about it? We are in the process of getting an IP exemption rule in place at Microsoft for a time period while we build customer specific certificate based connectors. This requires Sophos to develop the infrastructure and processes required to issue our customers domain based certificates. This process will likely take 6-9 months for development, QA and field testing. During that time the IP exception will be in place so MFR will operate as before.

    When? As mentioned I am in communication daily with Microsoft about getting this exemption rule in place and as soon as we have validated it is working I will update this community.

    We appreciate your understanding and cooperation as we work through this.

    Regards,

    Tom Foucha

    Sr. Director Product Management - Messaging

Children
Unfiltered HTML