Update Microsoft Secure Score when using M365 Mailflow.


I have noticed that when using the M365 mailflow, that the actions need to be manually mitigated. Is there a outline of all the actions that can be marked as resolved when setting up Mailflow? Can the integration automatically update the score if possible?

Added tags
[edited by: Raphael Alganes at 1:12 PM (GMT -7) on 19 Oct 2023]
    Thank you for posting into the Community forum.
    I do not think there is a document yet outlining what happens when setting up mailflow.
    Basically here's a general outline:
    1. An M365 admin gives permission for Sophos to configure M365 so Mailflow can function with its environment. Involves permission to create rules and connectors in M365.
    2. Rules are created. (3 of them) One for making the spam confidence -1 (bypass spam scan in M365) for inbound emails. The other two are for inbound and outbound routing so M365 knows when to or not to use connectors to relay the emails further.
    3. Connectors are created (4 of them) theyre to make sure that emails communications between Sophos and M365 are secure, how to route emails when coming to and from M365 and Sophos.

    It should fairly be the same as the Gateway mode just a bit more though since in mailflow it goes from: M365 to Sophos to M365.

  • I was wondering if it would be possible to setup a feature request for Sophos to update the security score, when configuring the M365 mailflow?

  • Avoid using Mailflow mode like the plague. Nearly every issue we have is due to Mailflow mode. If you can use Gateway mode, this is the way to go.