Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

Sophos Phish Threat Direct Delivery for M365

We are happy to introduce “M365 Direct Delivery”, a new method of delivering campaign emails to the users for M365!!

M365 Direct Delivery bypasses the Microsoft spam checks and other filtering mechanisms. It injects the emails directly into the recipients' inboxes through Microsoft's Graph APIs. With M365 Direct Delivery, you no longer need to add Phish Threat domains and IP addresses to Microsoft's exception list. This not only simplifies the configuration process but also significantly improves email deliverability.

To activate M365 Direct Delivery, you'll need to complete a one-time setup. We've introduced a new settings page where you can view all the verified domains granting the proper permissions to place messages directly into the users mailbox.

I highly recommend converting existing campaigns to M365 Direct Delivery to overcome challenges presented in user training and testing.

If you have multiple domains: Please note that once the credential is created and enabled, it can be utilized across all domains within the same M365 tenant. This simplifies the process of enabling Direct Delivery for additional domains significantly. You’ll just select the same credential and enable it for each domain, without having to repeat the Microsoft authentication process.

For further details, refer to the updated documentation here:


Tom Foucha

Added documentation link
[edited by: Tom Foucha at 12:43 PM (GMT -7) on 9 Apr 2024]