About
This document will guide you through the configuration of Virtru Gateway rules backed by Office 365 infrastructure.
Assumptions:
- Completed Customer hosted gateway installation on your preferred platform
- Using the Virtru 365 Add-in
- Running the Customer hosted gateway in Security Rule mode
(Example)
- Mail Encryption Trigger:
- Sender is Inside the Organization
- Recipient is Outside the Organization
- Mail Flow Options:
- Office 365 > Gateway > Final Delivery
- Office 365 > Gateway > Office365> Final Delivery
Jump To:
Diagram of Standard Mailflow
Create Send Connector
Create Transport Rule
Create Virtru Encryption Rule
Diagram of Standard Mailflow
Create Send Connector
1. Login into the Admin Console - https://admin.exchange.microsoft.com/
3. Click on the “Mail flow” dropdown and select “Connectors”
4. Click “Add Connector”
- From: Office 365
- To: Partner Organization
5. Name the Connector - e.g. Virtru Gateway Outbound Scanning
- Enter a description (Optional)
6. When to use this connector
- Only when I have a transport rule setup that redirects message to this connector
7. How do you want to route email messages
- Route email through these smart hosts
- This will be the public IP or DNS name of your gateway environment
- Our Ex: 1.1.1.1
8. How should Office 365 connect to your partner organization's email server
- Always use TLS
- Issued by a trusted certificate authority (CA)
9. Validate Connector
- Connector may need to be validated
Create Transport Rule
Optional but recommended
Before enabling this rule in production we recommend scoping this rule to a specific OU/Group/subset of users for testing before rolling out to everyone.
1. Navigate to the Mail Flow Section
2. Navigate to the Rules Tab
Add New Rule
- Enter Rule Details
- Name
- Ex: Virtru Gateway Outbound Scanning
- Conditions
- The Sender is located: Inside the organization
- The Recipient is located: Outside the organization
- The Message headers matches these test patterns: "X-Virtru-Policy-Options" matches [A-Za-z0-9+/=]{10,}
- Actions
- Add Header
- Name: X-VIRTRUENCRYPT
- Value: 1
- Use the following connector: Virtru Outbound Scanning
- Add Header
- Exceptions
- If Header Exists
- Name: X-VIRTRUENCRYPT
- Value: 1
- If Header Exists
- Name
Diagram
Set rule settings to match your policy
Click review and Finish.
To relay back to Office 365 for final delivery please follow our reference article:
Customer Hosted: Relay for Office 365
Create Virtru Encryption Rule
Once the message is routed to the Virtru Hosted Gateway, a Virtru Security Rule must be created and enabled to evaluate the message and encrypt. For this feature the specific rule must be created to look for the specific X-Virtru-Policy-Options header that the add-in will create that includes the encryption policy information.
- As a Virtru admin navigate to your control center rules page here
- Scroll to the bottom to create a new custom rule
- Basic conditions
- Example Name: Encryption Control feature for Outlook Add-In
- If: SMTP header contains X-Virtru-Policy-Options
-
Then: Encrypt Email
To create additional Security Rules please follow this LINK to our general Control Center documentation.