Whitelisting email arriving from SecurityGateway in Microsoft Office 365

To ensure that emails sent from SecurityGateway to Microsoft Office 365 as a result of its pre-filtering process are not incorrectly treated negatively or labelled as spam we would recommend that you add the SecurityGateway public IP address to Microsoft’s Office 365’s Enhanced Filtering.

It’s initially necessary to ensure you have a suitable Inbound (Receive) connector configured in Microsoft Office 365:

1. Sign into Microsoft Office 365 and click “Admin”, then “Admin Centers“, followed by “Exchange”.
2. Under “Mail Flow”, choose “Connectors”.
3. Choose “New” (the + icon).
4. Select “From: Partner Organization” and “To: Office 365”.
5. Press “Next”.
6. Give the new connector a suitable name such as “Inbound Connector from SecurityGateway” and tick “Turn it on” under “What do you want to do after connector is saved?”.
7. Press “Next”.
8. Choose “Use the Senders IP Address”.
9. Press “Next“.
10. Choose “Add” (the + icon).
11. Enter the public IP address of the network SecurityGateway resides behind.
12. Press “Ok”.
13. Press “Next”.
14. Optional: tick “Reject email messages if they aren’t sent over TLS”.
15. Press “Next”.
16. Review the settings and press “Save”.

You must now configure an Enhanced Filter for this Inbound (Receive) connector in Microsoft Office 365:

1. Sign in to Microsoft Office 365’s Security and Compliance Interface and click “Threat Management“, then “Policy”, followed by “Enhanced Filtering”.
2. Select the Receive connector you want to configure.
3. Choose “Skip these IP addresses that are associated with the connector: (If your messages pass through multiple gateways, you should include each gateway IP address)” and enter the public IP address of the network SecurityGateway resides behind.
4. Press “Save”.

This Microsoft document also describes the use and configuration of Microsoft’s Office 365’s Enhanced Filtering.