ASD's Blueprint for Secure Cloud

Connectors

This section describes the configuration of connectors within Exchange Online associated with systems built according to guidance in ASD's Blueprint for Secure Cloud.

Estimated reading time: 2 minutes

Cloud-native configuration

Cloud-native connector configuration assumes Office 365 is not configured with a 3rd party gateway for mail flow.

Organisations that are required to route traffic through a 3rd party mail gateway will require connectors to be configured.

Inbound mail connector

ItemConfiguration
Not configuredN/A

Outbound mail connector

ItemConfiguration
Not configuredN/A

Hybrid configuration

Inbound mail connector

ItemConfiguration
FromYour Organization’s email server
ToOffice 365
DescriptionNone
StatusOn
Retain internal Exchange email headers (recommended)Enable
How to identify your organizationIdentify the organization by verifying that messages are coming Inbound from xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Security restrictionsReject messages if they aren’t encrypted using Transport Layer Security (TLS), or the subject name on the certificate that the organization uses to authenticate with Office 365 doesn’t match this domain name: *.Organisation.com.au

Outbound mail connector

ItemConfiguration
FromOffice 365
ToYour Organization’s email server
DescriptionNone
StatusOn
Retain internal Exchange email headers (recommended)Enable
How to identify your organizationIdentify the organization by verifying that messages are going outbound from xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
When to use the connectorOnly when email messages are sent to these domains: *
Routing methodRoute email messages through these smart hosts: Organisation.com.au
Security restrictionsAlways use Transport Layer Security (TLS) and connect only if the recipient’s email server certificate is issued by a trusted certificate authority (CA), and the subject name matches this domain: mail.organisation.com.au

Security & Governance

  • None identified

Design

  • None identified

Configuration

  • None identified

References

  • None identified

Do you have a suggestion on how the above page could be improved? Get in touch! ASD's Blueprint for Secure Cloud is an open source project, and we would love to get your input. Submit an issue on our GitHub, or send us an email at blueprint@asd.gov.au

Acknowledgement of Country icon

Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.

Authorised by the Australian Government, Canberra