Setup Post delivery protection

Find out how to connect your Microsoft Office 365 tenants and turn on Auto search and destroy.

Restriction You can only use this feature if you've joined the Early Access Program.

You must have your Microsoft Office 365 tenants connected to Sophos Central before you continue. Do this in Domains settings/status.

To use Auto search and destroy you must first give permission for Sophos applications to access your Microsoft tenants. Auto search and destroy is turned off by default.

Restriction You must be a Super Admin to set up the connection to your Microsoft Office 365 tenants. If you can't click Set up O365 security now, you don't have the right permissions.

To set up your domains, do as follows:

  1. Click Email Gateway Dashboard > Set up O365 security now.
    Domains settings/status appears with a list of your domains, including your Microsoft Office 365 tenants.
  2. Under O365 CONNECTION, click Connect for the domain you want to connect.
    A number of Permissions requested pop-ups from Microsoft appear. There are normally two, one for the Sophos master application, then another for API access. If someone has previously granted permissions, you may only see one Microsoft pop-up.
  3. Carefully read and accept these pop-ups.

    This allows Sophos to access your Microsoft Office 365 tenant.

    If you can't connect to your Microsoft Office 365 tenant, you may one of the following error messages:

    • Failed to establish session: session has timed out.
    • Failed to create connection: consent for API access wasn't granted.
    • Failed to create connection: consent for data access wasn't granted.
    • Failed to create connection: the domains in Sophos Email don't match the domains in the Microsoft Office 365 tenant.
    • Failed to create connection: (reason not specified).

    You must solve the problems, then connect again.

    Restriction Auto search and destroy doesn't work if you don't grant these permissions.
    After permissions are granted, Domains settings/status appears and your tenant is shown on the list.
  4. Click Configure O365 Security.
  5. Turn on Auto search and destroy.
  6. Turn on Remove emails containing malicious URLs and Remove emails containing malware.
  7. Click Save.
    Domains settings/status appears.

Your users' Microsoft Office 365 inboxes are now scanned and malicious emails are quarantined. You can see, delete, and release malicious emails in Quarantined Messages > Post delivery quarantine.

Reports are in Email Gateway Dashboard > Logs & Reports > Post delivery summary.