Post delivery protection
Find out how to connect your Microsoft 365 (formerly Office 365) tenants and turn on Auto search and destroy.
You must have your Microsoft 365 tenants connected to Sophos Central before you continue. Do this in Domains settings/status.
Auto search and destroy is turned off by default.
You must be a Super Admin to set up the connection to your Microsoft Office 365 tenants. If you can't click Set up M365 security now, you don't have the right permissions.
Accept Microsoft pop-ups
When you set up Post delivery protection, you must give permission for Sophos applications to access your Microsoft tenants.
To do this your browser must accept pop-ups from Microsoft. You might have to disable pop-up blockers, or make exceptions for Microsoft domains.
You must also be able to sign in to the correct domain. If your browser has stored sign-in credentials for a different domain, use an incognito or private browsing window.
Set up Post delivery protection
To set up your domains, do as follows:
- Click Email Security > Dashboard > Set up M365 security now. Domains settings/status appears with a list of your domains, including your Microsoft 365 tenants.
- Under M365 CONNECTION, click Connect for the domain you want to connect. A number of Permissions requested pop-ups from Microsoft appear. There are normally two, one for the Sophos master application, then another for API access. If someone has previously granted permissions, you may only see one Microsoft pop-up.
Carefully read and accept these pop-ups.
This allows Sophos to access your Microsoft 365 tenant.
If you can't connect to your Microsoft 365 tenant, you may see one of the following error messages:
- Failed to establish session: session has timed out.
- Failed to create connection: consent for API access wasn't granted.
- Failed to create connection: consent for data access wasn't granted.
- Failed to create connection: the domains in Sophos Email don't match the domains in the Microsoft 365 tenant.
- Failed to create connection: (reason not specified). You must solve the problems, then connect again.
Auto search and destroy doesn't work if you don't grant these permissions.
After permissions are granted, Domains settings/status appears and your tenant is shown on the list.
Click Configure Post Delivery.
- Turn on Auto search and destroy.
- Turn on Remove emails containing malicious URLs and Remove emails containing malware.
- Click Save. Domains settings/status appears.
Your users' Microsoft 365 inboxes are now scanned and malicious emails are quarantined. You can see, delete, and release malicious emails in Quarantined Messages > Post delivery quarantine.
Reports are in Email Security > Logs & Reports > Post delivery summary.