Overview
You will need Administrator access to complete these tasks.
There are 5 main steps:
1. Create two groups in the Directory
2. Generate a certificate from the Crossware portal
3. Create two Exchange Online Connectors
4. Create one Exchange Online Transport Rule
5. Add an accepted domain
Step 1 - Create Groups
Log into your Microsoft 365 Admin Portal using your Microsoft 365 login credentials. You can access this at https://admin.microsoft.com
You will be creating two groups:
- One of type Distribution List with the name CrosswareMailSignatureUsers
(Email for users in this group will be sent to Crossware Mail Signature for processing)
- One of type Security with the name CrosswareMailSignatureAdmins
(Users in this group will be able to configure Crossware Mail Signature)
See the following screenshots
Create CrosswareMailSignatureUsers group
Create CrosswareMailSignatureAdmins group
Step 2 - Generate Certificate
In order for your inbound connector to successfully receive mail back from Crossware, you will need to generate a unique certificate via the Crossware portal.
Navigate to the connectors section of your Crossware portal https://portal.crossware365.com/cms/admin/connector and select Update Manually
Generate a unique certificate and copy the certificate - you will need this certificate later for your accepted domain and inbound connector.
You can then close the dialog box - this certificate is now linked to your tenant and will always be available here while your setup is active.
Step 3 - Create Connectors
Log into your Microsoft 365 Exchange Admin Center using your Microsoft 365 login credentials. You can access this at https://outlook.office365.com/ecp
Click on mail flow in the left navigator then on connectors at the top
You will be creating two connectors:
- One inbound connector called CrosswareInboundConnector
- One outbound connector called CrosswareOutboundConnector
Create CrosswareInboundConnector
Select
From: Your organization's email server
To: Microsoft 365
You need to enter the following text:
Connector Name: CrosswareInboundConnector
Certificate Name: *Your Unique Certificate copied from the Crossware Portal*
Review, verify, and turn the connector on
Create CrosswareOutboundConnector
Select
From: Microsoft 365
To: Your organization's email server
You need to enter the following text:
Connector Name: CrosswareOutboundConnector
Enter the smarthost name for your region as per the below list:
Note that these are for new customers - if you are an existing customer your deployment and smart host may be different, and you will need to contact support@crossware365.com
- (Copy and Paste one of these into the add smart host field)
- This should match the region that you selected when completing the initial onboarding
Smart Host Details:
Australia: mstrafficsmtp-aus-k1.crossware.co.nz
Canada: mstrafficsmtp-can-k1.crossware.co.nz
United States: mstrafficsmtp-us-k1.crossware.co.nz
France: mstrafficsmtp-france.crossware.co.nz
Europe: mstrafficsmtp-eu-k2.crossware.co.nz
United Arab Emirates: mstrafficsmtp-uae-k1.crossware.co.nz
Qatar: mstrafficsmtp-qat-k1.crossware.co.nz
Link to Crossware SPF records (if required): KA-01018 | Crossware Knowledge Base (crossware365.com)
Click on the + to add the smart host name.
You need to enter the following text:
Certificate Name: *.crossware.co.nz
Next you will need to validate the connection using an INTERNAL email that is a part of your Microsoft 365 environment (this includes accepted domains).
Please note:
Validation can sometimes fail on the first attempt due to Microsoft processing delays - this is ok, and you can proceed with the remaining steps.
Simply retry the validation process later.
Step 3 - Create Transport Rule
You will be creating one Transport Rule called CrosswareTransportRule
This transport rule will send the email through Crossware Mail Signature for processing.
Enter the Rule Name: CrosswareTransportRule
Under *Apply this rule if.... select The sender is a member of... and select the group CrosswareMailSignatureUsers (as created in previous steps)
Under *Do the following... select Redirect the message to... and then the following connector.
Select the Connector CrosswareOutboundConnector (as created in previous steps)
Under Except if... select The message headers... > includes any of these words
Next click on *Enter text... and enter the following text in the specify header name box:
x-cwesigprocessed (Please enter this exactly as shown)
Then click on *Enter words... and enter the following text the specify word or phrase box:
Y (Please enter this exactly as shown)
The screen should now look like the following:
Ensure Match sender address in message: is set to Envelope
Click Next and Finish.
NOTE: Leave the Mail Flow Rule DISABLED until you have completed the rest of the setup.
Step 3 - Add the certificate as an accepted domain
In order for your organization to verify the incoming mail from Crossware, the unique certificate needs to be added as an accepted domain.
Navigate to the Microsoft 365 Admin Center: https://admin.microsoft.com/AdminPortal/Home#/homepage and select Settings > Domains > Add domain.
Paste the certificate you copied from the Crossware Portal earlier (this can be copied again from https://portal.crossware365.com/cms/admin/connector > Update Manually) into the Domain name and select Use this domain
Next, select Add a TXT record to the domain's DNS record and click continue
Before you can verify the domain, you must copy the TXT value and navigate back to the Crossware portal https://portal.crossware365.com/cms/admin/connector and select Update Manually again.
Paste the entire value into the TXT Value input field and select Add. (i.e. MS=ms123456...)
You can then close the dialog box
Once you have verified that the TXT Value has been added by seeing the Green Tick you can again close the dialog box.
Navigate back to the Microsoft 365 Admin Center and verify the domain, making sure that the TXT value is the same as the one entered in the Crossware Portal.
If the session has timed out, you can restart the Accepted Domain process and update the TXT in the Crossware Portal with the new value generated by Microsoft.
Uncheck Exchange and Exchange Online Protection and click Continue
Finally, you can save your certificate to Crossware, ensuring that all of the above is completed correctly before doing so:
Congratulations! You have completed your setup.
Crossware has a 30-minute grace period before activating your unique certificate to allow for Microsoft propagation. Please allow 30 minutes before enabling your Crossware transport rule. Mail will not route successfully before this.
During this time, you can design and assign signatures in the Crossware Portal: https://portal.crossware365.com