These steps should be completed to route emails from ProofPoint to Office 365, and completed once your ProofPoint account has been provisioned. ProofPoint also has the following videos you can watch. If prompted for username and password, please log into the ProofPoint admin dashboard first then try to access the links again.
How to configure Microsoft Office 365 to use Proofpoint Essentials as your mail gateway.
Relaying for Office 365
Active Directory Sync
Azure Active Directory Sync
Bypassing O365 Spam Checks
To ensure that emails delivered from ProofPoint to Office 365 are not incorrectly identified as spam, resulting in delayed or failed email delivery, the ProofPoint service IP Ranges should be added to the Allowed List in the Connection Filtering Policy within the Office 365 Exchange Admin Center (EAC).
To add the ProofPoint Datacenter IP Ranges to the connection filter policy:
1. Login to the Office 365 Exchange Admin Center (EAC)
2. Click on Protection:
3. Click on Connection Filter, then click the Edit icon:
4. Click Connection Filtering then click the Add icon within the IP Allow list section:
5. Add the Inbound ProofPoint IP Ranges. See the ProofPoint Data Centers and URLs page for details of these for your region.
6. Check the Enable Safe List checkbox.
7. Click Save to apply the changes.
Determining the Host Name
In order to deliver emails from ProofPoint to your Office 365 service, you must determine your Host Name by following the steps below:
1. Log in to the Office 365 Admin Center.
2. Select Domains from the menu on the left of the page.
3. From the Manage Domains page, select Domain Settings for the domain you wish to configure inbound delivery for.
4. Once presented with the DNS records screen, find and note the MX value.
ProofPoint Delivery Destination [Company Settings > Domains > Edit > Delivery Destination] should be configured to deliver all inbound email to your specified O365 hostname, which in this case is the MX record for the Office 365 account.
Setting Us Up as Your Only Trusted Email Source
We recommended that you lock down your inbound email flow in Office 365 to only allow mail from ProofPoint IP addresses. This requires you to create a receive connector in Office 365.
To lock down your firewall:
1. Log on to the Office 365 Exchange Admin Console.
2. Click on the Mail flow menu item on the left hand side.
3. Click on the Connectors link at the top. Your connectors are displayed.
4. Click on the + icon.
5. Complete the Select Your Mail Flow Scenario dialog as follows:
From Partner organization
To Office 365
The text at the bottom of the wizard changes to:
“Creating a connector is optional for this mail flow scenario. Create a connector only if you want to enhance security for the email messages sent between your partner organization or service provider and Office 365. You can create multiple connectors for this scenario, each applying to different partner organizations or service providers”
6. Click the Next button.
7. Change the connector's name to ProofPoint to Office 365.
8. Click the Next button.
9. Select the Use the Sender's Domain option in the "How do you want to identify the partner organization?” dialog.
10. Click the Next button.
11. Click on the + icon to add the * as the domain and click OK.
12. Click the Next button.
13. Leave the Reject Email Messages if They Aren't Sent Over TLS option with the default value on the “What security restrictions do you want to apply?” dialog. ProofPoint will send the message on to Office 365 with Opportunistic TLS.
14. Select Reject email messages if they aren't sent from within this IP address range.
15. Click on the + icon to add the ProofPoint IP address ranges depending on your region.
16. Click the Next button.
17. A summary page is displayed. Check this to ensure it has all the correct information.
18. Click the Save button.