You require administrator access to your Microsoft 365 account or mail server in order to configure it to work with StayPrivate:
From the Office 365 home page, in the left-hand menu, select 'Admin'.
In the left-hand menu, select 'Show all'.
Scroll down and under 'Admin centers' select 'Exchange'.
If you do not have administrator access to your email server, please send the following link to your IT administrator and ask them to complete the setup: https://stayprivate.com/server-configuration/?config=microsoft
We recommend that you use the latest version of the Microsoft Exchange Admin Center. If you are using the 'Classic' Exchange Admin Center you can still follow the instructions below, but please be aware that there are one or two slight differences in wording and layout.
Instead of using the Admin Center, you can configure the email server directly using Exchange Online PowerShell. Click here to display the PowerShell instructions.
Exchange Online PowerShell Instructions
Firstly, connect to the tenancy, using the script below and replacing example.com with the corporate domain:
Connect-ExchangeOnline -Device -DelegatedOrganization example.com
Secondly, add a connector to send messages to StayPrivate:
New-OutboundConnector -Name "Send to StayPrivate" -UseMxRecord $false -SmartHosts sendsecure.stayprivate.com -IsTransportRuleScoped $true
Then add a connector to accept messages back from StayPrivate, using the script below and replacing example.com with the corporate domain:
New-InboundConnector -Name "Receive from StayPrivate" -SenderDomains *.example.com -ConnectorType OnPremises -CloudServicesMailEnabled $true -RestrictDomainsToCertificate $true -RequireTls $true -TlsSenderCertificateName *.stayprivate.com
Now add a rule to identify messages to send to StayPrivate, replacing example.com
with the corporate domain:
New-TransportRule "Identify messages to send via StayPrivate" -SentToScope "NotInOrganization" -SenderDomainIs "example.com" -ExceptIfSenderIpRanges "220.127.116.11" -ExceptIfHeaderMatchesMessageHeader "x-stayprivate-processed" -ExceptIfHeaderMatchesPatterns "true" -RouteMessageOutboundConnector "Send to StayPrivate"
And add a rule to ensure secure corporate replies are recorded in StayPrivate, again replacing example.com with the corporate domain:
New-TransportRule "Send secure replies to StayPrivate" -SubjectOrBodyMatchesPatterns "#stayprivate-secure-reply" -ExceptIfSenderDomainIs "example.com" -ExceptIfSenderIpRanges "18.104.22.168" -BlindCopyTo firstname.lastname@example.org
Finally, add a rule to ensure StayPrivate emails are not flagged as spam:
New-TransportRule "StayPrivate Allow" -SenderIpRanges "22.214.171.124" -SetSCL "-1"
To hide the Exchange Online PowerShell instructions above, click here.