Manually Configuring Office 365 for mxHero Fusion (part 2: Transport Rule)

This is Part 2 of Configuring Office 365 for mxHero Fusion. Part 1 can be found here.

After creating the Outbound Connector, you have to set up a Transport Rule that will in fact route messages from the Office 365 environment to mxHero.

The steps are:

  • Office 365 will receive the incoming or outgoing email
  • Office 365 via this transport rule will route the message to the mxHero platform
  • mxHero will process your Mail2Cloud rules.
  • If your delivery is to your own domain, mxHero will send the email back to Office 365. Office 365 will then see that the message was already processed by mxHero (using an identification header) and will deliver it to the recipient. If your delivery is to an external domain, mxHero will deliver directly to the recipient's mail server. Please see mxHero's SPF configuration.

If the Office 365 integration is being limited to a subset of users, you will need to create two transport rules, one for incoming email and another for outgoing email. If integration is for all users then only one rule is required. In this example, we are creating two rules so that we can restrict mxHero usage to a subset of users.

Another important point to mention is the header values displayed in these examples. These are the signatures added by mxHero. mxHero support will provide a unique, domain-specific signature to be added as the header value.

1) Create two transport rules

In your Exchange administration Office 365 dashboard, access:


To limit mxHero to a specific subset of users, create two rules (for senders and recipients) to a pre-defined Office 365 group. In the below example we have defined a group called, "POC".

For full integration of Office 365 and mxHero simply create one rule with no conditional (i.e. "Apply this rule if...")

IMPORTANT: the value of the "X-mxHero-Transport-Agent" header is unique and must be received from mxHero support. Contact support through the chat window, contact form, or via





2) Whitelist mxHERO IPs

Now, let's whitelist mxHero IPs in Exchange Online:

Go to "Protection", "Connection Filter", edit "Default" and add the following entries to the "IP Allow list":


3) Prevent TNEF encapsulation

Finally, let's prevent Office 365 to generate messages with TNEF encapsulation:

Click on "Mail Flow" on the left menu and then, "Remote Domains", on the tab on the top. What causes the issue in a domain configuration is the "Rich Text Format". Please set it in the "Default" for "Never". Additionally, please add each of your own domains with a Remote Domain entry too and set their "Rich Text Format" to "Never" on them as well.

Done! After finishing this configuration emails will be automatically routed through mxHero.


Have more questions? Submit a request


Powered by Zendesk