Example 2: Require that email sent from your partner organization domain ContosoBank.com is encrypted and uses their domain certificate

This configuration can be done in the New EAC and in the Classic EAC.

New EAC

To do this configuration in the New EAC, perform the following steps:

  1. Use all the settings shown in Example 1 - Require that email sent from your partner organization domain contosobank.com is encrypted using transport layer security (TLS).

  2. Add the certificate domain name that your partner organization uses to connect with Microsoft 365 or Office 365.

Screenshot that shows the screen on which encryption is done using the domain certificate name.

Classic EAC

To do this configuration in the Classic EAC, perform the following steps:

  1. Use all the settings shown in Example 1 - Require that email sent from your partner organization domain contosobank.com is encrypted using transport layer security (TLS).

  2. Add the certificate domain name that your partner organization uses to connect with Microsoft 365 or Office 365.

Screenshot that shows to enter your partner organization certificate name.

When you set these restrictions, all mails from your partner organization domain must be encrypted using TLS, and sent from a server with the certificate name you specify. Any email that doesn't meet these conditions will be rejected.