Example 4: Require that all email sent to your organization from the internet is sent from a specific IP address (third-party email service scenario)

Mail flow from a third-party email service to Microsoft 365 or Office 365 works without a connector. However, in this scenario, you can optionally use a connector to restrict all mail delivery to your organization. If you use the settings described in this example, they'll apply to all email sent to your organization. When all emails sent to your organization come from a single third-party email service, you can optionally use a connector to restrict all mail delivery; only mails sent from a single IP address or address range will be delivered.

Note

Ensure you identify the full range of IP addresses that your third-party email service sends mails from. If you miss an IP address, or if one gets added without your knowledge, some mails won't be delivered to your organization.

You can apply this restriction in the New EAC and Classic EAC.

New EAC

In the New EAC, to restrict all mails sent to your organization from a specific IP address or address range, use the options during setup as shown in the following screenshots:

Screenshot that shows the screen on which there's a configuration to apply the settings globally.

Screenshot that shows the screen on which the your partner organization's IP address range is defined

Classic EAC

In the Classic EAC, to restrict all mails sent to your organization from a specific IP address or address range, use the options during setup as shown in the following screenshots:

Screenshot that shows to choose to use the sender's domain name.

Screenshot that shows to enter "*" to apply settings to all sender domains.

Screenshot that shows to enter your partner organization's IP address range.

When you set these restrictions, all mails sent to your organization will be from a specific IP address range. Any internet email that doesn't originate from this IP address range will be rejected.