How to perform a forward between office 365 tenants

Created by Abderrahim Ibnou el kadi, Modified on Wed, 12 Jul, 2023 at 10:40 AM by Abderrahim Ibnou el kadi

Synopsis:


This document is done for a specific setup where a customer has two domains/clients, while using Proofpoint,  on two separate office 365 tenants (Tenant01 and Tenant02) and does forwarding from Tenant01 to Tenant02. As a result all the messages forwarded get labeled on Tenant02's Proofpoint log search as FRAUD / SPF or DKIM.



Solution:


To get a round this situation you will need to follow the steps below:


On Tenant01

1- login to this tenant Proofpoint and Make sure you enable the "Email Tagging" under  Email > Email Tagging  with the word [Coming from External]
2- On office365 tenant for Tenant01  do the following:
  • Create a connector (i.e.: Fwd_Tenant02) from office365 to Partner org and make sure it is sending to SMART HOST of Tenant02  i.e.: tenant02-com.mail.protection.outlook.com 
  • Create a RULE to call that connector based on the condition specified:   Apply this rule if recipients' address domain portion belongs to any of these domains: 'Tenant02com' and Is received from 'Outside the organization' Do the following Route the message using the connector named 'Fwd_Tenant02'.
  • If this is not already done, then enable External Forwarding for ALL users Policies & Rules > Threat Policies > Anti Spam Policies  --> Anti Spam outbound Policy (Default)  (Figure 1)
  • On each user's OWA, create a  RULE that forwards to specific email address  i.e. user@Tenant01.com FWD to Anotheruser@Tenant2.com   by going to Settings > Forwarding


On Tenant02

  • on the Tenant02  and an exception for the "Proofpoint Inbound Lockdown Rule via vircomPortal"  as in the screen shot below (Figure2)



Figure 1:



Figure 2: