Welcome to managing mail flow using a third-party cloud service with Exchange Online. In this lesson, we'll take a closer look at a mail flow scenario where you need to point your MX record to a third-party spam filter and at a scenario where you point your MX record to a third-party solution that doesn't include spam filtering. So, the first scenario where you'll find yourself managing mail flow using a third-party cloud service with Exchange Online is one where you want to host all your mailboxes in Exchange Online, but prefer to use a third-party service for anti-spam, anti-malware and anti-phishing protection. In this kind of setup, all email coming from the Internet has to first be filtered by the third-party anti-spam service before being routed to Microsoft 365 or more specifically, Exchange Online. The diagram you see on your screen shows what this type of mail flow setup looks like. Notice that the MX record needs to point to the third-party anti-spam provider while the SPF record points to Microsoft 365.

To make this work, you first add your custom email domain in Microsoft 365 and verify ownership. Next, you create your user mailboxes in Exchange Online. Or if you're migrating from an on-prem solution, you migrate your existing on-prem mailboxes. You then need to update the MX and SPF records for your email domain. We already covered what these records do earlier in the course. So, if you forgot what they do, just re-watch that lesson. When setting this type of mail flow up, you need to tell your third-party service, or device for that matter, how to forward the mail it receives from the Internet to your Exchange Online org In a typical scenario, you supply the host name for Microsoft 365. In most cases, this host name would be something like your email domain.mail.protection.outlook.com. The exact value that you need can be obtained by browsing to configuration and then domain in your Microsoft 365 portal.

And then the last thing you do is lock down your exchange online organization so that it will only accept mail from your third-party service. This is done by setting up an inbound mail connector. For detailed step by step instructions on how to complete these steps, visit the URL that you see on your screen. Now, there may also be instances where you'll want to use Exchange Online to host all your mailboxes, but you'll also want to ensure that all inbound Internet mail flows through a third party archiving service or maybe through an auditing service before it's ultimately delivered to your exchange online org. In this type of setup, you'd also want outbound email that's sent from the exchange online org to flow through that same service. In this scenario, you'd still rely on the built-in Exchange Online spam filtering.

To make this setup work, you have to configure enhanced filtering for connectors which you can read more about at the URL that you see on your screen. The diagram on your screen right now shows what the architecture of this type of solution would look like. Now, before we wrap up this lesson, I do want to point out that Microsoft strongly recommends that you use the built-in archiving and auditing solutions that are included with Microsoft 365 rather than go the third-party route.