What you need to do to enable Mailguard Filtering and Office 365

Login to 365 Portal 

Inbound Filter by IP

This forces all internal mail to only be accepted by 365 from Mailguard IP’s. Spammers start caching DNS records so even though you changed MX records they use old ones!

• Exchange Administration 
• Mailflow
• Connectors

From Partner Organization
To Office 365
How do you want to identify the partner organization? Domain
Specify one or more sender domains: *
Reject email messages if they aren’t sent from within this IP address range ( IP Range from Mailguard )

203.21.125.32/32
69.16.202.203/32
174.36.235.195/32
69.16.202.216/32
50.23.246.238/32
50.23.252.166/32
108.168.255.216/32
108.168.255.217/32
203.21.125.33/32

Only when I have a transport rule set up that redirects messages to this connector – Tick
Route email through these smart hosts : filter.riskca-1.mailguard.com.au
Always use Transport Layer Security (TLS) to secure the connection (recommended)

• Exchange Administration 
• Mailflow
• Rules

Name : Relay Outbound through MailGuard
*Apply this rule if… – The Sender is Located … Inside the organization
*Do the following… : Use the following connector Name of Connector Above

SMTP SPF

Add this include to the TXT record for the outgoing domains

include:customer.mailguard.com