NOTE: Per recommendations from Microsoft (Click here), follow this KB to reduce the likelihood O365 will throttle inbound messages from SonicWall Hosted Email Security and thus, create delivery delays. In O365
Login to Microsoft Exchange Admin Center as an Admin of the Organization
On the Left Navigation Bar, select Connectors (https://admin.exchange.microsoft.com/#/connectors)
Click on “Add a connector” to add and configure a new Connector that applies security policy for emails routed from SonicWall Hosted Email Security.
On the “Add a connector” Wizard.
Select “Partner organization” as “Connection from” for the New Connector. The only option for “Connection to” will be “Office 365”. Click Next.
Configure the Name for the Connector as “Inbound Email From SonicWall HES” and opt to “Turn it on”. Click Next.
Authenticating sent email
Select "By verifying that the IP address of the sending server matches one of the following IP addresses, which belong to your partner organization
Please add the following individual IP addresses.Do not summarize into a CIDR notated Subnet as that will include additional IP addresses. TIP: Microsoft does not support ranges at the time this article was written thus you must individually add each IP listed in the range below that coincides with your HES location (North America or European Union).
220.127.116.11 - 18.104.22.168
22.214.171.124 - 126.96.36.199
Add each IP in the box and Click on +
Ensure the option “Reject email messages if they aren’t sent over TLS” is selected
Review the Configuration of the new Connector. And click “Create Connector”
Saving the connector will ensure that the security restrictions are applied on email messages from SonicWall Hosted Email Security. It will also inform Microsoft O365 to expect these IPs to send a greater than normal amount of messages and therefore reduce the likelihood O365 will throttle these inbound messages creating a delivery delay.