icon-unified.svg
Experience Center

Adding Email Tenants

Email tenants allow you to use the Zscaler service as a smart host for inspecting email content sent to external domains as part of your outbound email policy rules. The email tenants you create are used as part of the mail flow rules that you configure on your email server to act on content that violates your outbound email policy rules. To learn more, see Configuring Microsoft Exchange for Zscaler Outbound Email DLP and Configuring Gmail for Zscaler Outbound Email DLP.

To add an email tenant:

  1. In the Admin Portal, go to Policies > Data Protection > Policy > Email Tenants.
  2. Click Add Email Tenant.
    The Add Email Tenant window appears.
  3. Under Choose the Email Service Provider, select Gmail or Exchange.
  4. Under Name Email Tenant, enter a unique name for the tenant.
  5. Under Email Tenant Security Options, the setting for Outbound Email Security is automatically selected and is not configurable.
  6. Under Configure Connectors and Rules, click Get Configuration Info.
    The Key for Transport Rules information appears.
  7. Copy the values for Smart Host FQDN and for Key for Transport Rules and save them for later configuration on the email server.
  8. Under Email Domain Configuration specify the information for the email domain next hop, which is where the Zscaler service sends email content after inspection:
    • Domain: Select a domain from the list. The domains in the list are listed in your company profile.
    • Next Hop Address: Enter the address of the relay host for the email domain of the tenant you're configuring. For Gmail domains, enter smtp-relay.gmail.com. For Microsoft domains, use the following instructions to locate the relay host address:

        1. Sign in to the Microsoft 365 Admin Center.
        2. In the left-side navigation, go to Settings > Domains.

          The Domains page appears.
        3. In the list of domains, click the name of the email domain you're using to configure your outbound email policy.
          The Overview page for the domain appears.

          The Domain Overview page in the Microsoft M365 Admin Center

          Close
        4. On the Overview page, click DNS Records.
          The DNS Records page appears.
        5. On the DNS Records page, click the name of the mail exchange (MX) record for the domain.
          The MX record page appears.
        6. On the MX record page, in the Expected record row, copy the value from the Points to address or Value column.
        7. In the Admin Portal, paste the copied value into the Next Hop Address field.
        Close
    • Port Number: Enter the port number for the email domain (i.e., 25).
  9. Click Add Domain.
    The domain information is added to the email tenant
  10. Click Save and activate the change.
Related Articles
What Is Zscaler Outbound Email DLP?Step-by-Step Configuration Guide for Zscaler Outbound Email DLPUnderstanding Outbound Email Policy EnforcementAbout Email TenantsAdding Email TenantsEditing Email TenantsConfiguring Gmail for Zscaler Outbound Email DLPConfiguring Microsoft Exchange for Zscaler Outbound Email DLPAbout Email ProfilesAdding Email ProfilesEditing Email ProfilesAbout Outbound Email PolicyConfiguring Outbound Email Policy Rules