• Replies 1 reply
  • Subscribers 113 subscribers
  • Views 219 views
  • Users 0 members are here
Options
Related

On Demand Migration – Domain Rewrite V2 – New Feature Spotlight

Becky Cross
4 days ago

Quest is excited to release an update to the Domain Rewrite solution in On Demand Migration (ODM) that includes new options to simplify project setup and reduce the potential for rewritten messages being flagged as spam.

  • The V2 setup wizard includes new Express and Advanced setup options
  • Fewer transport rules and groups are created in the source and target tenants
  • Directory Sync agent instructions are only provided for applicable environments

Express vs Advanced setup and mail routing options

The most significant change in the Domain Rewrite (V2) update is the ability to choose how rewritten messages should be routed for final delivery to the recipient. During project setup, you will be able to choose between Express and Advanced setup.

Express Setup

This is a new setup option that enables Quest to route messages over to the rewrite tenant for final delivery instead of routing them back to the sending tenant after performing rewrite activities.

Benefits:

  • Since rewritten messages will be sent out from the tenant that actually owns the rewrite domain, they will have better alignment for SPF, DKIM, and DMARC checks because P1 and P2 header details will both be updated.
  • This setup option only requires publishing SPF records and providing SSL certificates. You do not need to configure DKIM or make potential DMARC changes.

Considerations:

  • Since outbound messages will be routed to the rewrite tenant by Quest, they will not be processed by the remaining transport rules in the sending tenant. You may need to configure additional transport rules in the rewrite tenant to perform desired content checks, add disclaimers, etc.
  • When analyzing mail flow for rewritten messages, you may need to check both tenants, as the original outbound message details will be in the sending tenant, while the rewritten message details will be in the rewrite tenant.

Below are example mail flow diagrams for mailboxes configured with Rewrite-as-Target using the Express setup option.

Advanced Setup

This option behaves like previous Domain Rewrite (V1) projects, where Quest will route rewritten messages back to the original sending tenant for final delivery.

Benefits:

  • This allows outbound messages to be processed by the transport rules you have in the sending tenant for checking content, adding disclaimers, etc.
  • When analyzing mail flow for rewritten messages, the details for both the original outbound message and the rewritten message will be available to check in the sending tenant.

Considerations:

  • Since rewritten messages are sent out from a tenant that does not own the rewrite domain, there is higher potential for messages to be flagged as spam. If this occurs, this may require additional changes to DNS including setting SPF to soft fail and, in some circumstances, setting DMARC to p=none.
  • In addition to publishing SPF records and providing SSL certificates, this option also requires configuring M365 DKIM in the tenant and publishing Quest DKIM records.

Simplified transport rules and groups

Domain Rewrite project setup creates transport rules and distribution groups in the tenants to determine if anyone in the From, To, or CC addresses is enabled for rewrite. Previous Domain Rewrite (V1) projects created multiple routing and sorting rules and groups that added complexity when reviewing the project configuration in a tenant.

Domain Rewrite V2 simplifies this configuration by creating just two groups and four transport rules in each tenant.  There are also two connectors created to route messages between the tenant and the Quest rewrite service.

 Distribution Groups

  • Quest-[ProjectID]-DayOne
  • Quest-[ProjectID]-DayTwo

Transport Rules

  • Quest-[ProjectID]-Out-From
  • Quest-[ProjectID]-Out-ToCC
  • Quest-[ProjectID]-In
  • Quest-[ProjectID]-In-Dkim

Connectors

  • Quest-[ProjectID]-Out
  • Quest-[ProjectID]-In

Option to skip Directory Sync agent instructions

Domain Rewrite only requires a Directory Sync agent when you are matching to hybrid mail users in the target, meaning they are synced from Active Directory but are not mailbox-enabled.  If all target users in scope are either mailbox-enabled or are cloud-only, then no agent is required. Domain Rewrite V2 includes a minor update to the the previous announcement about no longer requiring agents for all hybrid tenants.

During project setup, you will now be asked if you have hybrid mail users in scope.  If you choose “Yes”, the wizard will provide instructions for installing and configuring the agent.  If you choose “No”, the wizard will simply skip that step.

Enabling V2 options for your Domain Rewrite project

New Domain Rewrite projects will have the V2 features enabled by default and include both the Express and Advanced setup options.

Existing Domain Rewrite projects will continue using the V1 configuration to ensure there is no unplanned interruption to current rewrite activities. Migration admins can update existing projects to V2 using the process below.

  1.  Document existing mail flow and customizations (Optional but recommended).
    1. Example existing Outbound: Source Tenant > Quest Rewrite Service > Source Tenant (and its remaining transport rules) > Internet Recipient.
    2. Example existing Inbound: Internet > Target Tenant > Quest Rewrite Service > Target Tenant > Source Tenant.
    3. Note: If you have modified the existing transport rules, these customizations are not retained during the upgrade and will need to be reconfigured after the upgrade.
  2. Document desired end-state mail flow (Optional but recommended).
    1. Example desired Outbound (using Express setup option): Source Tenant > Quest Rewrite Service > Target Tenant (and its remaining transport rules) > Internet Recipient.
    2. Example Inbound (using Express setup option): Internet > Target Tenant > Quest Rewrite Service > Source Tenant.
  3. Open your existing Domain Rewrite project and click on “Setup” in the upper right to view your current project summary.
  4. Click on “EMAIL ADDRESS REWRITING” to jump to the applicable section of the setup wizard.
  5. Choose “Disable Domain Rewrite” and click Next to complete the configuration steps.
    1. Allow 30–60 minutes for the backend system to fully disable the rewrite service.
    2. During this time, the previous transport rules, groups, and connectors are removed from your tenants.


  6. Once the service is fully disabled, the setup screen will display the new options. Re-enable Domain Rewrite by selecting either the Express or Advanced setup option based on your needs.
    1. The rewrite service should be restored within 30–60 minutes after reactivation.
    2. During this time, the new transport rules, groups, and connectors will be created in your tenants.
    1. (Re)Apply any desired customizations to transport rules

Note: During the upgrade process, there will be a temporary disruption to the rewrite functionality—however, this only affects message rewriting. Message delivery itself will not be impacted.

Further Information

For more information on this and many other features within On Demand Migration, check out the Domain Rewrite Quick Start Guide and the On Demand Migration for Active Directory User Guide, and come visit us Quest.com.

Parents Reply Children
No Data