Skip to main content

Check Point Email Protection: Onboarding Checklist for Microsoft Tenants

Updated today

Step 1: Handling Existing Email Solutions (if Applicable)

If you are operating a third-party email gateway solution or a standalone Check Point deployment outside of Guardz and intend to migrate to Check Point (Avanan) through Guardz, follow the instructions outlined in this guide.

Step 2: Verify Prerequisites Are Met

  • Verify that you have Global Administrator permissions (for use in installing and authorizing the SaaS App).

  • Confirm that a supported license is in place:

Minimum License Required

Other Supported Licenses

Licenses Not Supported

Business Basic (formerly Business Essential)
​
​Note: Integration with Microsoft Encryption requires Office 365 E3 or Office 365 E5 licenses.

  • Business Premium (formerly Business)

  • Business Standard (formerly Business Premium)

  • Exchange Online Kiosk

  • Exchange Online Plan 1

  • Exchange Online Plan 2

  • Office 365 A1

  • Office 365 A3

  • Office 365 A5

  • Office 365 E1

  • Office 365 E3

  • Office 365 E5

  • Microsoft 365 F1*

  • Microsoft 365 F3

Microsoft 365 Developer Program

  • Verify that the Global Administrator has the Exchange Administrator Role under: admin.exchange.microsoft.com > Roles > Admin Roles > Organization Management > Assigned

  • Make sure the Global Administrator has all of the permissions below for the 'Organization Management' role within the Exchange Admin Center. If these permissions are missing, Check Point may not be able to activate successfully.

    admin.exchange.microsoft.com > Roles > Admin Roles > Organization Management > Permissions.

    1. Security Group Creation and Membership

    2. Compliance Admin

    3. Data Loss Prevention

    4. Distribution Groups

    5. Information Rights Management

    6. Journaling

    7. Mail Recipients

    8. Mail Tips

    9. MyDistributionGroupMembership

    10. MyDistributionGroups

    11. Organization Configuration

    12. Organization Transport Settings

    13. Remote and Accepted Domains

    14. Retention Management

    15. Role Management

    16. Security Admin

    17. Security Reader

    18. Tenant AllowBlockList Manager

    19. Transport Hygiene

    20. Transport Rules

    21. UM Mailboxes

    22. View-Only Configuration

    23. View-Only Recipients

Please note:

  • The four permissions below may not be available in all environments. If they appear, add them. If they do not, this is expected in some Microsoft environments and they are not required.

    • Security Group Creation and Membership

    • MyDistributionGroupMembership

    • MyDistriubtionGroups

    • UM Mailboxes

  • A Group addition welcome email is sent to all users post activation unless you disable the feature within MS 365 (see tips in the section below). The email will look like this:

  • It is recommended to prevent Group Welcome Email from being sent.

    • To turn of this MS feature, you should be able to use the following powershell command in Exchange: Set-UnifiedGroup -Identity "<groupname>" -UnifiedGroupWelcomeMessageEnabled:$false

    • Note: review by an MS exchange administrator is recommended to ensure disabling this setting meetings your environmental needs and doesn't have any unintended effects.

    • Please refer to MS documentation here for more information.

Step 3: Activate Check Point Email Protection via Guardz

Please refer to this guide for complete step-by-step installation instructions.

Related Articles
Guardz Applications for Microsoft
Introduction to Check Point Email Protection
Check Point Email Protection Early Access
Check Point Email Protection: Onboarding Checklist for Google Tenants
Switching to Check Point Email Protection via Guardz
Did this answer your question?