Mailflow from O365 (Cloud) to Cisco Email Security Appliance for certain users

New Contributor

We are in the process of migrating our staff and faculty to Office 365. We would like to have only staff and faculty route email to external recipients through our Cisco ESA device and have the students not use the ESA. I'm not quite sure how the setup in the Rules would look like and what the connector would look like.





O365 Email -->Cisco ESA --> Internet



O365 Email --> Internet


The students mail domain is


The staffs mail domain is


Thank you for any assistance that can be given.

2 Replies
best response confirmed by Dominik Hoefling (MVP)
Create a conditional connector. The connector is conditional upon certain rules being fired.

In your case, the rule would be "if sender domain" or "if sender is member of (staff group)" then use the conditional connector.

The connector in your case would have a target of the Cisco device.

For the students don't do anything. Office 365 will route email without a connector to the internet automatically


Hi @Brian Reid,


I would like to included my specifc scenario (Outgoing email), see:

O365 Email --> Cisco ESA --> Internet


The detail is... when mailbox destination included ( /, only this, the messages goes to direct to Junkbox.

If I remove the Cisco ESA of segment, the messages are delivered (non-Junkbox).

I have doubts if exist some feature side O365 that I need exec the just fine tunning to addressing this specific case.