Check Point Harmony Email & Collaboration provides advanced email security for Microsoft 365, protecting against phishing, malware, business email compromise (BEC), and account takeover attacks. This guide walks you through connecting Harmony Email to your Microsoft 365 environment using the Check Point Infinity Portal.
Prerequisites
Before you begin, ensure you have:
- Check Point Infinity Portal account with an active Harmony Email & Collaboration license or trial
- Microsoft 365 Global Administrator credentials for granting application permissions
- Privileged Role Administrator or higher permissions in Microsoft Entra ID
- Active Microsoft 365 subscription with Exchange Online
- List of email domains you want to protect
Understanding Deployment Modes
Harmony Email & Collaboration offers two protection modes:
| Mode | Description | Use Case |
|---|---|---|
| Monitor Only | Scans emails and logs threats without blocking | Initial deployment, testing |
| Prevent (Inline) | Scans emails before delivery and blocks threats | Production protection |
Check Point recommends starting in Monitor mode, then transitioning to Prevent mode after reviewing initial detections.
Step 1: Access the Infinity Portal
- Navigate to https://portal.checkpoint.com in your browser
- Sign in with your Check Point account credentials
- If you don't have an account, click Create Account and complete registration
- From the main menu, click Menu (hamburger icon) in the top left
- Under the Harmony section, click Email & Collaboration
Step 2: Start the Activation Wizard
- If this is your first time, click Start Free Trial (14-day trial with full features)
- If you have a purchased contract, click Already have a contract and follow the instructions
- On the welcome page, click Let's Get Started
- Click Start next to Office 365 to begin the Microsoft 365 integration
Step 3: Choose Integration Mode
You'll be prompted to select an integration mode:
Automatic Mode (Recommended)
- Select Automatic Mode when prompted
- Review the information and click Continue
- Accept the Check Point terms of service and click Okay
Automatic mode provides:
- Simplified setup with minimal manual configuration
- Automatic mail flow rule management
- Better maintenance and updates
- Smoother user experience
Manual Mode
If you require more control over the configuration:
- Select Manual Mode when prompted
- You'll need to manually configure:
- Check Point contact for journal reports
- Mail flow rules in Exchange Admin Center
- Connectors for mail routing
Note: Manual mode is typically used in complex environments with specific compliance requirements or when automatic configuration conflicts with existing mail flow rules.
Step 4: Authorize Microsoft 365 Connection
- You'll be redirected to the Microsoft login page
- Sign in with your Microsoft 365 Global Administrator credentials
- Review the permissions requested by Check Point:
| Permission | Purpose |
|---|---|
| Exchange Administrator | Configure mail flow rules and connectors |
| Privileged Authentication Administrator | Block compromised accounts |
| Mail.Read | Scan email content for threats |
| Directory.Read.All | Access user and group information |
- Click Accept to grant the requested permissions
- Wait for the authorization to complete (this may take a few moments)
Step 5: Select Users to Protect
After authorization, choose which users to protect:
Protect All Users
- Select All organization to protect every mailbox
- This includes all active mailboxes in your Microsoft 365 tenant
- Click Continue to proceed
Protect Specific Groups
- Select Specific group for targeted protection
- Enter the Microsoft 365 group name in the search field
- Select the group from the results
- Repeat to add additional groups if needed
- Click Continue to proceed
Tip: Use specific groups for phased rollouts. Start with IT or security team groups, then expand to the entire organization.
Step 6: Complete Initial Configuration
- Review your configuration summary
- Click Activate to complete the setup
- Harmony Email will begin the initial synchronization process
The system will now:
- Connect to your Microsoft 365 environment
- Enumerate all protected mailboxes
- Begin the learning mode calibration
Step 7: Monitor Learning Mode
After activation, Harmony Email enters Learning Mode:
- Duration: Up to 48 hours depending on mailbox count and email volume
- During learning mode:
- No emails are blocked or quarantined
- The system analyzes email patterns and user behavior
- Detection engines are calibrated
- Monitor progress in the Dashboard section
Checking Learning Mode Status
- Go to Dashboard in the Harmony Email portal
- Look for the Learning Mode indicator
- Review the Calibration Progress section
- The system will automatically exit learning mode when calibration completes
Step 8: Configure Protection Policies
Once learning mode completes, configure your protection settings:
Enable Prevent Mode
- Navigate to Policy in the left menu
- Expand Office 365 Mail
- Click the default threat protection policy rule
- Change the Policy Protection Mode from "Monitor" to Prevent (Inline)
- Click Save to apply changes
Configure Policy Rules
Customize protection for different scenarios:
- Go to Policy > Add a New Policy Rule
- Select Office 365 Mail under Choose SaaS
- Configure rule settings:
- Direction: Inbound, Outbound, or Internal
- Security Type: Anti-Phishing, Anti-Malware, DLP
- Action: Detect, Prevent, Quarantine
- Apply to specific users or groups if needed
- Click Save to create the rule
Step 9: Verify the Connection
Confirm your integration is working correctly:
Check Connection Status
- Go to Overview > SaaS Status
- Verify Office 365 Mail shows Connected
- Check the Last Sync timestamp is recent
Review Protected Mailboxes
- Navigate to Users & Groups
- Verify the expected number of mailboxes are listed
- Check user status shows Active
Send Test Emails
- Send a test phishing email (use EICAR test files for malware testing)
- Verify the email is detected in the Events section
- Check that appropriate action was taken based on your policy
Hybrid Environment Configuration
If you have a hybrid Exchange environment (some mailboxes on-premises):
- Ensure mailboxes are properly configured for hybrid mail flow
- Follow the Hybrid Environment Guide for additional steps
- Configure mail flow rules to route emails through Harmony Email
Troubleshooting Common Issues
Authorization Fails
Symptoms: Microsoft login fails or permissions are not granted.
Solutions:
- Verify you're using Global Administrator credentials
- Check that your account isn't restricted by Conditional Access policies
- Try using an InPrivate/Incognito browser window
- Ensure pop-ups aren't blocked in your browser
Connection Shows Disconnected
Symptoms: SaaS Status shows Office 365 as disconnected.
Solutions:
- Check if permissions were revoked in Microsoft Entra ID
- Re-authorize the connection from Harmony Email settings
- Verify the Check Point enterprise application exists in Entra ID
- Contact support if the issue persists
Emails Not Being Scanned
Symptoms: Emails arrive but no events are logged.
Solutions:
- Confirm learning mode has completed
- Verify mail flow rules are correctly configured in Exchange Admin Center
- Check that the user is in a protected group
- Review connector settings for proper routing
Next Steps
After successfully connecting Harmony Email to Microsoft 365:
- Configure DLP policies: Protect sensitive data from unauthorized sharing
- Enable account takeover protection: Detect compromised accounts
- Set up alerts: Configure notifications for security events
- Review dashboards: Monitor threat trends and email security metrics
- Protect additional SaaS apps: Add OneDrive, SharePoint, and Teams protection
Additional Resources
- Harmony Email & Collaboration Admin Guide
- Office 365 Mail Protection Documentation
- Required Roles and Permissions
Need help with your Check Point deployment? Inventive HQ provides expert implementation services for Harmony Email & Collaboration. Contact us for a free security assessment.