Governance for IT Admins

The Gateway Solutionfor Exchange Online.Cryptography without Client Add-ins.

End the chaos of decentralized plugin management. Conbool integrates as a Smart Host directly into your Exchange Online mail flow. Scalable, automated encryption (S/MIME & PGP) for the entire company.

Request Technical Assessment Architecture Guide

Seamless Smart Host

Central Key Management

No local add-ins

Exchange Online Tenant

Outbound Connector

Mandatory TLS Route

Conbool Policy Engine

> evaluate_rules()

> fetch_pk(S/MIME)

> encrypt_payload()

> deliver(250 OK)

Warum Add-in basierte Verschlüsselung in Exchange Online Umgebungen scheitert

Managing encryption at the client level (Outlook plugins) is an administrative dead end. As the number of users increases, incompatibilities and helpdesk tickets grow.

High Rollout and Maintenance Effort

Every update to Outlook or Windows risks the failure of your crypto plugin. IT teams spend hundreds of hours troubleshooting individual users instead of strategically controlling security.

Inconsistent Security Policies

When protection depends on whether a plugin was loaded or the user clicks the 'Encrypt' button, your compliance is incomplete. Shadow IT and human error are pre-programmed.

Das Conbool-Gateway: Sicherheit auf Transport-Ebene

Transparent Integration

Conbool acts as a Secure Mail Gateway (SMG). Mail flows via a secured connector from Exchange Online to Conbool, is signed/encrypted there, and delivered directly. The mail flow remains clean.

Automatic AD Sync

Full integration into your Active Directory. Certificates are automatically assigned to users. New employees are 'Ready-to-Secure' from the first second, without manual key management.

Maximum Performance

Encryption at the gateway offloads your employees' end devices. Large attachments are processed with high performance on the server side, which massively improves the user experience in Outlook.

Bereit für die technische Bewertung?

Reicht aus:Interne Tenant-to-Tenant Kommunikation mit reiner Microsoft-Infrastruktur oder rudimentäre Verschlüsselung ohne hohe Ansprüche an Gateway-Logiken (OME / Purview).
Conbool wird benötigt für hybrides Setup:Wenn Sie hybride Umgebungen verwalten (z.B. Exchange Online kombiniert mit dedizierten on-prem Servern) und einheitliches Policy-Management fordern.
Trennung von Engine und PKI:Wenn Sie eine saubere architektonische Trennung von Public Key Infrastructure und der reinen Messaging-Engine etablieren möchten.
Tiefgreifende Automatisierung:Wenn Gateway-basierte Signatur, automatische Entschlüsselung vor der Archivierung (Journaling) oder tiefes DLP (Data Loss Prevention) unabdingbar sind.

Looking for the Business Overview for M365?

This focus is on technical routing and mail flow. If you want to know how brand consistency and user acceptance are increased in a native M365 environment, switch to the business perspective.

To Business Perspective for Microsoft 365

Die versteckten Kosten von 'Add-in Only' Strategien

Many companies underestimate the friction losses caused by decentralized encryption.

Update Fatigue

Third-party updates often block Outlook features.

Mobile Gap

Add-ins rarely work smoothly on iOS/Android.

Missing Audit

Central logging of crypto events is hardly possible.

User Error

Manual encryption is simply often forgotten.

Common Technical Questions (Exchange Online)

Does the connector affect email deliverability (SPF/DKIM/DMARC)?

No. Conbool acts as an authorized mail relay. We support correct signing and ensure that your SPF records and DKIM signatures maintain the integrity and reputation of your domain.

How secure is the connection between Exchange Online and Conbool?

Communication takes place via TLS-encrypted certificate connectors. We enforce the latest TLS versions and Perfect Forward Secrecy for all data exchange between your tenant and our gateway.

Can we exclude specific domains or senders from routing?

Yes. You have full control via transport rules in Exchange Online. You can set granular conditions for which messages are directed to Conbool for encryption and which use the standard path.

Does SecureMail support hybrid Exchange scenarios?

Of course. SecureMail can be configured to process emails from both on-premise Exchange servers and Exchange Online instances, which is ideal especially during a migration phase.

Where are the audit logs for crypto events stored?

All events are logged in the Conbool Governance Console. These logs are audit-proof and can be exported for compliance audits or connected to your SIEM system via an API.

Vom Add-in Chaos zur Gateway-Souveränität

Build a future-proof encryption infrastructure for your company. Let's talk about your architecture.

Request Technical Assessment Architecture Guide

Governance for IT Admins

The Gateway Solutionfor Exchange Online.Cryptography without Client Add-ins.

Request Technical Assessment Architecture Guide

Seamless Smart Host

Central Key Management

No local add-ins

Exchange Online Tenant

Outbound Connector

Mandatory TLS Route

Conbool Policy Engine

> evaluate_rules()

> fetch_pk(S/MIME)

> encrypt_payload()

> deliver(250 OK)

Warum Add-in basierte Verschlüsselung in Exchange Online Umgebungen scheitert

Managing encryption at the client level (Outlook plugins) is an administrative dead end. As the number of users increases, incompatibilities and helpdesk tickets grow.

High Rollout and Maintenance Effort

Every update to Outlook or Windows risks the failure of your crypto plugin. IT teams spend hundreds of hours troubleshooting individual users instead of strategically controlling security.

Inconsistent Security Policies

When protection depends on whether a plugin was loaded or the user clicks the 'Encrypt' button, your compliance is incomplete. Shadow IT and human error are pre-programmed.

Das Conbool-Gateway: Sicherheit auf Transport-Ebene

Transparent Integration

Conbool acts as a Secure Mail Gateway (SMG). Mail flows via a secured connector from Exchange Online to Conbool, is signed/encrypted there, and delivered directly. The mail flow remains clean.

Automatic AD Sync

Full integration into your Active Directory. Certificates are automatically assigned to users. New employees are 'Ready-to-Secure' from the first second, without manual key management.

Maximum Performance

Encryption at the gateway offloads your employees' end devices. Large attachments are processed with high performance on the server side, which massively improves the user experience in Outlook.

Bereit für die technische Bewertung?

Reicht aus:Interne Tenant-to-Tenant Kommunikation mit reiner Microsoft-Infrastruktur oder rudimentäre Verschlüsselung ohne hohe Ansprüche an Gateway-Logiken (OME / Purview).
Conbool wird benötigt für hybrides Setup:Wenn Sie hybride Umgebungen verwalten (z.B. Exchange Online kombiniert mit dedizierten on-prem Servern) und einheitliches Policy-Management fordern.
Trennung von Engine und PKI:Wenn Sie eine saubere architektonische Trennung von Public Key Infrastructure und der reinen Messaging-Engine etablieren möchten.
Tiefgreifende Automatisierung:Wenn Gateway-basierte Signatur, automatische Entschlüsselung vor der Archivierung (Journaling) oder tiefes DLP (Data Loss Prevention) unabdingbar sind.

Looking for the Business Overview for M365?

This focus is on technical routing and mail flow. If you want to know how brand consistency and user acceptance are increased in a native M365 environment, switch to the business perspective.

To Business Perspective for Microsoft 365

Die versteckten Kosten von 'Add-in Only' Strategien

Many companies underestimate the friction losses caused by decentralized encryption.

Update Fatigue

Third-party updates often block Outlook features.

Mobile Gap

Add-ins rarely work smoothly on iOS/Android.

Missing Audit

Central logging of crypto events is hardly possible.

User Error

Manual encryption is simply often forgotten.

Common Technical Questions (Exchange Online)

Does the connector affect email deliverability (SPF/DKIM/DMARC)?

No. Conbool acts as an authorized mail relay. We support correct signing and ensure that your SPF records and DKIM signatures maintain the integrity and reputation of your domain.

How secure is the connection between Exchange Online and Conbool?

Communication takes place via TLS-encrypted certificate connectors. We enforce the latest TLS versions and Perfect Forward Secrecy for all data exchange between your tenant and our gateway.

Can we exclude specific domains or senders from routing?

Yes. You have full control via transport rules in Exchange Online. You can set granular conditions for which messages are directed to Conbool for encryption and which use the standard path.

Does SecureMail support hybrid Exchange scenarios?

Of course. SecureMail can be configured to process emails from both on-premise Exchange servers and Exchange Online instances, which is ideal especially during a migration phase.

Where are the audit logs for crypto events stored?

All events are logged in the Conbool Governance Console. These logs are audit-proof and can be exported for compliance audits or connected to your SIEM system via an API.

Vom Add-in Chaos zur Gateway-Souveränität

Build a future-proof encryption infrastructure for your company. Let's talk about your architecture.

Request Technical Assessment Architecture Guide