Scenario
You wish to restrict usage of the Signature 365 server-side signatures function to a specific subset of your user base.
Solution
You can create a mail-enabled security group in Exchange Online to limit access to Signature 365 and the users that are imported. This can also be used for existing configurations to update the transport rule within Office 365 to only route email from a specified group for server-side injection.
Info
You will need Administrative access to your company's Office 365 Tenant to complete this task
Create a new security group in Office 365
Log on to the Exchange Admin Centre
Select the Groups menu item:
Select the Mail-enabled Security Group option, and click Add a group:
Select Mail-enabled security as the group type:
Name and describe your new group - we suggest the example below:
You will need to assign an owner for the group:
Add the members you wish to grant access to Signature 365 here:
Give the group an email address. We strongly recommend enabling the Require owner approval to join the group option to prevent users joining the group and routing through Signature 365:
Review the settings and click on Create group:
Modify the Transport rule to only apply to members of this group
Info
The changes below are only required to update an existing configuration - if you are configuring Signature 365 for the first time this is not required
We can now modify the Transport rule to restrict access to this group of users.
From the 365 Menu, expand the Mail flow dropdown, and select Rules:
From the list of rules, select the Send to Signature 365 for signature injection rule:
Select the Edit rule conditions option from the pop-out menu:
Find the Apply this rule if option, and hit the +icon
This will add create an And component to the rule. Select The sender and Is a member of this group.
In the pop out window, select the group you just created:
Hit the save button on the rule, this is now completed.