Configure Cleanmail CH (cmv5) for automatic user provisioning (O365/AD)

This tutorial describes the steps you need to do in both Cleanmail CH (cmv5) and Azure Active Directory (Azure AD) to configure automatic user provisioning.

When configured, Azure AD automatically provisions and deprovisions users to Cleanmail using the Azure AD Provisioning service.

For important details on what this service does, how it works, and frequently asked questions, see Automate user provisioning and deprovisioning to SaaS applications with Azure Active Directory.




Configuring Microsoft 365 for Cleanmail Sign+Encrypt v1

Please note that this documentation only concerns version 1 of the Sign+Encrypt service. Please contact our support team ( to set up Sign+Encrypt v2.

Please follow the steps in this document to configure your Microsoft 365 (Office 365) for Cleanmail Sign+Encrypt. You will also need the information in the activation e-mails which were sent to you.

If you have questions, please contact us at, or use the chat using the box in the bottom right corner.


Februar 1st 2019 is “DNS-Flag-Day”.

The Domain Name System DNS is the contact app of the Internet. It allows you to view this website by entering the name “” into the address bar of your browser, and ensures that emails with are delivered to the right mail server(s).

In the last decades, the DNS protocol has been in constant evolution. Unfortunately there are still quite a lot DNS servers which are still on pre-1999 levels on how they understand the DNS protocol. Current DNS server software uses a series of workarounds to ensure that such aged software still works.

On February 1st 2019 many large providers will turn off these workarounds. Even though 20 years of lead time should be sufficient, and even though there are publicly available tools to check the status of one’s own DNS server, some services and service providers will be surprised on this day.

If you encounter unexpected outages on or after February 1st 2019, there is a certain probability that this is due to the “DNS-Flag-Day”. The infrastructure of Cleanmail is on current levels and thus not affected by this change. However, it could well be that other organisations are affected with the result that they can not send emails to us, or that they can not receive emails sent through us. Please note that this behaviour is outside of the control of Cleanmail and can thus not be whitelisted.

Additional information on the DNS-Flag-Day can be found at



For technical support please contact us via, and via for administrative and sales questions. The easiest way is maybe via the chat you’ll find on the bottom right (the orange square, clic, write, send, give us your contact information if you don’t get a quick anwser, thank you).

☣️ Please report missed spam as .eml attachment to

Please note that this KB is currently only available in German.

If you do not find the resolution for your request in the support database, please contact us.

🔧 See the state of our services, the incidents (DE).

This link will take you to a list of our ♥️ partners and resellers.