Installation process


As the software engine runs completely in the cloud and signatures are added on the server-side, there is no need to install anything on end-users' computers or mobile devices. The software only requires tenant registration and configuration by the administrator of your Office 365 organization (see below).

Tenant registration and configuration

The installation process consists of a few steps:

  1. Account registration - creating an account in CodeTwo user panel.
  2. Connectors configuration - configuring outbound and inbound connectors and transport rule in your Office 365 to allow processing by CodeTwo Email Azure Service.
  3. SPF records configuration - configuring SPF records at your domain registrar.
  4. Application start - starting the CodeTwo Email Signatures for Office 365 admin console.
  5. Authorization and tenant registration - logging in to Office 365 with global admin credentials and registering your tenant with CodeTwo Email Azure Service.

Once you are done with installation you can start configuring your signatures rules and enable Sent Items Update service

Scroll down or click on the steps listed above for detailed description.

Account registration

First, you need to set up an account with CodeTwo Email Signatures for Office 365. To do that go to the product website and click Create account.

Launching the product website in Internet Explorer.
Fig. 1. Launching the product website.

And fill up the registration form.

The registration form.
Fig. 2. The registration form.

Be aware that the email address does not necessarily have to be your Office 365 admin's account here - it can be any valid email address you would like to use to manage your tenants accounts with CodeTwo. Office 365 admin's credentials will be required later on.

After hitting Create account button we will send you an email with an activation link you just need to click to be able to proceed with registration.

Once you do that, you will be taken to the Dashboard (you can get there also by clicking Login to User Panel on the product website, see Fig. 1.). The Dashboard is there to allow you managing multiple tenants registrations and payments with CodeTwo.

The Dashboard with no tenants added yet.
Fig. 3. The Dashboard with no tenants added yet.

To proceed click Add New Tenant. In the next window (here not presented - step 1. "License agreement") read and accept terms and conditions. After that (here not presented - step 2. "Login"), sign in with your Office 365 global admin credentials.


Make sure you choose the right Global Admin credentials as it is not possible to change them client-side, later on. If such a need arises, please contact our Support.

Signing in to Office 365.
Fig. 4. Signing in to Office 365.

Accept granting permissions required to run CodeTwo Email Signatures for Office 365 for your tenant.

Accepting permission required to run the software.
Fig. 5. Accepting permission required to run the software.

After that, in step 3. "Geolocation" choose a server that is the closest to your Office 365 tenant (Fig. 6.).


Make sure you choose the right server location as it is not possible to change this client-side, later on. In the case this must be changed, please contact our Support.

Choosing CodeTwo Email Azure Service server location.
Fig. 6. Choosing CodeTwo Email Azure Service server location.

Successful registration will be confirmed in the step 4. "Next steps".

Successful tenant registration window.
Fig. 7. Successful tenant registration window.

It is recommended that you now configure connectors and SPF records, as per displayed instructions (Fig. 7.).

Connectors Configuration

Upon the tenant registration, you will be given a choice to configure connectors now or to skip this step (Fig. 7.). Connectors do not have to be configured at this moment (you can do this later either automatically as described below or manually), but keep in mind that your rules will not work until the connectors configuration step is done. Creating outbound and inbound connectors to your Office 365 tenant is required so emails sent from your organization can be forwarded to CodeTwo Email Azure Service, which checks them against rules you configured and stamps with signatures. If you decide to configure connectors now, click Configure connectors button. This will start a wizard (step 1. Welcome).

Connectors configuration wizard.
Fig. 8. Connectors configuration wizard.

If you skip connectors configuration now, you can always get back to the configuration wizard to create new or edit existing connectors in the User Panel, Tenant Settings, Exchange Online connectors. This can also be open from the Admin Console (Fig. 9.).

Access to Program Settings.
Fig. 9. Accessing Settings from Admin Console.


If you want to remove existing connectors, see this article on uninstalling CodeTwo Email Signatures for Office 365 before using to the "Remove connectors" feature.

In any case, the wizard will ask you to provide Office 365 credentials (here not presented - step 2. Login). This is because the initial authorization via Azure OAuth2 does not allow access to connectors configuration in Office 365 tenants for third party apps.


Your credentials are not stored with any CodeTwo service, however, if you are not convinced, you can still skip connectors configuration via wizard and set them up manually in your Office 365. However, we strongly advise against manual connectors configuration.

In the next step (step 3. Senders scope) you can limit the connectors scope to a particular distribution group. By default, the program will route all emails through CodeTwo Email Azure Service. If you wish to customize the scope of users whose emails will be stamped with signatures, it will be more convenient to do that by creating email signatures rules directly in the CodeTwo Email Azure Service (see Signatures rules configuration).

Also, in this step you need to decide whether you want to stamp with signatures emails sent within the organization or not - see the checkbox at the bottom of Fig. 10.

An option to limit connectors scope.
Fig. 10. An option to limit connectors scope.

In the last step, hit Configure to auto-configure your Office 365 connectors. You will see the progress in the trace log window.

Installation progress window.
Fig. 11. Installation progress window.

Once this step is done, click Finish.

Connectors configuration finished.
Fig. 12. Connectors configuration finished.

You can now go to your SPF records configuration.


If you cannot or do not want to use the wizard see the article on manual connectors and transport rule configuration.

SPF records configuration

If you have your own public domain (e.g., and this is most likely the case, you must add an SPF record for CodeTwo Email Signatures for Office 365 domain in the DNS. This must be done at your domain registrar's DNS configuration, it is not possible to do that from within Office 365 configuration (see Office 365 support on that, search for "SPF").


Your emails will be forwarded through CodeTwo Email Azure Service and email headers will contain history of such forwarding. This may be considered suspicious by advanced spam filtering mechanisms installed on the email recipients' mail servers. To avoid this obvious false-positives you should take advantage of SPF records in your DNS. By adding CodeTwo Email Azure Service address to SPF records you declare that address of that service has been authorized by you to process your mail traffic. Recipients' spam filters check addresses of mail servers that processed emails they received against SPF records in public DNS servers. If CodeTwo Email Azure Service address is found there mail processed by CodeTwo Email Signatures for Office 365 will be considered safe (not spam). Otherwise any outcome is possible.

Again, if you have your own domain, you probably already added an SPF record for Office 365 domain at your domain registrar's DNS following this article, this general instruction or one of the customized here. So, your SPF records that include Office 365 domain look most likely as below:

v=spf1 -all

You need to now expand this entry to include CodeTwo Azure Service domain SPF address: Edit your records to add aforementioned entry so it looks as below. We recommend adding our SPF entry as the last one (before -all).

v=spf1 -all


Be aware this is just an example based on the default SPF records configuration after applying changes suggested by Microsoft. Your SPF records may look different, for example more domains may be already included.

You can now start Admin Console to start managing your signatures rules.

Application start (Admin Console)

To start Admin Console go to the Dashboard...

The Dashboard with one tenant added.
Fig. 13. The Dashboard with one tenant added.

...and click Manage Signatures by the tenant name - this will start the application in which you can configure rules and signatures.

The application works out of the box in Internet Explorer 9 (or newer) therefore we recommend using IE, however, we also tested the newest versions of Google Chrome and Mozilla Firefox. Other browsers will probably work too, but installing additional plugins or downloading executables might be required. 

In Internet Explorer and Microsoft Edge, clicking on Manage Signatures either in the Dashboard or on the product website will automatically download and run the application.

Application download in progress.
Fig. 14. Application download in progress.

Other browsers will download the CodeTwo Email Signatures for Office 365 admin console executable. If it does not start automatically, run it from your default download folder.


If you stumble upon a logon error mentioning "Proxy Authentication Required" when starting Admin Console, see our Knowledge Base article on that.

Authorization and registration

In the pop-up window, sign in to your Office 365 tenant. You must use your Office 365 global admin username and password. Your credentials are totally safe as they are passed directly to Microsoft servers, Azure OAuth2 authorization is used to avoid passing credentials outside Microsoft servers (CodeTwo does not receive your credentials).

Office 365 log in pop-up.
Fig. 15. Office 365 log in pop-up.

Review and accept permissions that must be granted for the application to run.

Granting permissions for CodeTwo application to read from Office 365.
Fig. 16. Granting permissions for CodeTwo.


Consider blocking your end-users from configuring OWA signatures to avoid duplicates and unauthorized disclaimers.

See next

Signatures rules configuration and editor features

Sent Items Update service

Was this information useful?