Extended Email Security migration flow

To simplify the transition, our engineering teams have begun pre-staging all customer configurations in the new EES platform. This removes most of the setup work normally required and leaves only the final mail-flow updates for you to complete. We expect staging to be completed by January 24th, 2026.

When your account is ready, you will receive a welcome email that will allow you to set your credentials and confirm that your tenant accounts have been staged for you.

All customers must complete migration to the Extended Email Security (EES) platform including updating MX records and mail routing settings — before January 31st, 2026. If these updates are not completed, email filtering and related services will stop functioning once the legacy platform is shut down.

Due to developments outside our immediate control affecting the underlying infrastructure, we must bring forward the final shutdown to January 31st, 2026. We will support you through this migration so it goes as smoothly as possible.

Once your account is created in the Extended Email Security console, a provisional Extended Email Security license key is issued alongside the setup details, and the destination tenant is prepared. The key is only for tracking and provisioning and doesn’t need activation in GravityZone.

When the migration flow executes, the target customer’s tenancy is migrated from the legacy solution to Extended Email Security. The process automatically migrates all key assets related to the Email Security tenancy including but not limited to inboxes, user access, ruleset, domains, enforcing global policies.

Examples of manual steps can include review accounts and rights, add additional routes for primary domain, trigger the password reset flow for customer accounts and validate that the tenancy policy and ruleset were properly preserved during the migration process.

The customer then proceeds to redirect the email flow to Extended Email Security to enable traffic filtering. A DNS change of MX records executed by the end customer is needed to fulfill this step.

Email traffic starts to flow through the Extended Email Security filtering infrastructure. Please make sure to deactivate the Email Security add-on license in the GravityZone console for the customers that were successfully migrated within 30 days after the migration start date.

The Bitdefender Support team (ess-mesh@bitdefender.com) is available to coordinate any manual steps that might be needed to fully prepare the Extended Email Security tenancy to receive traffic.

When your account is ready, you receive a welcome email that allows you to set your credentials and confirm that your tenant accounts have been staged for you.

The welcome email is sent to the initial email address that is configured with the Partner account. MSP end users will only receive an email notification if they request a password reset or if they are created manually with the email password link option set.

Once your account is created in the Extended Email Security console, a provisional Extended Email Security license key is issued alongside the setup details, and the destination tenant is prepared. The key is only for tracking and provisioning and doesn’t need activation in GravityZone.

When the migration flow executes, the target customer’s tenancy is migrated from the legacy solution to Extended Email Security. The process automatically migrates all key assets related to the Email Security tenancy including but not limited to inboxes, user access, ruleset, domains, enforcing global policies.

Examples of manual steps can include reviewing accounts and rights, adding additional routes for primary domains, triggering the password reset flow for customer accounts, and validating that the tenancy policy and ruleset were properly preserved during the migration process.

You need to redirect the email flow to Extended Email Security to enable traffic filtering. A DNS change of MX records executed by the end customer is needed to fulfil this step.

The required MX record changes and potential email routing updates cannot be automated on Bitdefender's side and require actions from the MSP side.

Email traffic starts to flow through the Extended Email Security filtering infrastructure. Please make sure to de-activate the Email Security add-on license in the GravityZone console for the customers that were successfully migrated within the 30 days following migration.

The Bitdefender Support team (ess-mesh@bitdefender.com) is available to coordinate any manual steps that might be needed to fully prepare the Extended Email Security tenancy to receive traffic.

Once your account is created in the Extended Email Security console, a provisional Extended Email Security license key is issued alongside the setup details, and the destination tenant is prepared. The key is only for tracking and provisioning and doesn’t need activation in GravityZone.

Customers receive access credentials and configuration details to start initial setup and align policies.

For up to 30 days, Security for Email and Extended Email Security can run in parallel to prevent disruptions and verify mail flow, quarantines, and policies.

You’ll receive a password reset link for your new account and a link to the Configuration Guide with MX record update instructions.

IP ranges, Smarthosts and MX records based on region

Mailbox Population

For Outbound