This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 82%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Hello
We are in hybrid configuration with Exchange online. All mailboxes have been migrated to exchange online, however we still create mailboxes onprem and migrate them to the cloud. We currently use ironports for all mail hygiene. Our security team will not allow direct internet connection to any internal server, and this is why we have an EDGE server. I dont really agree with this thought process. I am trying to understand what the security concerns\issues with allowing smtp port 25 access only from the exchange online servers to the back end exchange servers ? Is it best practice to also deploy an EDGE server in the dmz? if so why?
I am writing here to confirm with you any update about this thread now.
If the suggestion below helps, please feel free to accept it as an answer to help more people.
In a hybrid environment, it is suggested to use Edge for Exchange online, because:
About detailed information about Edge server function in hybrid, you could have a look about this article: Edge Transport servers with hybrid deployments
As you said there doesn't exist mailbox on Exchange on-premises, so you could point MX record to Exchange online and disable centralized mail transport. In this way, mail flow will not be through Exchange on-premises, you will not need to deploy Edge server.
Whether we need to deploy Edge is decided by whether you need to send emails through Exchange on-premises. Transport routing in Exchange hybrid deployments
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.