https communication on owa.company.com if all our mailboxes are moved to Offce365?

Question

https communication on owa.company.com if all our mailboxes are moved to Offce365?

Sajid Mumtaz 66

Hi!

We have hybrid configuration with Exchange 2010 on prem. We have all our mailboxes in O365. I can see that we have rule in Firewall that is allowing https traffic from outside to owa.company.com. As I inherited this configuration so I want to check if we really have to open this https communication from outside to our on Prem Exchange?

Thanks

Yuki Sun-MSFT 41,376 Reputation points Moderator

2023-01-02T07:41:20.483+00:00

Hi @Anonymous ,

Just checking in to see how things are going on with this thread. If Andy's replies were helpful, you can accept it as an answer so that it can help others in the community looking for help on similar topics as well. Should you still have further questions or concerns, feel free to post back.

Accepted answer

0 additional answers

Your answer

Yuki Sun-MSFT 41,376 Reputation points Moderator

2023-01-02T07:41:20.483+00:00

Hi @Anonymous ,

Just checking in to see how things are going on with this thread. If Andy's replies were helpful, you can accept it as an answer so that it can help others in the community looking for help on similar topics as well. Should you still have further questions or concerns, feel free to post back.

Answer 1

Andy David - MVP 157.9K MVP Volunteer Moderator

If all the mailboxes and any public folders are in 365, then close that firewall port ( and all https access) to the on-prem Exchange Servers as soon as possible.
Its not needed and is a security risk.
If all your mail flows inbound and outbound through 365, be sure to block port 25 to the on-prem servers as well if that is open.

Verify that autodiscover points to Exchange Online

https://learn.microsoft.com/en-us/exchange/decommission-on-premises-exchange

Sajid Mumtaz 66 Reputation points

2022-12-27T12:24:45.817+00:00

Hi!

Thanks for your reply.
I can see in O365 portal as user mailboxe is UserMailBox so it looks like the mailbox exist on Office365.
The autodiscover is pointing to Exchange 2010 right now.
If I change the autodiscover and point it to Exchange online. Can I set it back to old address in case of any issue?
Andy David - MVP 157.9K Reputation points MVP Volunteer Moderator

2022-12-27T13:15:53.443+00:00

Yes, absolutely! Change it to point at Exchange Online and verify its working. You can always change it back if needed.
autodiscover.yourdomain.com

https://learn.microsoft.com/en-us/microsoft-365/enterprise/external-domain-name-system-records?view=o365-worldwide
Sajid Mumtaz 66 Reputation points

2022-12-27T14:08:02.837+00:00

Thanks. I can see that my autodiscover.yourdomain.com is already pointing to autodiscover.outlook.com

nslookup autodiscover.yourdomain.com
Name: autod.ms-acdc-autod.office.com
Addresses: 2603:1026:c11:xxx::8
2603:1026:900:xx:xx
2603:1026:c11:xx::8
2603:1026:c11:xx::8
52.98.x.x
132.245.x.x
52.98.x.x
52.98.x.x
Aliases: autodiscover.yourdomain.com
autodiscover.outlook.com
autod.ha-autod.office.com
Andy David - MVP 157.9K Reputation points MVP Volunteer Moderator

2022-12-28T14:05:26.97+00:00

You should be good to go then!
Block 443 from the internet to your on-prem Exchange Servers
And time to upgrade Exchange 2010 to 2019 :)
Sajid Mumtaz 66 Reputation points

2022-12-29T08:13:51.477+00:00

Thanks. couple of my questions and then I am done :).

I found couple of Mailboxes on Exchange but they are not user Mailbox but may be used as forwarder or something similar as the previous guy didn't leave much info about it. As they are not user Mailboxes then I think there is no issue as they dont need the settings that normally autodiscover provides.
if I just do
nslookup autodiscover then I can see my Active directory domain name in Aliases. Just to confirm it still ok to change the record to point to Exchange online?

Name: autod.ms-acdc-autod.office.com
Addresses: 2603:1026:909:x::x
2603:1026:976::1
2603:1026:c11:b::8
2603:1026:c11:c54::8
52.98.x.x
52.98.x.x
132.245.x.x
52.98.x.x
Aliases: autodiscover.Active-directory-domain-name
autodiscover.yourdomain.com
autodiscover.outlook.com
autod.ha-autod.office.com
Andy David - MVP 157.9K Reputation points MVP Volunteer Moderator

2022-12-29T15:36:33.207+00:00

Yes, you can do still make the change - its only not recommended if you had user mailboxes still on-prem that users logged onto interactively.
Sajid Mumtaz 66 Reputation points

2023-01-02T09:46:24.86+00:00

Thanks Andy. I am just looking for one mailbox which is not user and used by finance. Perhaps its the public folder. This is the only thing that is left and then we have ******@domainname.com email address. So only two address left on exchange. All user mailboxes are on cloud. I am checking if setting the value to null in Exchange will not break anything.
Yuki Sun-MSFT 41,376 Reputation points Moderator

2023-01-06T08:34:12.197+00:00

All user mailboxes are on cloud. I am checking if setting the value to null in Exchange will not break anything.

Are you talking about removing the SCP values on Exchange servers by setting -AutoDiscoverServiceInternalUri to "$Null"? If this is the case, this value can be changed back any time, so you can just go ahead.

Share via

https communication on owa.company.com if all our mailboxes are moved to Offce365?

0 additional answers

Your answer