Share via

"Proxy" EWS calls from on premise Exchange to Exchange Online in hybrid setup?

CtrlAltDelight 0 Reputation points
2023-06-26T16:51:59.2+00:00

Howdy y'all,

I am wondering if this may be possible... Here's what I'm trying to do:

We have an integration that utilizes EWS using the "Send As" permission to send mail impersonating a user. Currently with our on premise exchange environment web services makes the EWS call to the on premise exchange box.

We are currently in the process of migrating to Microsoft 365 in a hybrid configuration. As these "Send As" emails currently do not spool on the web service side, we're ideally wanting to send these EWS calls to the on premise exchange box which would forward them on to o365 if the mailbox is in the cloud. We've tried ensuring that all the proper permissions are in place (https://learn.microsoft.com/en-us/exchange/permissions#delegate-mailbox-permissions), but the on premise exchange box is not recognizing mailboxes hosted in the cloud. The on premise exchange box will always return "Error Sending Message: The SMTP address has no mailbox associated with it."

The reason we would like to send these EWS calls via the on premise exchange box is that it would provide some sort of "spooling" if Exchange Online were to go down or offline - as these "Send As" e-mails are business critical.

Is this even possible?

If it is possible, what could we be doing wrong?

Is there a better way we should be doing this?

TIA.

Exchange Online
Exchange Online
A cloud-based service included in Microsoft 365, delivering scalable messaging and collaboration features with simplified management and automatic updates.
Microsoft 365 and Office | Install, redeem, activate | For business | Windows
Exchange | Exchange Server | Management
Exchange | Exchange Server | Management
The administration and maintenance of Microsoft Exchange Server to ensure secure, reliable, and efficient email and collaboration services across an organization.
Exchange | Hybrid management
Exchange | Hybrid management
The administration of a hybrid deployment that connects on-premises Exchange Server with Exchange Online, enabling seamless integration and centralized control.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 159.7K Reputation points MVP Volunteer Moderator
    2023-06-26T18:05:59.1866667+00:00

    Hi, not possible. The SEND AS permission for the Exchange Online mailbox exists only in Exchange Online, so it doesnt apply across the two different forests (Your on-prem forest and the Exchange Online forest where the mailbox actually lives)

    These will have to be sent either directly from Exchange Online - authenticating as the account and sending SEND AS

    or:

    Send these anonymously from on-prem, then you can send as any address because its not being checked since its not authenticated.

    I prefer the second option.

  2. Aholic Liang-MSFT 13,916 Reputation points Microsoft External Staff
    2023-06-27T06:06:16.67+00:00

    Hi @ CtrlAltDelight,

    This article should be what you need:Allow anonymous relay on Exchange servers | Microsoft Learn

    Create anonymous relay connectors in on-prem Exchange so that you can specify that applications or other network devices can relay mail through Exchange Server.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.