This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 26%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EE%3C/text%3E%3C/svg%3E)
hi team, im looking to setup exchange hybrid deployment, my question is that my exchange server currently is not exposed to the internet. i dont have public ips users only use it internally or through vpn.
my virtual directories are not published externally (owa, ews, autodiscover..)
can i acheive exchange hybrid configuration wizard if the above is my scenario by just opening needed ports? or no its mandatory to have a public IP and to have my virtual directories at least ews, autodisciver published on it?
thank u
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 13%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
I wanted to follow up and know if the below responses helped in answering your query. If it did, please do not forget to accept the appropriate response as Answer so that others in the community facing similar issues can easily find the solution.
You would need a public IP, otherwise mailflow and OAuth between on-prem and EXo wont work.
https://learn.microsoft.com/en-us/exchange/hybrid-deployment-prerequisites
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 61%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMU%3C/text%3E%3C/svg%3E)
To set up an Exchange Hybrid deployment, you can achieve it without exposing your Exchange server to the internet or having public IP addresses. In your scenario, where users only access Exchange internally or through VPN, you can follow these steps:
Prepare Your Environment: Ensure that your on-premises Exchange server is up-to-date and meets the prerequisites for Exchange Hybrid deployment. This includes having the required service packs and cumulative updates installed.
Connectivity: You should have a reliable VPN connection for your users to access the on-premises Exchange server. This ensures secure communication without exposing your Exchange server to the public internet.
Virtual Directory Configuration: While it's common to publish virtual directories like OWA, EWS, and Autodiscover externally for Hybrid deployments, it's not mandatory if you are only serving internal or VPN-connected users. However, you should configure these virtual directories correctly for internal access.
Hybrid Configuration Wizard (HCW): You can run the Exchange Hybrid Configuration Wizard (HCW) from your on-premises Exchange server. The wizard will guide you through the necessary steps to configure hybrid connectivity with your Office 365 tenant.
Firewall and Port Configuration: Ensure that the required ports for Exchange (like HTTPS) are open on your firewall to allow communication between your on-premises Exchange server and Office 365. You'll need to establish outbound connections to Microsoft 365 services.
Public DNS: While you don't need public IP addresses, you will need to configure your public DNS records correctly for your domain to route email traffic to the Office 365 tenant.
In summary, you can set up an Exchange Hybrid deployment without exposing your Exchange server to the public internet. A VPN connection and proper internal configurations can suffice for secure communication. However, ensure that the required ports are open and DNS records are correctly configured for hybrid connectivity.
How would email route to on-prem from Exchange Online without a public IP?
How would inbound connections from Exo to on-prem work for Free/busy etc...?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(300.8, 62%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMA%3C/text%3E%3C/svg%3E)
I believe for the first point, the mail route to on-prime from online will use the connectors.
I am not sure about the second point, can you clarify more, and If we need to use only Microsoft teams without Migrating mailbox to Office 365, is this will effect for the calendar (Free/ Bust ....) on MS Teams?
Waiting for your replay.. Thanks