Over the past few years we have steadily been moving towards a cloud only environment. We are now at a stage where We can decommission our Hybrid Enviroment, expect for the following issues and caveats, a few questions and concerns from our network team and security that I'm trying to overcome, so any thoughts would be appreciated.
We have 2 mailbox servers in our internal network and 2 Edge servers within the DMZ. I don't see the need to have any of these servers anymore, other than 1 server deployed to Azure to provide management functionality for the on-premises created users, My question is, I should not need to open up any incoming ports on the Azure server which only will act as an External SMTP relay and a management server.
- All mailboxes are now stored in Exchange Online
- Centralized mail routing to be disabled
- Email delivery domain is authoritative
- MX records points to EOP
- Some legacy devices require On-Premises SMTP relay as they are not internet facing
- Internal DNS can take care of this and re-direct SMTP traffic to our Azure Server to then reach the internet
- All mailboxes that are created in the cloud are created through an automation process, where AD-Synch creates the attributes in Azure, then a license is given afterwards from on On-Premises based AD group which then grants the mailbox and associated attributes
- There is no need for a full hybrid configuration as the only traffic I foresee is:
- SMTP relay from on-premise
- Management of mailbox attributes on the Azure server with EAC
So in essence the Azure server only needs outgoing ports, no incoming would be needed as hybrid config is not required? Or is it?
Thanks