question

steh88-0887 avatar image
0 Votes"
steh88-0887 asked janak edited

Office 365 hybrid deployment

Hi

Looking for some pointers if someone can help and point me on the right path. We are in the process of migrating to Office 365 using a hybrid deployment, something I have never done before so looking for a few pointers and to see if my thought process is correct.

We currently have an environment consisting of 4 exchange 2016 servers with all inbound/outbound mail going through a secure mail gateway. When we migrate we are going to have a mixture of mailboxes within Office 365 and on prem.

So in terms of mail flow I am assuming it will be www>mail gateway>Exchange >Office 365.

Were my confusion lies is with the connectors both within Office 365 and Exchange.

My thought process is this:

Office 365
Mail flow connector>From Office365 to Your organisation Email server.
Use the connector only when have a transport rule that redirects messages
Route email messages using MX record (As this currently points at mail gateway)

Mail flow connector>From Your organisation Email server to Office 365
Verify via external IP of email server

Create mail flow rule to redirect emails via the connector

On Prem Exchange
Keep connectors as they are as currently set to go through mail gateway

Is there a connector that needs to be configured within exchange to then send emails to Office 365 or does the hybrid config wizard configure this.

office-exchange-hybrid-itpro
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

joyceshen-MSFT avatar image
0 Votes"
joyceshen-MSFT answered janak edited

Hi @steh88-0887

185808-image.png
HCW will help you create send/receiver connectors automatically which could make sure the mail flow between Exchange on-premises and Exchange online. After that, if you want to add third-party mail gateway, you could create send connector for it manually.

The official document here introduces the connectors in detail: Set up connectors to route mail between Microsoft 365 or Office 365 and your own email servers

And how the hybrid mailflow works: Transport routing in Exchange hybrid deployments
Please note that: Don't place any servers, services, or devices between your on-premises Exchange servers and Microsoft 365 or Office 365 that process or modify SMTP traffic.

Below related links will be helpful to you as well:
1.Mail flow best practices for Exchange Online, Microsoft 365, and Office 365 (overview)
2.Hybrid Exchange and third-party SMTP mail gateway


If an Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (58.2 KiB)
· 11
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

All that information is a big help thank you.

In terms of mail flow then I have read that if you go www>Exchange >Office 365 you lose the ability for DLP, EOP etc is this the case. I have assumed that because the email is being sent from exchange to Office 365 and still hitting Office 365 the email would still be scanned by EOP etc or is this not the case.

So if we were to go www>mail gateway>O365>Exchange we would be adding a double layer of protection in a sense as mail would be scanned by both our mail gateway and Office 365, have I got this correct?

1 Vote 1 ·

Hi @steh88-0887

EOP works for mails sent from on-prem Exchange server to O365 as well.

And yes, a double anti-spam check will work for this scenario.
186254-image.png


0 Votes 0 ·
image.png (45.0 KiB)

So in terms of connectors then if I want to go www>smart host>exchange>Office 365 would it be

Office 365 connectors
Mail flow connector>From Office365 to Your organisation Email server.
Use the connector only when have a transport rule that redirects messages
Route email messages using MX record (As this currently points at mail gateway)

Mail flow connector>From Your organisation Email server to Office 365
Verify via external IP of email server
Create mail flow rule to redirect emails via the connector

On Prem Exchange connectors
Keep connectors as they are as currently set to go through mail gateway


1 Vote 1 ·
Show more comments