Add Edge Transport Server to existing Exchange 2016 Hybrid

Marcus Wong Theen Nam 1,111

I have an existing Exchange server 2016 hybrid deployment in my infrastructure. Currently all mail between on-prem and O365 routing to my on-premise third party email gateway.

I would like to replace it with Edge transport server so that mail flow between on-prem and O365 can route through the edge transport server.

May I know what's the proper steps to do this? I have the idea below but not sure if this is correct for environment that have an existing hybrid configuration.

Install Edge Transport Server in DMZ
Export the Edge subscription and import it to Exchange on-prem server
Subscribe Edge transport server
Create public DNS record for the Edge server and assign public IP to it
Re-run HCW, select the secure mail flow to go through Edge server and enter the Edge server public FQDN

Is this correct?

KyleXu-MSFT 26,211 Reputation points

2022-04-22T07:13:47.06+00:00

@Marcus Wong Theen Nam
I am writing here to confirm with you any update about this thread now.
If the suggestion below helps, please feel free to accept it as an answer to help more people.

1 answer

Andy David - MVP 142.3K Reputation points MVP

2022-04-19T12:27:27.213+00:00

Yes.
Running the HCW will ensure the changes are applied to the hybrid config:
https://learn.microsoft.com/en-us/exchange/edge-transport-servers

FYI:
Please sign in to rate this answer.
Marcus Wong Theen Nam 1,111 Reputation points

2022-04-19T15:22:34.533+00:00

If I were to point my outbound mailflow to my cloud third party filtering solution, can I configure the Edgesync outbount to internet connect to deliver to smart host (cloud mail filtering). So that it becomes:

Exchange on-prem >> Edge Transport >> CloudFiltering

Andy David - MVP 142.3K Reputation points MVP

2022-04-19T15:27:03.597+00:00

But then outbound wont go through 365. You can do that but any mail between Exch on -prem and your 365 mailboxes must go straight to 365.
I would recommend routing everything to 365 - including outbound

Marcus Wong Theen Nam 1,111 Reputation points

2022-04-19T15:30:41.86+00:00

You mean changing the EdgeSync to point to EOP which as below for outbound?

Exchange onprem >> Edge Transport >> EOP >> Internet recipient

For mail between on-prem & O365 I plan to configure HCW for Edge transport public DNS record which will be like this:

Exchange onprem >> Edge Transport >> EOP
EOP >> Edge Transport >> Exchange onprem

For internet inbound mail flow it will point to my third party mail filtering:

Internet >> Cloud filtering >> EOP (For mailbox in O365)
Internet >> Cloud filtering >> EOP >> Edge Transport >> Exchange onprem (For mailbox in on-prem)

Please correct me if above are wrong.

Andy David - MVP 142.3K Reputation points MVP

2022-04-19T15:35:30.797+00:00

yes, that would be optimal.

I assume "Cloud filtering " is some 3rd party solution:

https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/enhanced-filtering-for-connectors-supporting-hybrid-mail-routing/ba-p/1750045

Marcus Wong Theen Nam 1,111 Reputation points

2022-04-20T02:00:12.693+00:00

Thanks Andy,

I'll try to set it up and update here for the result soon.
Sign in to comment