In April 2022, we released an update to Exchange Server 2019 Management Tools that enables organizations that use Azure AD Connect and sync their Active Directory to manage Exchange recipients withou...
Published Mar 21, 2024
Version 1.0
Blog Post
PeterForster You can make an "OnPremises" connector and change the configuration for how it identifies the traffic.
New-InboundConnector `
-CloudServicesMailEnabled $true`
-ConnectorType OnPremises`
-Enabled $true`
-Name "Inbound from Postfix On-Premises"`
-RequireTls $true`
-RestrictDomainsToCertificate $true`
-SenderDomains *.domain.com`
-TlsSenderCertificateName *.domain.com`
-TreatMessagesAsInternal $true
Something like that should do the trick. It requires setting the certificate and restricting only traffic with the matching certificate and setting it for OnPremises and as CloudServicesMailEnabled.
I haven't run it in a while, but it worked the last time I checked it.
Back before cross-tenant migrations were possible, I used this same sort of thing to rewrite email addresses by sending traffic to Postfix, letting it rewrite, and then send it along to the appropriate tenant.