Forum Discussion
Centralized mail transport and sending outgoing messages directly from EXO
Dear Community
I have a following question: my company is using Exchange hybrid environment, with centralized mail transport. Both incoming and outgoing messages are routed through on-prem mail gateway, also MX points to it. We would like to deprecate the on-prem gateway soon and the first step might be changing routing for outbound emails, so they go directly from EXO to gmail.com for example. And here is the real concern - is there any tricky way, to set this routing selectively, for a pilot user group first, before we change it globally? I know about Set-OutboundConnector and RouteAllMessagesViaOnPremises parameter, but I wouldn't like to change it before doing some test on selected mailboxes. Will be happy for any suggestion.
Best Regards
Marcin
Hello,
You can use Rule Based send connectors but in order to implement your migration incrementally you would need to do something similar to this.
1. Create a send connector that will route email to your on-premises exchange and configure the Use of connector to "Only when I have a transport rule setup that redirects message to this connector"
2. Create a transport rule that scopes the messages that you want to have sent to your On-Premises Exchange. For example: you could configure the rule to only use this connector when the messages have an external destination address domain.
3. Disable Centralized Mail Routing. You have to do this or the centralized mail routing configuration will continue to send all of your mail to on-premises via your default Hybrid Connector.
Note:- Once enabled, Exchange Online will send all outbound mail to the on-premises environment first, even if there is a matching send connector in Exchange Online that could handle the mail directly.
- The on-premises Exchange then routes the mail to its final destination, whether that’s an external recipient or another internal mailbox.
So be aware that this is not a "non-change" from a routing perspective. Mail sent between two of your recipients will no longer be sent to on-premises exchange first and then routed back to you Exchange Online. It will go directly to the recipient. You will notice this if you look at your transport logs Exchange on premises or message traces in your Exchange Online Tenant.
At this point your outbound mail will still be routed to your on-premises service but will do so based on the Mail Flow rule and the new connector you have setup.
Now you can start modifying the mail flow rule to implement your roll out. For example you could add a " Except If" clause to your transport rule and include specific senders or members of a group in that Except clause.
Doing so would cause their mail to be sent from Microsoft default sending connector. (this is not visible but its always there).
This how we implemented this change in our Hybrid Exchange Environment.
7 Replies
William_Holmes Dan_Snape , thank you for your responses.
We have all mailboxes in the cloud, full migration from on-prem was done some time ago, but we have still the hybrid/centralized mail flow in action. Emails sent from my M365 mailbox to Gmail for example, goes this path:
EXO --> Exchange on-prem --> 3rd-party on-prem gateway --> Internet.
As we want to decomm the on-prem infrastructure, the goal is to move to the "direct" routing, means:
EXO --> Internet.
The trick with connector sounds interesting. To fully clarify it - mail flow is controlled via the default "your organization" type connector, created by Hybrid Configuration Wizard in the past. This connector is set to send all emails (domains = *) to our on-prem Exchange. I could in theory change use of this connector to "Only when I have a transport rule set up..." and play with Transport Rule, for example by creating a rule like this:
Sender: external
Do the following: use the default connector
Except if: sender belongs to a group
If I understand correctly, emails from these excluded users, as they are not in the scope of any connector, are routed directly to the outside - is this correct way of thinking?
Best Regards
Marcin
Hello,
You can use Rule Based send connectors but in order to implement your migration incrementally you would need to do something similar to this.
1. Create a send connector that will route email to your on-premises exchange and configure the Use of connector to "Only when I have a transport rule setup that redirects message to this connector"
2. Create a transport rule that scopes the messages that you want to have sent to your On-Premises Exchange. For example: you could configure the rule to only use this connector when the messages have an external destination address domain.
3. Disable Centralized Mail Routing. You have to do this or the centralized mail routing configuration will continue to send all of your mail to on-premises via your default Hybrid Connector.
Note:- Once enabled, Exchange Online will send all outbound mail to the on-premises environment first, even if there is a matching send connector in Exchange Online that could handle the mail directly.
- The on-premises Exchange then routes the mail to its final destination, whether that’s an external recipient or another internal mailbox.
So be aware that this is not a "non-change" from a routing perspective. Mail sent between two of your recipients will no longer be sent to on-premises exchange first and then routed back to you Exchange Online. It will go directly to the recipient. You will notice this if you look at your transport logs Exchange on premises or message traces in your Exchange Online Tenant.
At this point your outbound mail will still be routed to your on-premises service but will do so based on the Mail Flow rule and the new connector you have setup.
Now you can start modifying the mail flow rule to implement your roll out. For example you could add a " Except If" clause to your transport rule and include specific senders or members of a group in that Except clause.
Doing so would cause their mail to be sent from Microsoft default sending connector. (this is not visible but its always there).
This how we implemented this change in our Hybrid Exchange Environment.Thanks for the reply - it sounds reasonable and we'll take this path probably.
Regarding this step: 1. Create a send connector that will route email to your on-premises exchange - such connector exists already, created automatically in the past, when HCW was running. So we have to just switch its mode, so it's activated by a Transport Rule.
Best Regards
Marcin
I would ask where are the senders located that you want to selectively want to apply outbound routing to? Are they on-premises users that would be initiating the sending action? While Exchange Online Mail Flow rules support redirection of email messages to a specified connector, On-Premises Exchange server do not. So it would not be possible to redirect mail via a connector for On-Premises users based on a rule.
Can you further clarify your routing scenario?You'll need to create a mail flow rule that is configured to route all mail via a specified connector with the exception of the pilot group of users. Depending on your config, you may also need a new connector for this that's of type "used with mail flow rule."
The pilot group will then be routed directly to the internet via the hidden EXO external connector. When you decide to cutover all users, you just disable the mail flow rule, then after a period you can clean up by deleting the rule and connecter pairing.
