Certificate for Hybrid Connector

Hey Jeff,

Hope you are having a good morning. I will do my best to address all your questions ><

1. Yes, I have found that is the easiest way to do it most times, just re-run the HCW, insert the new cert, and you should be good to go.

2. So your question to me really comes off about exchange connectors. When you go there you have the option. I can say for connectors I always recommend my clients use the cert (when possible), as then you are confident everything is securely transmitted, and done so using the cert you control. IPs can work, and realistically are there as sometimes you are going to be setting up a connector to another organization that all you have to go on is an IP (think a third party service that you need to send directly too). But when you are talking hybrid, it is a more secure organizational relationship, which is why the HCW is defaulting into the cert method. 

3. So I have done this a number of times, both for clients on-prem, as well as clients that have servers in things like azure. Its actually kind of nice, as with the TLS connector, you dont get limited by allot of the pretty restrictive things that O365 SMTP sending does. In short, they only really care if you are sending spam.

I have always created a new connector based on IP to do this. Since the reason I was creating this connector was to send external mail, I essentially had one connector on-prem that sent mail to O365 based on my internal domain, and one connector on-prem that followed the path described in option 3 of you article. That connector was set to get everything else. They both sent to O365, but since I had it setup as such, it would send mail to O365 then externally.

Adam