Forum Discussion
Thierry Chapuisat
Dec 21, 2022Brass Contributor
Exchange Hybrid : restrict IP from Microsoft
Hello,
We currently have various clients that are in hybrid mode with Exchange servers. In order to limit hacking by Exploit, we have limited external access to the Microsoft IP on port 443 and 25.
Now, if all the mailboxes are on the Cloud and we no longer use the local Exchange server apart from modifying attributes from the ECP, is it necessary to leave the local Exchange server(s) open with port 443? even from Microsoft IPs?
Of course, in this case, the autodiscover DNS record already points to Microsoft Online and we are not using SMTP as a relay either.
If yes, for what reason to keep open the 443 ?
Thank you for your lights 🙂
- RGijsbersRademakersIron Contributor
If you're running Exchange Server 2019, you can shutdown your last exchange server and continue to use the Exchange Management tools to manage your recipients.
You will first need to verify that nothing is using your local Exchange Server anymore. No multi functionals that use your server for sending email and no other services that relay email through your local Exchange server. When you're absolutely sure that that's the case, you can shutdown the last Exchange Server.
Note: Do not uninstall Exchange.
For the detailed procedure and requirements go here
Regards,
Ruud
- SchnittlauchSteel Contributor
As long as you are using a hybrid setup, you'll need to have all MS Ports and IPs whitelisted.
Since Microsoft is not hacking you, there is no reason to restrict their access.
Learn more here:
https://www.alitajran.com/exchange-firewall-ports-for-mail-flow-and-clients/
https://learn.microsoft.com/en-us/exchange/hybrid-deployment-prerequisites
Best regards,
Schnittlauch"First, No system is safe. Second, Aim for the impossible. Third, no Backup, no Mercy" - Schnittlauch
My answer helped you? Don't forget to leave a like. Also mark the answer as solved when your problem is solved. 🙂