Forum Discussion
Hybrid Centralized Transport sending emails to EXO
I've discovered that Microsoft hosted tenants emails we receive is going directly to our EXO tenant and using the Hybrid Outbound connector going directly to on-prem Exchange by passing our on-prem Email Gateway fitlers. Also saw some quarantined emails in the EXO from EXO Antimalware scanning. With Hybrid Centralized Transport, I need all mail flow to work just like before the Hybrid configuration based on our MX records. None Microsoft tenants email goes directly to our on-prem Email Gateway for processing before delivered to Exchange on-prem.
How do I change this behavior for Microsoft hosted tenants? I do not want email processed by EXO at all. I need all emails go through our on-prem Email Gateway for processing published with our MX records. This is currently bypassing our on-prem anti-virus, anti-spam among other safety features and using EXO's feature.
Properly configured, the sender should use MX records for mail routing. Some details are in this blog https://techcommunity.microsoft.com/blog/exchange/office-365-message-attribution/749143
You can create an inbound connector to reject any mail not from the correct location.
Regarding email processing by Exchange Online Protection (EOP), you cannot bypass this and emails will always be subjected to the threat protection policies. Microsoft recommendations for how to configure EXO/MDO when using a 3rd party service is outlined here https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/manage-mail-flow-using-third-party-cloud
- jt8585Copper Contributor
A partner connector was created to reject all emails that doesn't match the hybrid certificate.
- Dan_SnapeSteel Contributor
Properly configured, the sender should use MX records for mail routing. Some details are in this blog https://techcommunity.microsoft.com/blog/exchange/office-365-message-attribution/749143
You can create an inbound connector to reject any mail not from the correct location.
Regarding email processing by Exchange Online Protection (EOP), you cannot bypass this and emails will always be subjected to the threat protection policies. Microsoft recommendations for how to configure EXO/MDO when using a 3rd party service is outlined here https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/manage-mail-flow-using-third-party-cloud