Forum Discussion

Brass Contributor

Feb 12, 2020

Receive Connector from Office 365 Best Practice?

We're looking to setup Exchange Hybrid with centralized transport. I seem to have incorrectly assumed the Hybrid Configuration Wizard would create the receive connector for my on-prem servers. I can ...

MVP

Feb 13, 2020

Hi geek2point0,

When you setup Exchange Hybrid in your scenario, you need to allow all IP Ranges from EOP (Exchange Online Protection) to your Exchange On-Premises, because your Tenant can send email from any IP from that range more information here https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service.

Is not possible to block a different Tenant to send email directly, but they need to know your IP address, if you want to control more, please use another IP and name dedicated to your connector.

Best regards,

Nuno Árias Silva

Adam_D1955
Copper Contributor
Mar 09, 2021
NunoAriasSilva

Other Office 365 tenants attempting to connect directly to your on-prem Exchange using this connector will be considered "Outside the Organization" and "Anonymous" and not have the proper domain in the X-Org header.

This is a great article explaining how you can create Transport rules to block emails from other Office 365 tenants that don't go through your MX record:
https://techcommunity.microsoft.com/t5/exchange-team-blog/advanced-office-365-routing-locking-down-exchange-on-premises/ba-p/609238