Forum Discussion
Exchange hybrid Communication Question
My organization is in hybrid mode. We have already moved our users to the cloud. Now I have the security team asking me when I am going to turn off various services and exposrue to the outside. The p...
Do you plan to keep Azure AD Connect running ?
Yes AD Connect will remain. No plans have been made to go full cloud.
Then your only supported setup is to keep an Exchange Server onprem for recipient management. It plays no part in mail flow and is fairly trivial to update to the latest version since it hosts no mailboxes either.
As long as the master source of accounts is your local AD then you'll need an EAC to manage the mail attributes of these users.
https://technet.microsoft.com/en-us/library/dn931280(v=exchg.150).aspx
- Ok. I understand that part. However what about the configurations, can IIS be turned off for OWA, ECP..etc and the various ports that are open to Internet and respond to external request? I guess the question that is being asked of me is can I reduce the footprint of Exchange to just management components and remove/turn off anything else?
Examples...
-if I go to the old OWA, IIS will respond. It displayed the IIS splash page but I have since redirected it to O365.
-If you make EHLO request the server responds.
-If I created an on-prem mailbox it will work because it is hybrid mode.
Security folks are paranoid (by nature) so they want to turn everything off and run the bare minimum to do the management function.The short answer is yes - but without knowing what procedures you have followed I can't really give you a definitive answer for your particular setup