cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Exchange Hybrid : restrict IP from Microsoft

Thierry Chapuisat
Brass Contributor

‎Dec 21 2022 06:58 AM

‎Dec 21 2022 06:58 AM

Exchange Hybrid : restrict IP from Microsoft

Hello,

 

We currently have various clients that are in hybrid mode with Exchange servers. In order to limit hacking by Exploit, we have limited external access to the Microsoft IP on port 443 and 25.

 

Now, if all the mailboxes are on the Cloud and we no longer use the local Exchange server apart from modifying attributes from the ECP, is it necessary to leave the local Exchange server(s) open with port 443? even from Microsoft IPs?

 

Of course, in this case, the autodiscover DNS record already points to Microsoft Online and we are not using SMTP as a relay either.

 

If yes, for what reason to keep open the 443 ?

 

Thank you for your lights :)

710 Views
0 Likes
2 Replies
Reply
2 Replies
Schnittlauch

‎Dec 26 2022 07:58 AM

‎Dec 26 2022 07:58 AM

Re: Exchange Hybrid : restrict IP from Microsoft

Hi @Thierry Chapuisat,

 

As long as you are using a hybrid setup, you'll need to have all MS Ports and IPs whitelisted.

Since Microsoft is not hacking you, there is no reason to restrict their access.

 

Learn more here:

https://www.alitajran.com/exchange-firewall-ports-for-mail-flow-and-clients/

https://learn.microsoft.com/en-us/exchange/hybrid-deployment-prerequisites

 

Best regards,
Schnittlauch

 

"First, No system is safe. Second, Aim for the impossible. Third, no Backup, no Mercy" - Schnittlauch

My answer helped you? Don't forget to leave a like. Also mark the answer as solved when your problem is solved. :)

0 Likes
Reply
R_Gijsbers_Rademakers

‎Dec 26 2022 12:39 PM

‎Dec 26 2022 12:39 PM

Re: Exchange Hybrid : restrict IP from Microsoft

Hi @Thierry Chapuisat,

 

If you're running Exchange Server 2019, you can shutdown your last exchange server and continue to use the Exchange Management tools to manage your recipients.

 

You will first need to verify that nothing is using your local Exchange Server anymore. No multi functionals that use your server for sending email and no other services that relay email through your local Exchange server. When you're absolutely sure that that's the case, you can shutdown the last Exchange Server.

Note: Do not uninstall Exchange.

 

For the detailed procedure and requirements go here

 

Regards,

Ruud

0 Likes
Reply