Hybrid Exchange and firewall requirments

Brass Contributor

Can someone please confirm something for me.  We are about to do a hybrid cloud deployment while we migrate from on-prem to fully EXO.


I'm told we need a firewall rule to allow port 25 and 443 inbound to my exchange hosts from below sources:




Does this sound like a correct requirement for a Exchange Hybrid setup?  Good security practices tell me to not allow major ranges like that. 

2 Replies
That's actually a subset of the required URLs and IPs. Details of the requirements are published at the below link. You also need to open outbound connections as well.
Ok thanks for that but is the original question, correct? Do I need to allow all these IP's access to my exchange server? Seems like a lot wouldn't Microsoft use some kind of routing servers or something so you don't have to turn your firewall into Swiss cheese.