Hybrid Exchange and firewall requirments

Brass Contributor

Can someone please confirm something for me.  We are about to do a hybrid cloud deployment while we migrate from on-prem to fully EXO.

 

I'm told we need a firewall rule to allow port 25 and 443 inbound to my exchange hosts from below sources:

 

*.protection.outlook.com, 40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 52.238.78.88/32, 104.47.0.0/17

 

Does this sound like a correct requirement for a Exchange Hybrid setup?  Good security practices tell me to not allow major ranges like that. 

2 Replies
That's actually a subset of the required URLs and IPs. Details of the requirements are published at the below link. You also need to open outbound connections as well.
https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worl...
Ok thanks for that but is the original question, correct? Do I need to allow all these IP's access to my exchange server? Seems like a lot wouldn't Microsoft use some kind of routing servers or something so you don't have to turn your firewall into Swiss cheese.