I'm attempting to cleanup some DNS Records and understand what SAN(s) we actually need (or don't) for our Hybrid Environment.
1. No MB's On-Prem (it's been more than a year)
2. No Inbound mail (that I can think of)
3. autodiscover is pointing to O365
4. We still have our Hybrid's (2013); but just for Mgmt & as a mail relay for internal Servers/Services
5. We have 2 Hybrid's utilizing Windows Load Balance
O365 Portal Connectors:
1. O365 outbound to On-Prem is/has been disabled for some time (can/should I delete)
2. O365 inbound from On-Prem - enabled, but I don't believe it's being used (references old cert)
1. Direct; Enabled - will not touch
2. Outbound to O365; Enabled - I don't believe, or not sure it's being used - is there a way to determine? Can it be disabled
Hybrid Cert SAN(s) Entries
1. autodiscover - upon renewal can this be remove/not renewed
2. Hybrid Load Balance VIP DNS Name - is this even necessary? We already have a separate DNS Name with same IP that we configure internal servers/services, so can I remove the SAN that refers to the WNLB "name"?
3. Is there even a need for this cert anymore, the only thing that I can this would be relevant is the Connector outbound to O365 which I'm not even sure it's being used (as mentioned above).
It details what to with connectors, among other things. It doesn't look like you need any Hybrid functionality, but you will have to keep one of the Exchange boxes for management purposes. So scenario 2.