I'm attempting to cleanup some DNS Records and understand what SAN(s) we actually need (or don't) for our Hybrid Environment.

1. No MB's On-Prem (it's been more than a year)

2. No Inbound mail (that I can think of)

3. autodiscover is pointing to O365

4. We still have our Hybrid's (2013); but just for Mgmt & as a mail relay for internal Servers/Services

5. We have 2 Hybrid's utilizing Windows Load Balance

O365 Portal Connectors:

1. O365 outbound to On-Prem is/has been disabled for some time (can/should I delete)

2. O365 inbound from On-Prem - enabled, but I don't believe it's being used (references old cert)

Any thought?

Hybrid Connectors:

1. Direct; Enabled - will not touch

2. Outbound to O365; Enabled - I don't believe, or not sure it's being used - is there a way to determine? Can it be disabled

Hybrid Cert SAN(s) Entries

1. autodiscover - upon renewal can this be remove/not renewed

2. Hybrid Load Balance VIP DNS Name - is this even necessary? We already have a separate DNS Name with same IP that we configure internal servers/services, so can I remove the SAN that refers to the WNLB "name"?

3. Is there even a need for this cert anymore, the only thing that I can this would be relevant is the Connector outbound to O365 which I'm not even sure it's being used (as mentioned above).

Any feedback would be grateful....