Unwanted traffic port 444 from Microsoft to OnPrem exchange

Copper Contributor



We operate a Hybrid Exchange environment with an on premise Exchange 2016 server (Srv A) at a site with decent internet connectivity and another Exchange 2016 (Srv B) at a remote site with very minimal internet bandwidth (Satellite connection <8mbps). 


See attached image for a more pictographic representation.


We have noticed in the last few months a huge uptick in traffic from A to B on port 444.


Looking at the IIS logs on Srv A we see entries like

2023-01-30 23:59:39 OPTIONS /Microsoft-Server-ActiveSync/default.eas Cmd=Options&User=<REDACTED>&DeviceId=b6c980ba6b574305ad050c582ddb4765&DeviceType=Outlook&CorrelationID=<empty>;&cafeReqId=7dddb9ae-fafb-4aa4-ac26-2a1a132cec37; 443 - Outlook-iOS-Android/1.0 - 401 2 5 15


Looking up the source IP for these entries comes back with Microsoft IP's.  The user-agent being Outlook-iOS-Android/1.0 led me to this article Using Basic authentication with Outlook for iOS and Android | Microsoft Learn .  The precaching of users mailboxes sounds exactly like our symptoms.


We do not wish to have this feature so firstly, how (or can) we disable it?


Secondly is it now the case that the Outlook app for IOS and Android REQUIRES the use of Exchange online for it's connections, even if the mailbox resides on-prem?  Can we no longer just have them point straight at the 'local' exchange and have none of their traffic traverse the internet?


Any insight/assistance appreciated.



3 Replies
Hi ,

We have the same issue. Did you manage to figure out any solution ?


Hi @kogian88,


Glad we're not the only ones!  We opened a ticket with MS after not getting any traction here and rather coincidentally they closed it without solution just yesterday.


We had a number of calls with engineers as well as providing a number of logs etc but there never seemed to be any acknowledgement of the pre-caching and I felt like it never got passed up out of level 1 support.


Our solution has been to disable the ActiveSync IIS sub directory on Srv A which stops the traffic being proxied over the slow link. It also stops anyone who is using Outlook Mobile talking to Srv A directly which is a shame but not as significant as the link being saturated.  We can still use OWA via SRV A so people who need to can get to their mailboxes that way. 


I plan to query the closing of the ticket as the issue remains and I do not believe they have acknowledged it.  The pressure is however off for us with the fix above.


Would love to know more if you make any other progress.




Hi@ITJon1545 ,

Try to remove the account from the mobile device for 7-10 days and then re configured it. Let me know if that works.