Unwanted traffic port 444 from Microsoft to OnPrem exchange

Occasional Visitor



We operate a Hybrid Exchange environment with an on premise Exchange 2016 server (Srv A) at a site with decent internet connectivity and another Exchange 2016 (Srv B) at a remote site with very minimal internet bandwidth (Satellite connection <8mbps). 


See attached image for a more pictographic representation.


We have noticed in the last few months a huge uptick in traffic from A to B on port 444.


Looking at the IIS logs on Srv A we see entries like

2023-01-30 23:59:39 OPTIONS /Microsoft-Server-ActiveSync/default.eas Cmd=Options&User=<REDACTED>&DeviceId=b6c980ba6b574305ad050c582ddb4765&DeviceType=Outlook&CorrelationID=<empty>;&cafeReqId=7dddb9ae-fafb-4aa4-ac26-2a1a132cec37; 443 - Outlook-iOS-Android/1.0 - 401 2 5 15


Looking up the source IP for these entries comes back with Microsoft IP's.  The user-agent being Outlook-iOS-Android/1.0 led me to this article Using Basic authentication with Outlook for iOS and Android | Microsoft Learn .  The precaching of users mailboxes sounds exactly like our symptoms.


We do not wish to have this feature so firstly, how (or can) we disable it?


Secondly is it now the case that the Outlook app for IOS and Android REQUIRES the use of Exchange online for it's connections, even if the mailbox resides on-prem?  Can we no longer just have them point straight at the 'local' exchange and have none of their traffic traverse the internet?


Any insight/assistance appreciated.



0 Replies