SOLVED

autodiscover source with hybrid Exchange

%3CLINGO-SUB%20id%3D%22lingo-sub-1683148%22%20slang%3D%22en-US%22%3Eautodiscover%20source%20with%20hybrid%20Exchange%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1683148%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20configuring%20hybrid%20Exchange%20with%20a%20view%20to%20using%20Teams.%20All%20mailboxes%20will%20be%20on%20prem%20for%20a%20while.%20I%20can%20see%20we%20need%20to%20allow%20inbound%20Autodiscover%20traffic%20to%20an%20onprem%20CAS%20role%20holder%20but%20am%20not%20sure%20which%20source%20addresses%20to%20allow.%20Does%20Autodiscover%20traffic%20all%20come%20from%20our%20Azure%20tenancy%2C%20or%20can%20third%20party%20Teams%20users%20originate%20it%20%3F%20We%20do%20meet%20the%20other%20prereqs.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1683148%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EHow-to%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1687751%22%20slang%3D%22en-US%22%3ERe%3A%20autodiscover%20source%20with%20hybrid%20Exchange%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1687751%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F798593%22%20target%3D%22_blank%22%3E%40jkgg695%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%20whilst%20in%20hybrid%20mode%2C%20and%20mailboxes%20still%20reside%20in%20on-premises%20Exchange%2C%20the%20autodiscover%20record%20doesn't%20need%20to%20change.%26nbsp%3B%20It's%20only%20at%20the%20end%20of%20the%20migration%2C%20when%20you%20are%20ready%20to%20change%20mail%20flow%20to%20deliver%20to%20Exchange%20Online%20first%20that%20you%20would%20also%20set%20your%20autodiscover%20record%20to%20point%20to%20autodiscover.outlook.com.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

We are configuring hybrid Exchange with a view to using Teams. All mailboxes will be on prem for a while. I can see we need to allow inbound Autodiscover traffic to an onprem CAS role holder but am not sure which source addresses to allow. Does Autodiscover traffic all come from our Azure tenancy, or can third party Teams users originate it ? We do meet the other prereqs. 

3 Replies
Best Response confirmed by ThereseSolimeno (Microsoft)
Solution

@jkgg695 

 

Hi, whilst in hybrid mode, and mailboxes still reside in on-premises Exchange, the autodiscover record doesn't need to change.  It's only at the end of the migration, when you are ready to change mail flow to deliver to Exchange Online first that you would also set your autodiscover record to point to autodiscover.outlook.com.

Highlighted

Thanks, i will remember that.  Our starting point is unusual in that we don't have a public autodiscover record till now ; we have been purely internal. Hybrid Teams definitely needs autodiscover inbound as seen by onprem, so i am hoping to constrict autodiscover sources at our firewall. The question is will the only source be our Azure tenancy, given nothing external uses Autodiscover at present  ? @PeterRising 

Highlighted

@jkgg695 

 

OK then, so typically your public Autodiscover record for Exchange on-premises will be along the lines of autodiscover.publicdomain.com.  Make sure your Exchange on prem Virtual Directories are set too. 

 

You can test and check that you have things configured correctly by using the MS Remote Connectivity Analyzer tool at https://testconnectivity.microsoft.com/ 

 

Also ensure that you have a public SSL.  Wildcard or SAN works best for hybrid Exchange.