Sep 18 2020 03:26 AM
We are configuring hybrid Exchange with a view to using Teams. All mailboxes will be on prem for a while. I can see we need to allow inbound Autodiscover traffic to an onprem CAS role holder but am not sure which source addresses to allow. Does Autodiscover traffic all come from our Azure tenancy, or can third party Teams users originate it ? We do meet the other prereqs.
Sep 19 2020 11:32 AM
Solution
Hi, whilst in hybrid mode, and mailboxes still reside in on-premises Exchange, the autodiscover record doesn't need to change. It's only at the end of the migration, when you are ready to change mail flow to deliver to Exchange Online first that you would also set your autodiscover record to point to autodiscover.outlook.com.
Sep 19 2020 11:46 AM
Thanks, i will remember that. Our starting point is unusual in that we don't have a public autodiscover record till now ; we have been purely internal. Hybrid Teams definitely needs autodiscover inbound as seen by onprem, so i am hoping to constrict autodiscover sources at our firewall. The question is will the only source be our Azure tenancy, given nothing external uses Autodiscover at present ? @PeterRising
Sep 20 2020 08:54 AM
OK then, so typically your public Autodiscover record for Exchange on-premises will be along the lines of autodiscover.publicdomain.com. Make sure your Exchange on prem Virtual Directories are set too.
You can test and check that you have things configured correctly by using the MS Remote Connectivity Analyzer tool at https://testconnectivity.microsoft.com/
Also ensure that you have a public SSL. Wildcard or SAN works best for hybrid Exchange.
Sep 19 2020 11:32 AM
Solution
Hi, whilst in hybrid mode, and mailboxes still reside in on-premises Exchange, the autodiscover record doesn't need to change. It's only at the end of the migration, when you are ready to change mail flow to deliver to Exchange Online first that you would also set your autodiscover record to point to autodiscover.outlook.com.