App Proxy and Exchange Hybrid

Question

I have what appears to be a odd scenario. I would like to enable the Exchange Hybrid config, however I don't want to expose my on-prem Exchange servers to the internet. I was thinking I could potentially use the Azure App Proxy to publish URIs like autodiscover.mydomain.com and mail.mydomain.com.

I know Exchange Online needs to access the AutoDiscover URI, but can I use the App Proxy with conditional access to somehow limit access to that URI to only Exchange Online? Is there another Azure product that would do this better? Any and all suggestions welcome.

vasilmichev · Answer

Two words for you, "Hybrid agent" 🙂
https://docs.microsoft.com/en-us/exchange/hybrid-deployment/hybrid-agent

geek2point0 · Answer

VasilMichev&nbsp;That's the path I went but I still needed my autodiscover publicly available.&nbsp;

tommek · Answer

geek2point0&nbsp;you can try to allow only microsoft&nbsp; ip ranges&nbsp;https://docs.microsoft.com/de-de/office365/enterprise/urls-and-ip-address-ranges&nbsp;

michael obernberger · Answer

Hi,you don't need to publish Autodiscover if you are using the Hybrid Agent. Or why do you want to publish it?All Free/Busy requests will traverse over the Hybrid Agent.Michael

geek2point0 · Answer

Running through the hybrid configuration wizard I kept getting an error that my autodiscover url wasn’t reachable. It is listed in the requirements on docs.microsoft.com that autodiscover be reachable as well. https://docs.microsoft.com/en-us/Exchange/hybrid-deployment-prerequisites And isn’t autodiscover discover required if I want ActiveSync to work for mailboxes I migrate to EOL?

Forum Discussion

App Proxy and Exchange Hybrid

Share

Resources