none
Exchange 2016 Hybrid Open Ports RRS feed

  • Question

  • Hi, 

    We are in the process of migrating from Exchange 2010 to Exchange online together with an Exchange 2016 Hybrid server on premise.  We are using AAD Connect for authentication. We have been told we need to keep ports 25 and 443 inbound to the on premise server open, but I can't see what traffic is going to use these and it just seems a security risk to me that's not needed.  There are no mailboxes on premise any more. My understanding was that the on premise server is basically there to manage the mailboxes and provide the AD schema and that's all? 

    Can someone please confirm this is correct and explain what is using these ports please?

    Many thanks

    Wednesday, November 6, 2019 8:28 AM

Answers

  • Hello,

    you can close these port now.

    Port 443 is for moving to O365 ( from EWS MRS point)

    and 25 is for mail flow when hybrid mode.

    when migration is finished, and if you dont use your exchange for relaying, then, its only for modifying AD object correctly.

    Olivier.

    Wednesday, November 6, 2019 9:55 AM

All replies

  • Hello,

    you can close these port now.

    Port 443 is for moving to O365 ( from EWS MRS point)

    and 25 is for mail flow when hybrid mode.

    when migration is finished, and if you dont use your exchange for relaying, then, its only for modifying AD object correctly.

    Olivier.

    Wednesday, November 6, 2019 9:55 AM
  • You have to allow recommended port and url list from Microsoft to connect O365.

    Please refer below and allow Exchange online related IP and URL list,

    https://docs.microsoft.com/en-us/office365/enterprise/urls-and-ip-address-ranges

    Thursday, November 7, 2019 1:21 AM
  • Thank you this is what we thought
    Friday, November 8, 2019 8:47 AM
  • Thanks.  It doesn't say these need to be inbound open ports though?
    Friday, November 8, 2019 8:48 AM
  • Here I will provide a brief summary of this post so that other forum members could easily find useful information here:

      

    [Exchange 2016 Hybrid Open Ports— Summary]

     

    Issue Symptom:

    Background: In the process of migrating from Exchange 2010 to Exchange online together with an Exchange 2016 Hybrid server on premise.

    There are no mailboxes on premise any more. Is it okay to close port 25 and 443? 

     

    Solution:

    You can close these ports now.

    Port 443 is for moving to O365 ( from EWS MRS point)

    25 is for mail flow when hybrid mode.

    Monday, November 18, 2019 2:49 AM