Hello everybody
I have seen here https://docs.microsoft.com/en-us/exchange/mail-flow-best-practices/manage-mail-flow-for-multiple-locations#scenario-2-mx-record-points-to-microsoft-365-or-office-365-and-mail-is-filtered-on-premises exactly my scenario (scenario2) that I have to configure.
However, it is not clear to me where I have to create which kind of connectors or rules.
Already built is an Exchange Hybrid environment. Inbound mail is currently OnPrem.
New, the MX Record should point to EOP and I want to use EOP with O365 ATP.
All Mails should be sent out through EO/EOP
Encrypted mails are delivered to us and sent by us. For the encryption and decryption there is an appliance (HIN-GW/SEP-GW) in the OnPrem environment.
The encrypted inbound mails are not sent to our mail domain, but a prefix is added to the domain. e.g. instead of @domain.com it is @sec.domain.com. After successful decryption of the mail from our gateway (HIN-GW) the domain is changed to @domain.com and therefore to the correct user email address and can be delivered
Now I have trouble with the detailed planning of the connectors:
Inbound for encrypted mail:
Mail to @sec.domain.com --> EOP --> send through hybrid connector to OnPrem MX --> On-Prem to HIN-GW (mail decryption) --> HIN-GW to OnPrem MX --> send to OnPrem mailbox or send through hybrid connector to cloud mailbox
Outbound Mail:
Mail sent from Cloud Mailbox User --> sent through Hybrid Connector to OnPrem MX --> OnPrem to HIN-GW (mail encryption) --> HIN-GW to OnPrem MX --> OnPrem MX (Hybrid Connector) to EO/EOP --> EOP to External Recipient
Can this be implemented in this way or is there a better solution?
Regard
Marc Gehri