This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I have been looking at the networking requirements for Exchange classic Hybrid to Office 365. It's not clear to me:
Specifically what is being sent out of our organization over port 80 for example? We presented the documentation from Microsoft to our security teams and they laughed at the lack of detail! :|
The documentation is not explicit on the network flows.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(25.6, 67%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hi @DarraghOShaughnessy-6524 , is there any update about your issue?
Hi @shockoQA Do suggestion below help?
You wouldnt open port 80 :)
Where do you see that requirement for Hybrid?
https://video2.skills-academy.com/en-us/exchange/hybrid-deployment-prerequisites
All you need is 25 and 443.
Wow! So yes it seems 443/25 open inbound and outbound. A 3rd party had indicated we needed 587/80 open outbound also. Let me check back with them. I was suprised also.
I'm betting they were looking at this and the client requirements for Exchange on-prem
Hi @DarraghOShaughnessy-6524 , between Office 365 and your on-prem Exchange server, you need to have port 443 and port 25 available.
You can have port 25 go directly to the internal Exchange server or you can go through an Edge server which helps you limit the inbound traffic to only the Office 365 IP address ranges list in this official document: Office 365 URLs and IP address ranges
As for port 443, your system needs to be reverse proxied to Office 365 so that the hybrid connection can be fully established. Office 365 needs a web services connection to your internal systems so that it can create move requests.
All outbound communication is on either port 25 or port 443. Port 80 is not used between your on-prem Exchange server and Office 365.
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Port 443 does not need to be reverse proxied to Office 365.
An update guys and thanks all who have responded:
So a Microsoft Field Engineer came back to me and indicated
"TCP port 80 egress is needed for auto-discovery from on premise Exchange to EOP. Regardless, when the client (outlook) talks to on-premise exchange and needs to discover a mailbox/calendar the Exchange server will use port 80 for auto-discovery."
I asked was this port 80 from client to EOL directly and he indicated that it was actually the Exchange Backend connection to EOL that needs this. I'm confused as I can't find anything to back this up.
But isnt that's true regardless whether its hybrid or not? ( the CRL check itself from a window machine in general)