I would like to confirm that if I want to secure inbound traffic to port 25 for my Exchange Hybrid server I would have to allow the Exchange endpoints listed below in order for Hybrid mail flow to work?
https://video2.skills-academy.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide
*.mail.protection.outlook.com 40.92.0.0/15, 40.107.0.0/16, 52.100.0.0/14, 104.47.0.0/17, 2a01:111:f400::/48, 2a01:111:f403::/48 TCP: 25
I am concerned because the document also states:
Endpoint data below lists requirements for connectivity from a user's machine to Office 365. It does not include network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections. See Additional endpoints for more information.