I was wondering if any expert minds had a better way to do this. We want to have this setup in our environment:
The only issue is that the amount of IPs required to pass through the firewall under Exchange Online at this URL
is quite large. Adding it to both the connector on our on-prem exchange server and firewall makes it extremely messy.
The reason we desire this flow is for our signature software (CodeTwo Exchange) that stamps everyone's outbound e-mail with the standard signature. We also have journaling but that doesn't affect it either way.
We currently have it setup so that the Office 365 mail is going right to Proofpoint (as a test). It makes firewall rules+connector whitelisting much easier but there are issues with internal e-mails being tagged as phishing e-mails + signature issues.
Any ideas/tips & tricks would be much appreciated.