<div>
Thanks for the reply! &nbsp;<br />
<br />
I did forget to mention that we did run the O365 Hybrid Config but had to modify the outbound connector rules to directly go to Proofpoint for the O365 environment. &nbsp;Incoming e-mails actually flow perfectly. &nbsp;<br />
<br />
We do want to keep Proofpoint since we also utilize the Archiving function from Proofpoint. &nbsp;<br />
<br />
I did think about whitelisting O365 IPs and just getting over it but the increase in spam is also a huge concern for us. &nbsp;<br />
<br />
Thanks.
</div>


<div>
That's what we were thinking as well -- CodeTwo does offer a nice solution. &nbsp;The only issue is Proofpoint quarantines internal e-mails going from O365 &lt;=&gt; Exchange. &nbsp;Not sure if there's anything around this without disabling the spoofing feature (which we do get a lot). &nbsp;<br />
<br />
I guess I could try adding the ranges to our DKIM/SPF?
</div>


<div>
<div class="content wysiwyg-content">
Hello All!<br />
<br />
I was wondering if any expert minds had a better way to do this. &nbsp;We want to have this setup in our environment: <br />
<br />
<a href="https://filedb.experts-exchange.com/incoming/2016/08_w35/1113040/Capture.PNG" target="_blank" title="Capture.PNG (15 KB)"><img alt="Capture.PNG" class="file-block lazyload" style="max-width: 562px;" data-src="https://filedb.experts-exchange.com/incoming/2016/08_w35/1113040/Capture.PNG" /></a><br />
The only issue is that the amount of IPs required to pass through the firewall under Exchange Online at this <a href="https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US" rel="ugc">URL</a> is quite large. &nbsp;Adding it to both the connector on our on-prem exchange server and firewall makes it extremely messy.<br />
<br />
The reason we desire this flow is for our signature software (CodeTwo Exchange) that stamps everyone's outbound e-mail with the standard signature. &nbsp;We also have journaling but that doesn't affect it either way. &nbsp;<br />
<br />
We currently have it setup so that the Office 365 mail is going right to Proofpoint (as a test). &nbsp;It makes firewall rules+connector whitelisting much easier but there are issues with internal e-mails being tagged as phishing e-mails + signature issues. &nbsp;<br />
<br />
Any ideas/tips &amp;&nbsp;tricks would be much appreciated.
</div>
</div>


Capture.PNG

Hello All!

I was wondering if any expert minds had a better way to do this.  We want to have this setup in our environment: 



The only issue is that the amount of IPs required to pass through the firewall under Exchange Online at this URL (https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US) is quite large.  Adding it to both the connector on our on-prem exchange server and firewall makes it extremely messy.

The reason we desire this flow is for our signature software (CodeTwo Exchange) that stamps everyone's outbound e-mail with the standard signature.  We also have journaling but that doesn't affect it either way.  

We currently have it setup so that the Office 365 mail is going right to Proofpoint (as a test).  It makes firewall rules+connector whitelisting much easier but there are issues with internal e-mails being tagged as phishing e-mails + signature issues.  

Any ideas/tips & tricks would be much appreciated.

Design Question: Office 365 + Exchange 2016 Hybrid

Office 365 is a group of software plus services subscriptions that provides productivity software and related services to its subscribers. Office 365 allows the use of Microsoft Office apps on Windows and OS X, provides storage space on Microsoft's cloud storage service OneDrive, and grants 60 Skype minutes per month. Office 365 includes e-mail and social networking services through hosted versions of Exchange Server, Skype for Business Server, SharePoint and Office Online, integration with Yammer, as well as access to the Office software. All of Office 365's components can be managed and configured through an online portal; users can be added manually, imported from a CSV file, or Office 365 can be set up for single sign-on with a local Active Directory using Active Directory Federation Services.

Microsoft 365

Network design and methodology, also known as network architecture, is the design of a communication network. It is a framework for the specification of a network's physical components and their functional organization and configuration, its operational principles and procedures, as well as data formats used in its operation. In telecommunication, the specification of a network architecture may also include a detailed description of products and services delivered via a communications network, as well as detailed rate and billing structures under which services are compensated.

Network Architecture

Exchange is the server side of a collaborative application product that is part of the Microsoft Server infrastructure. Exchange's major features include email, calendaring, contacts and tasks, support for mobile and web-based access to information, and support for data storage.

Exchange

Within Internet message handling services (MHS), a message transfer agent or mail transfer agent (MTA) or mail relay is software that transfers electronic mail messages from one computer to another using a client–server application architecture. A MTA implements both the client (sending) and server (receiving) portions of the Simple Mail Transfer Protocol (SMTP). The terms mail server, mail exchanger, and MX host may also refer to a computer performing the MTA function. The Domain Name System (DNS) associates a mail server to a domain with mail exchanger (MX) resource records containing the domain name of a host providing MTA services.