https://technet.microsoft.

com/en-
US/library/ms.exch.eac.ConnectorSelection%28EXCHG.150%29.aspx?v=15.1.396.20&l=1&s=BPOS_S_E15_0&f=255&MSPPError
=-2147217396

Configure mail flow using connectors in Office 365

Exchange Online

Applies to: Exchange Online, Exchange Online Protection

Topic Last Modified: 2015-12-16

Configure connectors to control the flow of email messages to and from your Office 365 organization. Your email
service in Office 365 is provided by either Exchange Online or Exchange Online Protection (EOP). Within each of
these services, you can configure connectors, which are a collection of instructions that customize the way your email
flows.

This topic provides an overview of connectors. To start setting up connectors right away, check these topics:

Set up connectors to route mail between Office 365 and your own email servers

Set up connectors for secure mail flow with a partner organization

This topic includes:

What do connectors do?

What happened to inbound and outbound connectors?

When do I need a connector?

What if I have EOP or Exchange Online and my own email servers?

How do connectors in EOP or Exchange Online work with my own email servers (also called on-premises servers)?

Connectors for mail flow with a partner organization

Connectors for mail notifications from a device including printers

How do I set up connectors?

Note:

If all your mailboxes are in Exchange Online, and want to send email from an application or a device, a connector can enable
this scenario. For details about using a connector in this scenario, and for other ways to enable your device or application to
send email, see How to set up a multifunction device or application to send email using Office 365.
What do connectors do?

Set up connectors to:

 Enable mail flow between Office 365 and your organization’s email servers (also known as an on-premises
servers).
 Apply security restrictions to mail exchanges with a business partner or service provider.
 Enable email notifications from a printer or other non-mailbox entity.

Most organizations that use Office 365 don’t need connectors. This topic helps you decide whether your organization
needs a connector, and which one. You can also find out what connectors are and how they work.

What happened to inbound and outbound connectors?

If you previously set up inbound and outbound connectors, they will still function in exactly the same way. The
process for setting up connectors has changed; instead of using the terms "inbound" and "outbound", we ask you to
specify the start and end points you want to use for a mail flow connector. The way connectors work in the
background is the same as before.

When do I need a connector?

Exchange Online is ready to send and receive email from the Internet right away. You don’t need to set up connectors
unless you have EOP or other specific circumstances, which are described in the table below. Use this table to decide
whether you need to set up connectors.
 When creating
Connector the connectors,
Scenario What does this mean?
required? select these
options
Connector for
incoming email:
From: Your
You have your own email servers (also called
organization's
on-premises servers), and you subscribe to EOP
email server
only for email protection services.
You have a standalone Exchange To: Office 365
Online Protection Yes
For details, check Exchange Online Protection
(EOP) subscription. Connector for
overview and How do connectors in EOP or
outgoing email:
Exchange Online work with my own email
From: Office 365
servers (also called "on-premises servers")? .
To: Your
organization mail
server
Connector for
incoming email:
Some of your mailboxes are in Exchange
From: Your
Online, and some are on your email servers
organization's
(also called on-premises servers). Before you
email server
You have an Exchange Online set up connectors, check whether you only need
To: Office 365
subscription, and some of your connectors or if an Exchange hybrid
Yes
mailboxes are on your email deployment better meets your business needs.
Connector for
servers.
outgoing email:
For details, check What if I have EOP or
From: Office 365
Exchange Online and my own email servers?
To: Your
and Exchange Server Hybrid Deployments.
organization's
email server
You don't have email servers (also called on-
Only one
premises servers), but you want to let people
connector
You have an Exchange Online send email messages from sources such as
needed:
subscription, and your organization printers, fax machines, or apps.
Optional From: Your
needs to send email messages from
organization's
non-mailboxes, such as printers. For details, check How to set up a
email server
multifunction device or application to send
To: Office 365
email using Office 365.
Connector for
When your users exchange email messages incoming email:
with people in partner organizations, you want From: Partner
to make sure that any shared sensitive organization
You often exchange email with information is protected. You can do this by To: Office 365
business partners, and you want to using Transport Layer Security (TLS) or by Optional
apply certain security restrictions. limiting the mail’s source destination. Connector for
outgoing email:
For details, check Set up connectors for secure From: Office 365
mail flow with a partner organization. To: Partner
organization
Tip:
If you do not have Exchange Online or EOP and are looking for Exchange connectors that apply to Exchange Server 2013 (on-
premises server), see Connectors for information.

What if I have EOP or Exchange Online and my own email servers?

If you have EOP or Exchange Online and your own email servers (also called on-premises servers), you definitely
need connectors. This is more complicated and has more options, here’s a breakdown:

Your mail servers Have you

that you manage Your service completed an
Do I need to set up connectors?
(on-premises) are subscription is Exchange hybrid
running: deployment?

Yes.
Exchange
Online Not available
Set them up by following the instructions in Set up connectors
Protection
to route mail between Office 365 and your own email servers.
Consider whether an Exchange hybrid deployment will better
meet your organization’s needs by reviewing the topic that
matches your current situation, either Exchange Server Hybrid
Deployments or Hybrid Deployments with Exchange 2010 SP2.
Exchange Server If a hybrid deployment is the right option for your organization,
No
2013 or use the Exchange Hybrid Configuration wizard to integrate
Exchange Server Exchange Online with your on-premises Exchange Server. If
2010 Office 365 you only want connectors that enable mail routing, follow the
with Exchange instructions in Set up connectors to route mail between Office
Online 365 and your own email servers.
No.

The Hybrid Configuration wizard creates connectors for you.

Yes
To view or edit those connectors, go to the connectors page in
the Exchange Admin Center (EAC), or rerun the Hybrid
Configuration wizard.
Yes.
Exchange
Online Set them up by following the instructions in Set up connectors
Protection to route mail between Office 365 and your own email servers.
Exchange Server
Not available
2007 or earlier
Office 365 In limited circumstances, you might have a hybrid configuration
with Exchange with Exchange Server 2007 and Office 365. Check whether
Online connectors are already set up for your organization. To check,
go to the connectors page in the EAC.
Exchange Yes.
Non-Microsoft Online
Not available
SMTP server Protection Set them up by following the instructions in Set up connectors
to route mail between Office 365 and your own email servers.
 Office 365
with Exchange
Online
How do connectors in EOP or Exchange Online work with my own email servers (also called on-premises servers)?

If you have EOP and your own email servers, or if some of your mailboxes are in Exchange Online and some are on
your email servers, connectors enable mail flow in both directions. You can enable mail flow between Office 365 and
any SMTP-based email server such as Exchange, or a third-party email server. Create connectors to enable mail flow
in both directions.

The diagram below shows how connectors in Office 365 (including Exchange Online or EOP) work with your own
email servers.

In this example, John and Bob are both employees at your company. John has a mailbox on an email server that you
manage, and Bob has a mailbox in Office 365. John and Bob both exchange mail with Sun, a customer with an
Internet mail account:

 When email is sent between John and Bob, connectors are needed
 When email is sent between John and Sun, connectors are needed. (All Internet email is delivered via Office
365.)
 When email is sent between Bob and Sun, no connector is needed.

What if I have already run the Exchange Hybrid Configuration Wizard?

If you have already run the Hybrid Configuration wizard, the connectors that you need are already set up for you. You
can view your hybrid connectors on the Connectors page in the EAC. You can view, troubleshoot, and update these
connectors using the procedures described in Set up connectors to route mail between Office 365 and your own email
servers, or you can re-run the Hybrid Configuration wizard to make changes.

Connectors for mail flow with a partner organization

You can create connectors to add additional security restrictions for email sent between Office 365 and a partner
organization. A partner can be an organization you do business with, such as a bank. It can also be a cloud email
service provider that provides services such as archiving, anti-spam, and so on. You can create a partner connector
that defines boundaries and restrictions for email sent to or received from your partners, including scoping the
connector to receive email from specific IP addresses, or requiring Transport Layer Security (TLS) encryption.

Example use of connectors with a partner organization

The diagram below shows an example where ContosoBank.com is a business partner that you share financial details
with via email. Because you are sharing financial information, you want to protect the integrity of the mail flow
between your businesses. Connectors with TLS encryption enable a secure and trusted channel for communicating
with ContosoBank.com. In this example, two connectors are created in Office 365. TLS is required for mail flow in
both directions, so ContosoBank.com must have a valid encryption certificate. A certificate signed by a certification
authority (CA) is recommended.

Additional partner organization connector options: specify a domain or IP address ranges

When you create a connector, you can also specify the domain or IP address ranges that your partner sends mail from.
If email messages don’t meet the security conditions that you set, the connector will reject them. For more
information about creating connectors to exchange secure email with a partner organization, see Set up connectors for
secure mail flow with a partner organization.

Connectors for mail notifications from a device including printers

This scenario applies only to organizations that have all their mailboxes in Exchange Online and allows a program or
a device, such as a printer, to send email. For example, if you want a printer to send notifications when a print job is
ready, or you want your scanner to email documents, you can use this option to send mail through Office 365. For
details, see How to set up a multifunction device or application to send email using Office 365.

How do I set up connectors?

Before you set up a connector, you must set up the accepted domains that you want to define for Office 365. See
Manage accepted domains in Exchange Online for more details.

Connector setup topics:

 Set up connectors to route mail between Office 365 and your own email servers
 Set up connectors for secure mail flow with a partner organization
Exchange Server 2007 Server Roles

Exchange Server 2007 includes the following server roles:

 Mailbox Server This is a back-end server that can host mailboxes and public folders. For more information
about the Exchange 2007 Mailbox Server role, see Mailbox.
 Client Access Server This is the middle-tier server that hosts the client protocols, such as Post Office
Protocol 3 (POP3), Internet Message Access Protocol 4 (IMAP4), Secure Hypertext Transfer Protocol
(HTTPS), Outlook Anywhere, Availability service, and Autodiscover service. The Client Access Server also
hosts Web services. For more information about the Exchange 2007 Client Access Server role, see Client
Access.

What are SMTP, POP3 and IMAP?

Overview
SMTP, POP3 and IMAP are TCP/IP protocols used for mail delivery. If you plan to set up an email server such as hMailServer,
you must know what they are used for. Each protocol is just a specific set of communication rules between computers.
SMTP
SMTP stands for Simple Mail Transfer Protocol. SMTP is used when email is delivered from an email client, such as Outlook Express, to an email server or
when email is delivered from one email server to another. SMTP uses port 25.
POP3
POP3 stands for Post Office Protocol. POP3 allows an email client to download an email from an email server. The POP3 protocol is simple and does not
offer many features except for download. Its design assumes that the email client downloads all available email from the server, deletes them from the server
and then disconnects. POP3 normally uses port 110.
IMAP
IMAP stands for Internet Message Access Protocol. IMAP shares many similar features with POP3. It, too, is a protocol that an email client can use to
download email from an email server. However, IMAP includes many more features than POP3. The IMAP protocol is designed to let users keep their email
on the server. IMAP requires more disk space on the server and more CPU resources than POP3, as all emails are stored on the server. IMAP normally uses
port 143. Here is more information about IMAP.
Examples
Suppose you use hMailServer as your email server to send an email to bill@microsoft.com.
1. You click Send in your email client, say, Outlook Express.
2. Outlook Express delivers the email to hMailServer using the SMTP protocol.
3. hMailServer delivers the email to Microsoft's mail server, mail.microsoft.com, using SMTP.
4. Bill's Mozilla Mail client downloads the email from mail.microsoft.com to his laptop using the POP3 protocol (or IMAP).

 Unified Messaging Server This is the middle-tier server that connects a Private Branch eXchange (PBX)
system to Exchange 2007. For more information about the Exchange 2007 Unified Messaging Server role, see
Unified Messaging.
 Hub Transport Server This is the mail routing server that routes mail within the Exchange organization. For
more information about the Exchange 2007 Hub Transport Server role, see Hub Transport.
 Edge Transport Server This is the mail routing server that typically sits at the perimeter of the topology and
routes mail in to and out of the Exchange organization. For more information about the Exchange 2007 Edge
Transport Server role, see Edge Transport.

Mail Flow
--------------------------------------------------------------------------------

The Edge Transport server role accepts mail coming into the Exchange 2007 organization from the Internet and routes
all outbound messages to the Internet. The Edge Transport server role acts as a smart host and SMTP relay for the
Exchange organization. You configure Send connectors and Receive connectors on the Edge Transport server to
control message processing.

RPC over HTTP

How can I configure Outlook 2003 to use RPC over HTTP/S?

RPC over HTTP/S is a cool method for connecting your Outlook 2003 client to the corporate Exchange Server 2003
from the Internet or WAN, without the need to establish a VPN session to the corporate LAN and/or needing to open
many ports on your corporate firewall. The only ports you’ll need to open on your firewall are TCP 80 and, if using
SSL, TCP 443.

RPC over HTTPS

http://searchexchange.techtarget.com/definition/MAPI [3]

MAPI (Messaging Application Program Interface)

MAPI (Messaging Application Program Interface) is a Microsoft Windows program interface that enables you to send
e-mail from within a Windows application and attach the document you are working on to the e-mail note.
Applications that take advantage of MAPI include word processors, spreadsheets, and graphics applications. MAPI-
compatible applications typically include a Send Mail or Send in the File pulldown menu of the application.
Selecting one of these sends a request to a MAPI server.

https://msdn.microsoft.com/en-us/library/aa142548(v=exchg.65).aspx [2]

MAPI uses Remote Procedure Calls (RPC) to communicate with the Exchange server. Typically RPC is intentionally
blocked from passing through Internet firewalls.

Client applications that use MAPI access user mailbox and public folder information stored in Exchange, and user
directory information stored in Active Directory. Client applications that use MAPI are typically e-mail clients and
applications that require complex e-mail processing.

MAPI over HTTP

This section provides information about MAPI over HTTP. It contains the following topics:
 MAPI over HTTP Requirements
 MAPI over HTTP Down Negotiation
Upon the release of Outlook 2010 update (KB 2878264), Outlook 2013 SP1, and Exchange server 2013 SP1,
Microsoft added a new dialect to the Exchange communication protocol. Rather than placing a wrapper around remote
procedure call (RPC) in HTTP, Microsoft created a full version of MAPI that can be wrapped in HTTP. This new
configuration is officially called MAPI over HTTP transport protocol.

https://en.wikipedia.org/wiki/MAPI [1]

x
Among the many new features delivered in Exchange 2013 SP1 is a new method of connectivity to Outlook
we refer to as MAPI over HTTP (or MAPI/HTTP for short). We’ve seen a lot of interest about this new
connection method and today we’ll give you a full explanation of what it is, what it provides, where it will
take us in the future, and finally some tips of how and where to get started enabling this for your users.
https://blogs.technet.microsoft.com/exchange/2014/05/09/outlook-connectivity-with-mapi-over-http/

Outlook Anywhere for 2003, 2007, 2010,2013,2016

https://support.office.com/en-us/article/use-outlook-anywhere-to-connect-to-your-exchange-server-without-vpn-ae01c0d6-
8587-4055-9bc9-bbd5ca15e817

Assignment: Date 7/07/2016

Kerberos
MAPI
RPC over http
IMAP