Hybrid and Edge servers

Question

Hi,

We are planning the move from Exchange On-premises to Exchange Hybrid and I have a few questions about the Edge Transport server and how it fits in.

The plan is to place an Edge Transport server in our DMZ so that incoming email from EOP will go via the Edge server before reaching the Exchange servers. This is to limit the exposure of our Exchange servers to the Internet
Does the Malware and Anti-Spam need to be enabled and configured on this edge server? Is there a recommendation for this?

We currently have a third party mail system that we use for email security and emails generated from servers on the DMZ are directed to this server and the email security server routes the emails either internally or to the Internet. This server will be going. Will we need an additional Edge transport server separate to the one used for Hybrid for this or can the Hybrid Edge transport server be used? I am not quite sure if the Edge transport server used for Hybrid can only be used for the Hybrid and nothing else.

Thank you

Answer 1

The hybrid one will do. As long as the connectors are set up so it knows where to route the mail, you dont need a separate server!

Answer 2

You can install anti -spam on the Edge, yes.
https://learn.microsoft.com/en-us/exchange/antispam-and-antimalware/antispam-protection/antispam-protection?view=exchserver-2019#antispam-agents-on-edge-transport-servers

Anti-malware is already enabled:
https://learn.microsoft.com/en-us/exchange/antispam-and-antimalware/antimalware-protection/antimalware-procedures?view=exchserver-2019

I would argue that you dont need anti-spam however and would not enble on the Edge if you are routing everything to and from the internet through EOP ( Set your mx to EOP as soon as possible)