Connecting Office 365 and FOPE

Office 365 Beta gives you automatic access to Forefront Online Protection for Exchange to protect the mail flow into your Office 365 environment.  We recently released a guidance document that includes some of the known issues and some of the scenarios for more advanced mail flows.  The document discusses the following scenarios in depth but there’s also a video available if that’s more your cup of tea.

Fully hosted scenario—Email flows exclusively through the cloud (Internet), without any interaction with on-premises servers. For more information, see Fully Hosted Scenario.

Shared address space with on-premises relay scenario—Email is hosted partially in the cloud (Internet) and partially on-premises, and mail flow is controlled on-premises.

Internal mail flow scenario—Both the sender and the recipients are within the same organization, and the organization has mailboxes both in the cloud and on-premises. However, unlike the previous scenario, not all mail is controlled by the on-premises mail server. In this scenario, email is sent between the cloud and the on-premises server without being sent to the Internet and FOPE skips all filtering operations.

Outbound smart host scenario—FOPE acts as a smart host, redirecting outbound mail to an on-premises server that applies additional processing before delivering mail to its final destination. However, incoming mail goes straight to the Exchange Online servers without passing through an on-premises server. You may want to consider this option for your organization if you have an on-premises application or other compliance solution you use to filter outgoing mail and you also want the benefits of FOPE edge, virus, policy, and spam filtering.

Inbound safe listing scenario—Email is sent inbound through FOPE to Microsoft Exchange Online from a trusted organization. In this scenario, FOPE is configured to skip IP address filtering on inbound mail sent from IP addresses specified in a safe list. You can also configure FOPE to skip policy and spam filtering.

Regulated partner with forced TLS scenario—Forced inbound and outbound transport layer security (TLS) is used to secure all routing channels with business regulated partners.

There’s no way to get access to the Office 365 Beta right now but you can get a BPOS trail if you’d like to see how exchange online works.