0

Dears,

We currently have an Exchange 2016 Edge server located in our DMZ and it is handling all our inbound and outbound emails. I noticed that there is no Activesync service/role inside Edge server. I can only see it inside our internal mailboxes servers which are located in our private, LAN, network.

Is it possible to enable/install Activesync role inside Edge server? Because we do not want to expose our internal mailbox servers to the internet directly.

Regards,

Aboodnet
  • 63
  • 5
  • Totally agree with what Jevgenij Martynenko has replied above, in addition, here are some discussion on how to setup activesync on Edge server for your reference. https://social.technet.microsoft.com/Forums/en-US/190042e9-d388-4ab3-b67c-f898dba47a5b/how-to-setup-activesync-on-edge-transport?forum=exchangesvrsecuremessaginglegacy – Joy Zhang Sep 27 '21 at 05:53

1 Answers1

1

Exchange Edge Transport servers only do mail flow (SMTP) and anti-spam protection.

If you want publish ActiveSync to the internet, then there are only two options for you:

  • forward HTTP and HTTPS ports on the firewall directly to Exchange servers (which you don't want to do)
  • install a reverse web proxy in your DMZ. Microsoft IIS + ARR or Microsoft WAP support HTTP(S) proxying and are free with Server OS. But any reverse web proxy will do.

I don't believe there is an official Microsoft documentation on how to configure IIS ARR or WAP to publish Exchange in DMZ. But you can easily find several unofficial how-to-s out there

J-M
  • 1,930
  • 1
  • 11
  • 17