Using FOPE Connectors to Configure Advanced Email Flow Scenarios
Applies to: Office 365 Enterprise, Live@edu, Forefront Online Protection for Exchange
Topic Last Modified: 2012-04-27
In Microsoft® Forefront® Online Protection for Exchange (FOPE), you can use FOPE connectors to implement several advanced email flow scenarios when you have subscribed to the Microsoft Office 365 for enterprises, Live@edu, or Business Productivity Online Suite (BPOS) dedicated cloud hosting services. Your configuration options for FOPE vary depending upon the scenario.
Fully hosted scenario - Email flows exclusively through the cloud (Microsoft Exchange Online), without any interaction with on-premises servers. For more information, see Fully Hosted Scenario. (Note that this scenario does not use FOPE connectors.)
Outbound smart host scenario - FOPE acts as a smart host, redirecting outbound mail to an on-premises server that applies additional processing before delivering mail to its final destination. You may want to consider this option for your organization if you have an on-premises application or other compliance solution that you use to filter outgoing mail and you also want the benefits of FOPE edge, spam, virus, and policy filtering. For more information, see Outbound Smart Host Scenario.
Inbound safe listing scenario - Email is sent inbound through FOPE from a trusted organization. In this scenario, FOPE is configured to skip IP address filtering on inbound mail sent from IP addresses specified in a safe list. You can also configure FOPE to skip policy and spam filtering. For more information, see Inbound Safe Listing Scenario.
Regulated partner with forced TLS scenario - Forced inbound and outbound transport layer security (TLS) is used to secure all routing channels with business regulated partners. For more information, see Regulated Partner with Forced TLS Scenario.
Hybrid Scenarios – You can use hybrid mail flow scenarios to partially host your email in the cloud (Microsoft Exchange Online) and partially on-premises. The following configurations allow you use a single domain name for all mailboxes in both your on-premises Exchange organization and in the cloud. You should determine which routing scenario best fits your organization best before implementing them.
Shared address space with on-premises relay scenario (MX points to on-premises) - The MX record for your shared email domain is configured to route email to the on-premises mail server before it is sent through FOPE to your cloud mailboxes. Use this configuration if you want your on-premises protection solution to provide filtering on inbound mail before sending it to the cloud. For more information, see Shared Address Space with On-Premises Relay Scenario (MX Points to On-Premises).
Shared address space with on-premises relay scenario (MX points to FOPE) - The MX record for your shared email domain is configured to route email to FOPE for spam and policy filtering before it reaches your on-premises server. Use this configuration if you want FOPE to perform spam and policy filtering before routing mail to your on-premises server for additional processing. For more information, see Shared Address Space with On-Premises Relay Scenario (MX Points to FOPE).
Shared address space with cloud relay scenario (MX points to the cloud) - The MX record for your shared email domain is configured to route email to FOPE for anti-spam processing and policy filtering before it is routed to Exchange Online, where it is filtered again by Forefront Protection 2010 for Exchange Server (FPE) on the Exchange Online transport servers. Use this scenario if you want to ensure that all messages that are relayed to your on-premises organization have been filtered for spam and viruses by Forefront. This scenario is documented in the Office 365 community at Hybrid Routing – Pointing Your MX Record to the Cloud.
Office 365 customers can consult the following documentation for more information about hybrid deployments: Exchange Online Hybrid Deployment and Migration with Office 365.
|Some of these email flow scenarios, for example the outbound smart host, inbound safe listing, and regulated partner with forced TLS scenarios, are also applicable for FOPE standalone customers. Before implementing these scenarios, it is assumed that FOPE standalone customers have already signed in to the FOPE Administration Center and performed the FOPE Setup and Provisioning steps.|
ConceptsFully Hosted Scenario
Shared Address Space with On-Premises Relay Scenario (MX Points to On-Premises)
Outbound Smart Host Scenario
Inbound Safe Listing Scenario
Regulated Partner with Forced TLS Scenario
Enforcing and Removing FOPE Connector Associations
Viewing Information About the FOPE Connectors