Protecting Hybrid O365 deployments

Hi All

We are looking at migrating towards a hybrid O365 deployment with some users being serviced via our on prem Exchange servers and others moving their mail to the O365 cloud.

As a part of this deployment we need to publish the "Autodiscover.company.com" to the internet as the client machines use this address to connect to the internal Exchange servers to get their XML configuration file.

We do not support BYOD and all of our external users that will use O365 have user and machine certs installed as well as the F5 Edge Client.

If I point the autodiscover address to my DMZ F5, Is there a way I can use the F5 to do a machine and user cert check / validation. The autodiscover although using 443, does not perform a HTTP request so I do not know how to trigger the APM

Can I perhaps use an iRule to do this - on Client:Accepted (or any other argument) then trigger/call an Access policy.

Essentially I want the Outlook client to call autodiscover, which points to my DMZ F5, The F5 then needs to validate the certs, if validated forward the traffic to the on prem Exchange servers.

Is this possible?

Thanks for all your help here

BIG-IP Access Policy Manager (APM)

cloud

iRules

Forum Discussion

Protecting Hybrid O365 deployments

Recent Discussions

Reliable resources for identifying IP addresses

Issue on license renewal

Viprion files on blades.

redirect not working

active/active Support Declarative Onboarding

Related Content

F5 Hybrid Security Architectures (Part 3 - F5 XC API Protection and NGINX Ingress Controller)

F5 Distributed Cloud Web App and API Protection hybrid architecture for DevSecOps

F5 Hybrid Security Architectures (Part 2 - F5's Distributed Cloud WAF and NGINX App Protect WAF)

Where are F5's archived deployment guides?

F5 BIG-IP deployment with OpenShift - per-application 2-tier deployments