VMware Workspace ONE Community
davisjj
Contributor
Contributor
‎08-10-2018 11:19 AM

Can SEG Process A Hybrid Redirect (ActiveSync), 2013 to O365?

We are prepping for a migration from Exchange 2013 to O365.  We are using SEG v2 in a proxy config.  Internally, the SEG cluster points to the on premise CAS boxes.  In a hybrid config, the Exchange environment should redirect the client to O365 when the mailbox has been moved.  I know that iOS can handle a redirected profile update, but I'm getting the sense that SEG cannot?  If I point SEG directly to outlook.office365.com as the email URL, it still fails.  That may be because we have external authentication disabled for O365, but I'm not 100% positive on that one.  We have a very complex security model/environment.
Labels (1)
Labels
0 Kudos
10 Replies
LukeDC
Expert
Expert
‎08-10-2018 12:19 PM

https://support.workspaceone.com/solutions/SOL-253
This solution sums up how to use a SEG with Office 365.
0 Kudos
davisjj
Contributor
Contributor
‎08-10-2018 12:37 PM

Hi Luke, yes, I had checked that solution.  ADFS is required for preventing people from connecting without SEG, but at the moment, I cannot get them to connect WITH SEG.  I'm fairly certain that the authentication piece is breaking, but I wanted to make sure that I had the SEG settings correct.  Would you agree that pointing the SEG's email URL to https://outlook.office365.com:443 is correct?
0 Kudos
LukeDC
Expert
Expert
‎08-10-2018 12:46 PM

Yes, that would be the URL. Do you use MFA?
0 Kudos
RCartwright
Contributor
Contributor
‎08-10-2018 12:57 PM

In your mail profile, do you have the user name field using {EmailUserName} or {EmailAddress}. It has to be {EmailAddress} for O365 logins.
0 Kudos
LukeDC
Expert
Expert
‎08-10-2018 01:02 PM

Technically it has to be the UPN in the username field, which is typically the email address, but is not always the case.
0 Kudos
davisjj
Contributor
Contributor
‎08-10-2018 01:52 PM

We are not using MFA currently.  Yes, just ran a direct to O365 test with the UPN and it worked.  It still fails going through SEG with the UPN, so there's likely something blocking communication between SEG and ADFS.  We'll keep digging.
0 Kudos
ArianZuta
Contributor
Contributor
‎12-12-2019 11:42 AM

Hi all
Could anyone configure boxer to use Office 365 through SEGv2?
Modern Auth has been enabled on Boxer and Username is set to Emailaddress.
Thanks for a quick response.
Best Arian
0 Kudos
AllisonHocker
Contributor
Contributor
‎01-16-2020 07:29 AM

I am also struggling with this. We are in hybrid mode and need to start moving our mailboxes to O365. Do I need to stand up another SEG for O365 traffic or should the existing SEG forward the email to Exchange, and then Exchange sends the email to the online mailbox?  My test user gets authenticated but gets an error within Boxer that the folders cannot be displayed.  SEG shows 401 unauthorized.  No entries in Exchange IIS logs.

0 Kudos
SolaFlare
Contributor
Contributor
‎01-22-2020 11:43 AM

I have the same question as Allison H.
I appreciate any guidance anyone can provide on the matter.
Kind regards,
Anthony
0 Kudos
AllisonHocker
Contributor
Contributor
‎01-23-2020 07:40 AM

Anthony F - I ended up configuring another MEM instance using direct Powershell since we are forcing the use of Boxer.  Within Boxer you can force email attachments to only open in Boxer, so PS with Boxer meets our security requirements.  You can use SEG with O365 if you wish.  Here is the response from VMware support:

' You may only point a Secure Email Gateway to one Exchange server. If you would like to proxy requests to Exchange Online through a SEG while also proxying to your on-prem Exchange server, you will need to create a second SEG server to process those requests'
0 Kudos