...
Configure the Azure app credentials in Access Portal → Settings → Authentication
Code Block 1 103 EwsAzureImpersonation GENERAL YES NULL NULL Bastion False 1 100 CasbAzureTenant GENERAL AgatDevelopment.onmicrosoft.com settings_CasbAzureTenant_label settings_CasbAzureTenant_explanation Casb True 1 101 CasbO365ApplicationId GENERAL 4c836ac3-5d91-4c9a-bc56-e9dc048dde41 settings_CasbO365ApplicationId_label settings_CasbO365ApplicationId_explanation Casb True 1 102 CasbO365ApplicationSecret GENERAL settings_CasbO365ApplicationSecret_label settings_CasbO365ApplicationSecret_explanation Casb False
Add an “EWS-Online” channel to Bastion. Its external hostname should be something like ews-online.company.com. This requires an appropriate DNS record and firewall/LB configuration. The published host should be outlook.office365.com.
Add the Traffic Modifier filter to the new EWS-Online channel with the provided config file.
Add the EWS Protector filter too, using the same config file as the existing EWS channel.
Code Block <authRelaying passthrough="false" type="Azure">
The existing EWS filter (On Prem) should contain the following config: (Not required if manual discovery is used)
Code Block <authRelaying passthrough="false" type="KCD" ewsOnlineHost = "ews-online.company.com">
Add DNS records/Network config for ews-online.company.com
If using manual Exchange server discovery on clients, ensure that clients have the new DNS record specified as the Exchange server (see step 2), for users hosted on O365. E.g. https://ews-online.company.com/
Link to example config: http://downloads.agatsoftware.com/Bastion - HybridEWSAzureImpersonation.zip
...