Hello all
Currently all of our mailboxes are located in O365. Our MX records point to EOP, and we have Centralized mail transport enabled. This means that all emails sent from mailboxes in O365 are routed from EOP to On-prem, and then from on-prem to the intended recipient. The email flow is below. From my understanding when a transport rule exist in EOP that has a address space of * (all domains) that this transport rule will take precedence over all other transport rules. Example is if i create a transport rule that uses MX record lookup to send emails to Yahoo.com, and i also have a transport rule that has an address space of * and uses a smarthost, the email sent to Yahoo.com will be sent using the connector that has an address space of *. Also as i said earlier all mailboxes are hosted in O365, if i need to send forced TLS to a certain domain, and because we have Centralized mail transport enabled then where should i configure the forced TLS? it doesn't make sense to try and configure this in EOP because all emails go through on-prem first. If you look at my below routing hops the last hop the email takes before it leaves the environment is the Symantec SMG servers. I think this is where i would need to configure foreced TLS to external domains.
user in O365 sends email to @gmail.com
EOP----->on-prem Hybrid Server------->Symantec SMG server------->@Gmail.com
Bulls on Parade