This is also a good opportunity to review your receive connectors. Here you can set maximum incoming message size (default is 35MB -- remember to account for the roughly 33 percent MIME encoding overhead), whether to enable connection logging, security settings such as enforced TLS, and IP restrictions.
You have the basic mail routing configured and you can send and receive email. Now you need to get clients connected to your system so that they can actually use it.
With Office 365, Microsoft uses its own namespace for Outlook Autodiscover, Outlook Web App, and SMTP connectivity over TLS. As such, Microsoft use its own certificates. For on-premises Exchange, you will need to purchase new certificates from a trusted CA to allow trusted secure connectivity to your systems.
Fortunately, Microsoft has made the process easy to complete. To start, open EAC and navigate to Servers > Certificates. Add a new certificate and choose to generate a request. A wizard will open and walk you through the process. You will be given the opportunity to choose your domain for each access type. In this example, I've mainly used webmail.exampleagency.com for everything.
To add a new certificate, open EAC and navigate to Servers > Certificates.
Once you finish the wizard, take your certificate request file and upload it to your preferred certificate authority (we used GoDaddy). You will then receive the certificate in the form of a CER file. Simply click on Complete and import the CER file to have the certificate be imported and enabled for use in your environment.
Now that you have your certificate installed, it's time to tell Exchange what domains to use for what services. Navigate to Servers > Virtual Directories. From here, you should configure external access for each one. In this example, we have configured the OWA virtual directory to use webmail.exampleagency.com.
There are more complex topics to discuss such as client access arrays and load balancing, but those are best left for a more in-depth exploration than this article. For more information, see Microsoft's Exchange Server documentation on TechNet.
Security and compliance
Even though your data isn't in a public cloud, you still need to carefully consider security. For starters, make sure you're applying regular updates to both Windows Server and Exchange Server. The same advice for administrator accounts applies, as well; always use separate administrator accounts from regular accounts.
Sign up for CIO Asia eNewsletters.