Welcome back. In this lesson, we're going to touch on a mail flow scenario where a third-party cloud service is used with mailboxes in both Exchange Online and an on-prem Exchange server. This type of mail flow architecture is often used when an organization is migrating its mailboxes to Exchange Online but wants to also keep some mailboxes on-prem. At the same time, the organization wants to leverage a third-party cloud-based anti-spam solution to filter spam from the Internet. In this mail flow architecture, all emails to the Internet are routed through Microsoft 365. This is usually done in order to prevent the public IP of the organizations on-prem server from being added to public block lists. 

The diagram on your screen shows what this architecture looks like. To make this architecture work, you first have to add your email domain in Microsoft 365 and verify ownership. Once you've verified your email domain in Microsoft 365, you can create your user mailboxes in Exchange Online or you can migrate your mailboxes from the on-prem solution. Next, you'd update your email domain's DNS records. More specifically, you'd point your email domains mx record to whatever third-party anti-spam service you're using. You'd also have to include your third-party anti-spam service, Microsoft 365 and the IP addresses of your on-prem server or servers as valid senders in your SPF record. Step by step instructions for setting up this type of mail flow architecture can be found at the URL that you see on your screen.