Protecting Hybrid O365 deployments

Hi All

 

We are looking at migrating towards a hybrid O365 deployment with some users being serviced via our on prem Exchange servers and others moving their mail to the O365 cloud.

 

As a part of this deployment we need to publish the "Autodiscover.company.com" to the internet as the client machines use this address to connect to the internal Exchange servers to get their XML configuration file.

 

We do not support BYOD and all of our external users that will use O365 have user and machine certs installed as well as the F5 Edge Client.

 

If I point the autodiscover address to my DMZ F5, Is there a way I can use the F5 to do a machine and user cert check / validation. The autodiscover although using 443, does not perform a HTTP request so I do not know how to trigger the APM

 

Can I perhaps use an iRule to do this - on Client:Accepted (or any other argument) then trigger/call an Access policy.

 

Essentially I want the Outlook client to call autodiscover, which points to my DMZ F5, The F5 then needs to validate the certs, if validated forward the traffic to the on prem Exchange servers.

 

Is this possible?

 

Thanks for all your help here