Q: Does Exchange Server 2016 require an Edge Transport server to be deployed?

A: No.

Edge Transport is an optional role, which has been the case for all versions of Exchange that have had an Edge role available. The consolidation of Exchange 2016 server roles into just two (Mailbox, and Edge Transport) doesn’t change that. You can deploy a simple Exchange 2016 environment on a single Mailbox server, with no Edge Transport server deployed at all.

What you might need to consider though, is whether Edge Transport does anything for you that you need from a functionality perspective. The Edge Transport server role is designed to sit in a perimeter network, providing secure mail flow in and out of your organization. That includes filtering unwanted email, although the capabilities are not as rich as most other email security products and cloud services (including Exchange Online Protection). So from a functionality perspective, you may still need to deploy an email security server or service to protect your environment and your end users.

You can read more about the Edge Transport server role here (the article is written for Exchange 2013, but little has changed for 2016).

About the Author

Paul Cunningham

Paul is a former Microsoft MVP for Office Apps and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul no longer writes for Practical365.com.


  1. math

    Hi sir

    renewing my exchange 2016 auto-sign certificate by local autority certificate will impact my edge ? since he has auto -sign certificate itself


  2. Lewis

    can you use an edge transport server without any other exchange servers if you only want to sent email and not receive?

    1. Amelia

      No, A edge server is usually used to protect a environment with protection against viruses, etc. For me it’s just more elegant a safer option to have a edge server as it dosen’t expose the ad joined exchange mail server.

  3. sreenivasa prasad

    Can we use 2016 Exchange as Edge server to replace TMG 2010 .

  4. Stijn

    Can I install the Edge transport role on the same windows 2016 server where the mailbox server role of exchange 2016 is installed?

  5. kunal sood

    Specifically in Exchange 2016 environment.


  6. kunal sood

    If we dont have Edge Transport & any third party filtering service deployed in our environment. Then who would be responsible for email filtering ?


  7. Bong

    Hi Paul, I want to use 2016 Edge placed at the iDMZ which will point to Google. Do you have any installation guide doing this? Some detailed one.

  8. Carl

    Is there any need for an edge transport server if you run an hybrid installation and all traffic goes thru Online Protection? And we also only have like 50 functional mailboxes left on ground.

    Thanks for a great site!

  9. Thomas Stensitzki

    Even though that the Edge role ist not *required* for an on-premises Exchange deployment there are certain enterprise deployment scenarios where you want to deploy servers running the Edge role.
    When it comes to 3rd Party gateway solutions you must keep in mind that those are not officially supported for native hybrid mailflow with Office 365.

  10. Vijay Birari

    Dear Paul Sir,

    I follow your articles. It’s amazing. “Thank you so much for generously sharing your time and expertise.”

    As per my knowledge, If we have 3rd party mail security gateway then we don’t need an Edge server.

  11. Preetam

    Do we need a license for this component if we configure this role on a server running in DR

  12. Parveez

    Hi Paul,

    I already have barracuda email security as a gateway, Do i still need Edge Transport role ?


  13. Philip Curwen

    Hi Paul, in Exchange 2016 will I require a separate Edge Transport Server in order to get DNSBL (Connection Filtering) working?

  14. Larry Jacobs

    If I am setting up the hybrid architecture for Exchange 2016, then why would I need the Edge Transport Role? O 365 will take care of anti-virus and spam filtering. Just curious about this.

    1. Avatar photo
      Paul Cunningham

      Some organizations have a policy against allowing external connections to the internal network, and require them to go through a host in a perimeter network instead.

  15. Kiran prakash

    Hi Paul,

    Can Edge Transport 2016 be installed on a separate box in DMZ for an environment with MS Exchange 2010 hub-transport and 2010 CAS/Mailbox servers (in the inside network). Do you see that as possible or potentially see it as not doable/problematic.

    Thanks in advance.

  16. BW

    Can the Exchange 2016 Edge server role run in a high availabiliy setup?

    1. Avatar photo
      Paul Cunningham

      Yes. HA for Edge is achieved through the use of multiple servers, multiple MX, load balancing, multiple datacenters, etc (or some combination of those things). There’s no special configuration of Edge required for HA though, not like a DAG.

Leave a Reply