When configuring a hybrid setup of Exchange with Office 3656 a Https connection between office 365 and Exchange needs to be established. usually this will be the same configuration used for RPC over https (Outlook Anywhere). Now a lot of customers use a TMG server located in their DMZ to secure outlook anywhere. Now if you have a TMG server set up as a reverse proxy for your Exchange outlook anywhere and TMG is also performing authentication for the session, the hybrid setup is going to fail. You’ll receive an error stating that office 365 can not find the MRS endpoint connection at the supplied URL.
Well you could disable authentication for the Outlook Anywhere rule. This will work though of course there is slight trade-off in security.
What I would recommend is creating a 2nd rule for publishing outlook anywhere and placing it above the existing rule. Now we need to make two changes to the rule. The first is to disable authentication by choosing All Users instead of Authenticated Users
The second change is to just publish the two paths required for office 365 Hybrid. They are the Autodiscover and the EWS directories.
Adding this rule with these two changes will allow for a successful setup of office 365 hybrid with your Exchange server.