Since the dawn of email, organizations have struggled with the way that users reply to emails. Confusion (or worse) occurs when emails include groups, CC, BCC, internal, and external recipients. Choosing to use "Reply All" may release confidential information to the wrong people or cause mail storms between senders and recipients – sometimes bringing email servers to their knees.
One of the most important aspects of moving to a cloud solution like Office 365 is to provide a way for users to authenticate to their cloud resources. Organizations typically want to reduce administrative overhead and user confusion by managing only one directory, be it the on-premises directory (AD) or the cloud directory (Azure AD).
Microsoft first introduced the Edge Transport role as one of the five Exchange roles in Exchange 2007 and offered it again in Exchange 2010. The purpose of the Edge server role is to provide a solution for customers who require inbound SMTP connections to terminate in the perimeter network (DMZ), rather than in the internal network. Since most inbound SMTP connections are unauthenticated, some security departments are uneasy at allowing these connections directly to internal resources (your Exchange servers). Edge transport servers allow these customers to deploy Exchange without having to buy an SMTP gateway appliance.
For further security, computers running the Edge Transport role are not joined to the internal Exchange organization’s domain and cannot run any other Exchange roles. It is possible to join Edge servers to a separate DMZ domain for group policy configuration and common security configuration, but this is rare since most customers do not deploy Active Directory in their perimeter network.