Its Day 76 of my 100 Days of Cloud journey, and as promised todays post is taking a closer look at how Exchange Hybrid configuration works.
In the last 2 posts, we’ve looked at the following:
- The different authentication methods available.
- Ways to protect both our administrator and user accounts.
- Preparing the key attributes in our Active Directory for synchronization.
- Created our Microsoft 365 Trial tenant.
- Added our production domain and saw how DNS records could be added.
- Installed and configured Azure AD Connect and looked at the different options for user synchronization and authentication.
While looking at our DNS records, we decided not to implement them as we wanted to configure an Exchange Hybrid environment. This is one of the options available to you once you start to plan your cloud migration journey.
Lets take a look at what the benefits are, and how it works.
Exchange Hybrid explained
There is a saying I’ve heard in the IT industry for years – “Its easy to get your Data into the Cloud, but its not easy to get it out”.
I’ll take a further look at the different migration options available to you in the next post, however all of these option will be “on-board” only, which means that you can only migrate your on-premise mailboxes to Microsoft 365, but cannot migrate them out.
Exchange Hybrid is the only option available were you have the option to both “on-board” and “off-board” users. You maintain at least one of your on-premise Exchange Servers, and install the Hybrid Agent which allows communication between your on-premise environment and Microsoft 365.
The key features offered in a Hybrid deployment are:
- Secure mail routing between on-premises and Exchange Online organizations.
- Both on-premises and Exchange Online organizations use the same shared domain namespace or SMTP domain.
- A unified global address list (GAL), also called a “shared address book.”
- Free/busy and calendar sharing between on-premises and Exchange Online organizations.
- Centralized control of inbound and outbound mail flow. All inbound and outbound Exchange Online messages to be routed through the on-premises Exchange organization.
- A single Outlook on the web URL for both the on-premises and Exchange Online organizations.
- The ability to move existing on-premises mailboxes to the Exchange Online organization. Exchange Online mailboxes can also be moved back to the on-premises organization if needed.
- Centralized mailbox management using the on-premises Exchange admin center (EAC).
- Message tracking, MailTips, and multi-mailbox search between on-premises and Exchange Online organizations.
- Cloud-based message archiving for on-premises Exchange mailboxes. Exchange Online Archiving can be used with a hybrid deployment.
An example of how a typical Exchange Hybrid deployment works is shown in the diagram below:
The following prerequisites need to be in place before creating your Hybrid Deployment:
- Exchange Server Roles:
- 2016 and newer: Mailbox Server Role.
- 2013: At least one instance of Mailbox and Client Access Server roles (preferably on one server).
- 2010: At least on instance of Mailbox, Hub Transport Client Access Server roles (preferably on one server).
- Microsoft 365 or Office 365 plan that support Directory Synchronization.
- Active Directory synchronization: Deploy the Azure Active Directory Connect tool to enable Active Directory synchronization with your on-premises organization.
- Autodiscover DNS records.
- Valid digital Certificates from a trusted public CA.
- EdgeSync is required if you’ve deployed Edge Transport servers in your on-premises organization and want to configure the Edge Transport servers for hybrid secure mail transport.
To install and configure the Exchange Hybrid deployment, you need to firstly go to the Exchange Online admin center, go to the “hybrid” menu and select the option to configure an Exchange Hybrid deployment:
This will redirect you to download the Hybrid Configuration Wizard. The wizard will run through each screen and present you with the options required.
While all of teh options and screens are important during the setup, the main ones to look for are:
- Choosing a Minimal or Full Hybrid deployment: this provides the option to use the deployment woth minimal configuration for migration purposes only, or else to maximise the full features of the deployment.
- Bi-directional Transport Configuration for Client Access and Mailbox Servers, and also Edge Servers for secure transport:
Once the wizard completes, you will be able to log onto Exchange Online and complete a migration of an on-premise user by selecting them from the Global Address list. You can also migrate the users back to the on-premise Exchange.
There are some excellent “how-to” articles on how this process works, this article at Azure365Pro is worth a read to see how the process works in full.
Is it worth doing?
And so we come to the main question.
A lot of people either haven’t heard of Hybrid deployments because the assumption is that any migration to Microsoft 365 will be done by the traditional methods (Cutover/Staged/IMAP), or else don’t want to invest in a Hybrid deployent because of the complexity of the environment and also the costs involved in maintaining infrastructure.
We have to remember that one of the drivers for moving to Microsoft 365 is removing the overhead of maintaining an on-premise email environment.
The other point that needs to be made is that when you have migrated all of your mailboxes to Microsoft 365 and want to decommission the Hybrid deployment, all of your mailboxes then need to become fully cloud managed identities. There is also a consideration around 3rd-party services that use Exchange for SMTP communications.
So thats a look at how you can use Hybrid Configuration to enable your on-premise Exchange environment to co-exist with your Microsoft 365 tenant during the migration process.
In the next post, we’ll look at the different mailbox migration options available. Hope you enjoyed this post, until next time!