SlideShare a Scribd company logo

MCT Summit Middle East 2021 - Exchange Hybrid - What, Why, and How

Download as PPTX, PDF
Thomas Stensitzki
Thomas Stensitzki

MCT Summit Middle East 2021 My session about Exchange Server Hybrid, the available options, and how you implement Exchange Hybrid.

Technology
1 of 28
WHAT IS EXCHANGE HYBRID?
Thomas Stensitzki Enterprise Consultant | Owner Granikos GmbH & Co. KG MVP | Office Apps & Services MCT Regional Lead Email thomas.stensitzki@granikos.eu Twitter @Stensitzki LinkedIn https://linkedin.com/in/thomasstensitzki Blog http://JustCantGetEnough.Granikos.eu Web https://www.stensitzki.de
What is Exchange Hybrid?
On-Premises Exchange Organization Microsoft 365 Exchange Online Hybrid Configuration  Trusted relationship between an on-premises Exchange Organization and Exchange Online  Hybrid connections for mail flow (SMTP), and service access (HTTPS) for Exchange hybrid functionality  Hybrid Configuration Wizard (HCW) activates and configures the hybrid mode of operation What is Exchange Hybrid?
Hybrid Mode Classic Express Minimal Full Modern Minimal Full Exchange Hybrid Two Modes – Three Variants
On-Premises Exchange Organization Hybrid Configuration Perimeter Network Microsoft 365 Exchange Online Azure AD Company Network SMTP HTTPS  Active Directory Hybrid with Azure AD Connect  Exchange Hybrid option enabled  SMTP Connection between On-Premises and Exchange Online  Separate hostname (e.g., smtp365.company.com)  Additional public IP address  TLS certificate for hostname  Edge Transport Role in perimeter network (1)  Alternatively, direct inbound connection (2)  Inbound HTTPS connection to Client Access Service  Internal Exchange Servers published by a Reverse Proxy  Requires additional public IP address  Outbound HTTPS connections to Exchange Online  Exchange Server communication to Exchange Online Classic Full Hybrid
 Active Directory Hybrid with Azure AD Connect  Exchange Hybrid option enabled  SMTP Connection between On-Premises and Exchange Online  Separate hostname (e.g., smtp365.company.com)  Additional public IP address  TLS certificate for hostname  Edge Transport Role in perimeter network (1)  Alternatively, direct inbound connection (2)  Outbound HTTPS connections to Exchange Online  Exchange Hybrid-Agent Exchange Online to Exchange on-premises communication  Exchange Server communication to Exchange Online  Install additional Hybrid-Agents for redundancy Hybrid Configuration Perimeter Network Microsoft 365 Exchange Online Azure AD Company Network On-Premises Exchange Organization HTTPS SMTP Modern Full Hybrid
Full Full classic hybrid configuration, Exchange server published to the internet (SMTP/HTTPS)  permanent hybrid operation and Teams access to on-premises Minimal Hybrid configuration, without rich coexistence to migrate all on-premises mailboxes to Exchange Online  temporary hybrid operation for a few weeks / months Express Hybrid configuration, with Azure AD Connect Express settings, to migrate all on-premises mailboxes to Exchange Online  temporary hybrid operation for a few days / weeks Full Full Modern Hybrid configuration, for new hybrid setups based on Hybrid Agent deployment, with reduced hybrid functionality  permanent hybrid operation Minimal Modern Hybrid configuration, to migrate all on-premises mailboxes to Exchange Online  temporary hybrid operation for a few weeks / months Exchange Hybrid The Differences
Why do you need Exchange Hybrid?
 Coexistence between your on-premises Exchange Organization and Exchange Online  Mailbox migration to and from Exchange Online  Seamless public folder migration to Exchange Online  Microsoft Teams with on-premises mailboxes (calendar access)  Transition from an on-premises Exchange Organization to Exchange Online  Optimal migration experience for end users  Centralized mail flow for use of on-premises email solutions with user mailboxes in Exchange Online  Gateway-based S/MIME decryption/encryption, email disclaimer, archiving, journaling, …  Hybrid mail flow providing email relay functionality for on-premises legacy applications and devices with  No access to the internet  No support for TLS protocols 1.0 or 1.1  No support for SMTPAUTH user authentication  No support for SMTP modern authentication Why do you need Exchange Hybrid?
 On-Premises Exchange Server 2019 hybrid endpoint  Microsoft Teams backend services use AutoDiscover v2 to discover on-premises EWS and REST endpoints  Client Access Endpoint accessible for Microsoft Teams backend services  Always use latest Exchange Server cumulative update  In-Place upgrade capability for Exchange Server vNEXT (H2 2021)  Use Third-Party TLS-certificate with all required subject alternate names (SAN) for incoming HTTPS connections  AutoDiscover  Exchange namespace  Exchange Virtual Directory’s external URL-Settings  Use a dedicated Third-Party TLS-certificate for SMTP when using centralized mail flow  Enable and configure OAUTH authentication using Hybrid Configuration Wizard  Exchange team provides detailed information on how to configure OAUTH manually  AutoDiscover DNS resource records for SMTP domains used for primary email addresses  Use Exchange Server 2016 if you need a coexistence server only Exchange Hybrid Recommendations
How to implement Exchange Hybrid?
 Know the differences of the Exchange hybrid variants and modes of operation available  Know the mode of operation for your Exchange Organization and hybrid requirements  Have your on-premises Exchange organization ready for hybrid configuration  Install latest Exchange Server Cumulative Updates on all Exchange Servers, including Edge Transport  Have required IP addresses & DNS hostnames for the Exchange namespace set up  Verify inbound connectivity to your Exchange organization using Remote Connectivity Analyzer (RCA)  When your firewall policy is restricted for inbound traffic, add the RCA IP addresses to that policy  RCA release notes  Have Edge Transport TLS certificates installed on internal an Exchange Server for selection by HCW, when using Edge  Do NOT enable this certificate for any Exchange service  Enable Exchange Hybrid option in Azure AD Connect first Exchange Hybrid Requirtements
 Click-2-Run Setup  https://aka.ms/HybridWizard  .application file type requires mapping to Internet Explorer  Note the HCW version information  Current: v17  Uninstall v16 first  HCW is updated regularly  HCW downloads a newer version automatically when started  HCW configuration steps vary depending on your Exchange Organization configuration Hybrid Configuration Wizard
 HCW detects the optimal Exchange Server for configuration automatically  Specify a CAS server manually, if needed  Select the appropriate Office 365 target infrastructure  Office 365 Worldwide is the default for commercial customers Hybrid Configuration Wizard On-Premises Organization
 HCW connects to on-premises Exchange and Exchange Online to gather the current organizational configuration  Adjust credentials as needed   Check, if WinRM allows Basic Authentication Hybrid Configuration Wizard Gathering Organization Configuration
 Select hybrid features to configure  Minimal Hybrid  Full Hybrid  Enable Organization Configuration Transfer  One-time transfer of selected configuration objects  Available objects depend on the on-premises Exchange Server version Hybrid Organization Configuration Transfer Documentation Hybrid Configuration Wizard Hybrid Features
 Select Hybrid Topology  Exchange Classic Hybrid  Exchange Modern Hybrid  Modern Hybrid uses the Modern Hybrid Agent  Azure Application Proxy-style component using HTTPS outbound connectivity only  Automatic download and installation of  Hybrid Updater  Hybrid Agent  HCW uninstalls and unregisters the Modern Hybrid Agent when switching from Modern Hybrid Hybrid Configuration Wizard Hybrid Topology
 Configure hybrid mail flow  Direct to/from internal Exchange Servers  Via Edge Transport Servers in perimeter network, already subscribed to Active Directory site  Centralized mail flow  Route all mail flow to/from Exchange Online mailboxes via on-premises Exchange Organization Hybrid Configuration Wizard Hybrid Mail Flow
 Select the Exchange server used for receiving email messages from Exchange Online  Select the Exchange Server published to the Internet  HCW configures the default frontend receive connector  HCW might select the wrong receive connector  You use additional receive connectors with a remote IP address range 0.0.0.0 – 255.255.255.255  The default frontend connector uses individual remote IP address ranges configuration  Compare TlsCertificateName and TlsDomainCapabilities connector properties afterwards Hybrid Configuration Wizard Receive Connector
 Select Exchange server for sending email messages from the on-premises Exchange Organization to Exchange Online  HCW configures Send Connector  Exchange Server needs outbound connectivity to Exchange Online  EdgeSync transfers the Edge Servers’ Send Connector configuration (when using Edge Transport) Hybrid Configuration Wizard Send Connector
 Select TLS certificate to secure the trusted mail flow between on-premises Exchange and Exchange Online  With Edge Transport  Ensure that the dedicated TLS certificate is installed in the certificate store of one of the internal Exchange servers  Import the TLS certificate prior to executing HCW into the local Exchange Server certificate store  Do NOT enable the TLS certificate for any Exchange service  Avoid using NAT between Edge Transport Servers and internal Exchange servers  Do NOT use TLS intercepting SMTP proxy servers Hybrid Configuration Wizard Transport Certificate
 Enter the external FQDN of the Exchange Organization for inbound SMTP  Hostname should match TLS certificate  Hybrid mail flow requires Exchange to Exchange communication  Recommendation for centralized mail flow  Use a dedicated host name, IP address, and TLS certificate  Use Edge Transport Server(s) Hybrid Configuration Wizard Organization FQDN
 Update and wait  If updating fails  HCW provides full log files  %appdata%RoamingMicrosoftExchange Hybrid Configuration  Log file contains all PowerShell configuration steps  Use Remote Connectivity Analyzer to check inbound connectivity  Issues  Remote connectivity  Firewall policies, proxy servers, DNS  WinRM Windows service configuration issues Hybrid Configuration Wizard
Microsoft Teams and Exchange Server
 Microsoft Teams Client communicates with Teams Middle-Tier, not with Exchange directly  Microsoft Teams Middle-Tier contacts Exchange Online first  If user mailbox is not in Exchange Online, the Teams Backend receives an HTTP 302 Redirect to On-Premises  On-premises endpoint is always discovered using AutoDiscover v2  Exchange Redirect requires AAD Connect synchronization with Exchange Hybrid option enabled  Authentication requires OAuth between Exchange Server and Exchange Online / Azure AD  Use Hybrid Configuration Wizard to configure OAuth (preferred)  Microsoft Teams Backend requires communication with AutoDiscover, EWS, and REST endpoints Microsoft Teams and Exchange Server
 When using many different SMTP domain names, you need a dedicated AutoDiscover v2 endpoint for each domain  Microsoft Teams backend services do not handle an on-premises HTTP 302 redirect correctly  Publish an AutoDiscover endpoint for each SMTP domain  Use an edge router if you cannot add all domains to a single SAN certificate, e.g., Traeffic  Check Microsoft Teams Coexistence mode with Skype for Business Online  Only Island, Teams Only, or Skype for Business with Teams Collaboration and Meeting support the calendar tab  Verify that the calendar tab is enabled in Teams App Policy  Ensure that Exchange Hybrid is enabled in Azure AD Connect Microsoft Teams and Exchange Server
Thomas Stensitzki Enterprise Consultant | Owner Granikos GmbH & Co. KG MVP | Office Apps & Services Email thomas.stensitzki@granikos.eu Twitter @Stensitzki LinkedIn https://linkedin.com/in/thomasstensitzki Blog http://JustCantGetEnough.Granikos.eu Web https://www.stensitzki.de

Recommended

Cross Tenant Migration Microsoft Teams
Cross Tenant Migration Microsoft TeamsCross Tenant Migration Microsoft Teams
Cross Tenant Migration Microsoft Teams
Thomas Poett
 
サポート エンジニアが語る、Microsoft Azure を支えるインフラの秘密
サポート エンジニアが語る、Microsoft Azure を支えるインフラの秘密サポート エンジニアが語る、Microsoft Azure を支えるインフラの秘密
サポート エンジニアが語る、Microsoft Azure を支えるインフラの秘密
ShuheiUda
 
Office 365: Migrating Your Business to Office 365!
Office 365: Migrating Your Business to Office 365!Office 365: Migrating Your Business to Office 365!
Office 365: Migrating Your Business to Office 365!
Michael Frank
 
怖くないAzure Landing Zone
怖くないAzure Landing Zone怖くないAzure Landing Zone
怖くないAzure Landing Zone
Atsushi Kojima
 
OSC2011 Tokyo/Spring 自宅SAN友の会(前半)
OSC2011 Tokyo/Spring 自宅SAN友の会(前半)OSC2011 Tokyo/Spring 自宅SAN友の会(前半)
OSC2011 Tokyo/Spring 自宅SAN友の会(前半)
Satoshi Shimazaki
 
Microsoft License の基本
Microsoft License の基本Microsoft License の基本
Microsoft License の基本
祥子 松山
 
IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証
IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証
IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証
TAKUYA OHTA
 
大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開
Rakuten Group, Inc.
 

Recommended

Cross Tenant Migration Microsoft Teams
Cross Tenant Migration Microsoft TeamsCross Tenant Migration Microsoft Teams
Cross Tenant Migration Microsoft Teams
Thomas Poett
 
サポート エンジニアが語る、Microsoft Azure を支えるインフラの秘密
サポート エンジニアが語る、Microsoft Azure を支えるインフラの秘密サポート エンジニアが語る、Microsoft Azure を支えるインフラの秘密
サポート エンジニアが語る、Microsoft Azure を支えるインフラの秘密
ShuheiUda
 
Office 365: Migrating Your Business to Office 365!
Office 365: Migrating Your Business to Office 365!Office 365: Migrating Your Business to Office 365!
Office 365: Migrating Your Business to Office 365!
Michael Frank
 
怖くないAzure Landing Zone
怖くないAzure Landing Zone怖くないAzure Landing Zone
怖くないAzure Landing Zone
Atsushi Kojima
 
OSC2011 Tokyo/Spring 自宅SAN友の会(前半)
OSC2011 Tokyo/Spring 自宅SAN友の会(前半)OSC2011 Tokyo/Spring 自宅SAN友の会(前半)
OSC2011 Tokyo/Spring 自宅SAN友の会(前半)
Satoshi Shimazaki
 
Microsoft License の基本
Microsoft License の基本Microsoft License の基本
Microsoft License の基本
祥子 松山
 
IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証
IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証
IT エンジニアのための 流し読み Windows - Windows のライセンス認証 & サブスクリプションのライセンス認証
TAKUYA OHTA
 
大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開大規模なリアルタイム監視の導入と展開
大規模なリアルタイム監視の導入と展開
Rakuten Group, Inc.
 
Proxmox VE 開源伺服器虛擬化應用經驗分享 [2019/11/12] @OpenInfra Days Taiwan 2019
Proxmox VE 開源伺服器虛擬化應用經驗分享 [2019/11/12] @OpenInfra Days Taiwan 2019Proxmox VE 開源伺服器虛擬化應用經驗分享 [2019/11/12] @OpenInfra Days Taiwan 2019
Proxmox VE 開源伺服器虛擬化應用經驗分享 [2019/11/12] @OpenInfra Days Taiwan 2019
Jason Cheng
 
Microsoft M365 Cross Tenant Migration Book
Microsoft M365 Cross Tenant Migration BookMicrosoft M365 Cross Tenant Migration Book
Microsoft M365 Cross Tenant Migration Book
Thomas Poett
 
Office 365 migration
Office 365 migrationOffice 365 migration
Office 365 migration
Motty Ben Atia
 
Proxmox VE 5.3 Cluster, High Availability & Others [20181223] @集思台大會議中心
Proxmox VE 5.3 Cluster, High Availability & Others [20181223] @集思台大會議中心Proxmox VE 5.3 Cluster, High Availability & Others [20181223] @集思台大會議中心
Proxmox VE 5.3 Cluster, High Availability & Others [20181223] @集思台大會議中心
Jason Cheng
 
Microsoft Azure Storage 概要
Microsoft Azure Storage 概要Microsoft Azure Storage 概要
Microsoft Azure Storage 概要
Takeshi Fukuhara
 
SharePoint Online へのアクセスを制限しよう
SharePoint Online へのアクセスを制限しようSharePoint Online へのアクセスを制限しよう
SharePoint Online へのアクセスを制限しよう
Hirofumi Ota
 
Office 365 勉強会「いまさらきけない? SharePoint の基礎のキソ」
Office 365 勉強会「いまさらきけない? SharePoint の基礎のキソ」 Office 365 勉強会「いまさらきけない? SharePoint の基礎のキソ」
Office 365 勉強会「いまさらきけない? SharePoint の基礎のキソ」
Kazuhiko Nakamura
 
Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説
Yusuke Kodama
 
AWS Site-to-Site VPN with IKEv2 from CGW under NAT and served with PrivateLink.
AWS Site-to-Site VPN with IKEv2 from CGW under NAT and served with PrivateLink.AWS Site-to-Site VPN with IKEv2 from CGW under NAT and served with PrivateLink.
AWS Site-to-Site VPN with IKEv2 from CGW under NAT and served with PrivateLink.
Namba Kazuo
 
System Center 2012, Endpoint Protectionの運用
System Center 2012, Endpoint Protectionの運用System Center 2012, Endpoint Protectionの運用
System Center 2012, Endpoint Protectionの運用
Suguru Kunii
 
SSH力をつけよう
SSH力をつけようSSH力をつけよう
SSH力をつけよう
(^-^) togakushi
 
SharePoint Online (365) vs SharePoint On-Premises
SharePoint Online (365) vs SharePoint On-PremisesSharePoint Online (365) vs SharePoint On-Premises
SharePoint Online (365) vs SharePoint On-Premises
Lior Zamir
 
從開源軟體的角度來聊聊資安應用 [2023/06/27] @資安五四三
從開源軟體的角度來聊聊資安應用 [2023/06/27] @資安五四三從開源軟體的角度來聊聊資安應用 [2023/06/27] @資安五四三
從開源軟體的角度來聊聊資安應用 [2023/06/27] @資安五四三
Jason Cheng
 
ストリーミングサービス研究グループ
ストリーミングサービス研究グループストリーミングサービス研究グループ
ストリーミングサービス研究グループ
Masaaki Nabeshima
 
適切な Azure AD 認証方式の選択の決め手
適切な Azure AD 認証方式の選択の決め手適切な Azure AD 認証方式の選択の決め手
適切な Azure AD 認証方式の選択の決め手
Yusuke Kodama
 
私がなぜZscalerに?
私がなぜZscalerに?私がなぜZscalerに?
私がなぜZscalerに?
Takayoshi Takaoka
 
開源x節流:企業應用經驗分享 (一)+(二) [2017/02/03] @臺中市政府
開源x節流:企業應用經驗分享 (一)+(二) [2017/02/03] @臺中市政府開源x節流:企業應用經驗分享 (一)+(二) [2017/02/03] @臺中市政府
開源x節流:企業應用經驗分享 (一)+(二) [2017/02/03] @臺中市政府
Jason Cheng
 
閉域網接続の技術入門
閉域網接続の技術入門閉域網接続の技術入門
閉域網接続の技術入門
Masayuki Kobayashi
 
Office 365 Mail migration strategies
Office 365 Mail migration strategiesOffice 365 Mail migration strategies
Office 365 Mail migration strategies
Fulvio Salanitro
 
Proxmox VE 功能概觀、案例分享與實用工具 [2019/12/07] @Proxmox VE 中文使用者社團 2019 年會
Proxmox VE 功能概觀、案例分享與實用工具 [2019/12/07] @Proxmox VE 中文使用者社團 2019 年會Proxmox VE 功能概觀、案例分享與實用工具 [2019/12/07] @Proxmox VE 中文使用者社團 2019 年會
Proxmox VE 功能概觀、案例分享與實用工具 [2019/12/07] @Proxmox VE 中文使用者社團 2019 年會
Jason Cheng
 
Exchange Server Hybrid - Was, Warum und Wie
Exchange Server Hybrid - Was, Warum und WieExchange Server Hybrid - Was, Warum und Wie
Exchange Server Hybrid - Was, Warum und Wie
Thomas Stensitzki
 
Microsoft Exchange 2013 Platform Options
Microsoft Exchange 2013 Platform OptionsMicrosoft Exchange 2013 Platform Options
Microsoft Exchange 2013 Platform Options
David J Rosenthal
 

More Related Content

What's hot

System Center 2012, Endpoint Protectionの運用
System Center 2012, Endpoint Protectionの運用System Center 2012, Endpoint Protectionの運用
System Center 2012, Endpoint Protectionの運用
Suguru Kunii
 

What's hot (20)

Proxmox VE 開源伺服器虛擬化應用經驗分享 [2019/11/12] @OpenInfra Days Taiwan 2019
Proxmox VE 開源伺服器虛擬化應用經驗分享 [2019/11/12] @OpenInfra Days Taiwan 2019Proxmox VE 開源伺服器虛擬化應用經驗分享 [2019/11/12] @OpenInfra Days Taiwan 2019
Proxmox VE 開源伺服器虛擬化應用經驗分享 [2019/11/12] @OpenInfra Days Taiwan 2019
 
Microsoft M365 Cross Tenant Migration Book
Microsoft M365 Cross Tenant Migration BookMicrosoft M365 Cross Tenant Migration Book
Microsoft M365 Cross Tenant Migration Book
 
Office 365 migration
Office 365 migrationOffice 365 migration
Office 365 migration
 
Proxmox VE 5.3 Cluster, High Availability & Others [20181223] @集思台大會議中心
Proxmox VE 5.3 Cluster, High Availability & Others [20181223] @集思台大會議中心Proxmox VE 5.3 Cluster, High Availability & Others [20181223] @集思台大會議中心
Proxmox VE 5.3 Cluster, High Availability & Others [20181223] @集思台大會議中心
 
Microsoft Azure Storage 概要
Microsoft Azure Storage 概要Microsoft Azure Storage 概要
Microsoft Azure Storage 概要
 
SharePoint Online へのアクセスを制限しよう
SharePoint Online へのアクセスを制限しようSharePoint Online へのアクセスを制限しよう
SharePoint Online へのアクセスを制限しよう
 
Office 365 勉強会「いまさらきけない? SharePoint の基礎のキソ」
Office 365 勉強会「いまさらきけない? SharePoint の基礎のキソ」 Office 365 勉強会「いまさらきけない? SharePoint の基礎のキソ」
Office 365 勉強会「いまさらきけない? SharePoint の基礎のキソ」
 
Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説Hybrid Azure AD Join 動作の仕組みを徹底解説
Hybrid Azure AD Join 動作の仕組みを徹底解説
 
AWS Site-to-Site VPN with IKEv2 from CGW under NAT and served with PrivateLink.
AWS Site-to-Site VPN with IKEv2 from CGW under NAT and served with PrivateLink.AWS Site-to-Site VPN with IKEv2 from CGW under NAT and served with PrivateLink.
AWS Site-to-Site VPN with IKEv2 from CGW under NAT and served with PrivateLink.
 
System Center 2012, Endpoint Protectionの運用
System Center 2012, Endpoint Protectionの運用System Center 2012, Endpoint Protectionの運用
System Center 2012, Endpoint Protectionの運用
 
SSH力をつけよう
SSH力をつけようSSH力をつけよう
SSH力をつけよう
 
SharePoint Online (365) vs SharePoint On-Premises
SharePoint Online (365) vs SharePoint On-PremisesSharePoint Online (365) vs SharePoint On-Premises
SharePoint Online (365) vs SharePoint On-Premises
 
從開源軟體的角度來聊聊資安應用 [2023/06/27] @資安五四三
從開源軟體的角度來聊聊資安應用 [2023/06/27] @資安五四三從開源軟體的角度來聊聊資安應用 [2023/06/27] @資安五四三
從開源軟體的角度來聊聊資安應用 [2023/06/27] @資安五四三
 
ストリーミングサービス研究グループ
ストリーミングサービス研究グループストリーミングサービス研究グループ
ストリーミングサービス研究グループ
 
適切な Azure AD 認証方式の選択の決め手
適切な Azure AD 認証方式の選択の決め手適切な Azure AD 認証方式の選択の決め手
適切な Azure AD 認証方式の選択の決め手
 
私がなぜZscalerに?
私がなぜZscalerに?私がなぜZscalerに?
私がなぜZscalerに?
 
開源x節流:企業應用經驗分享 (一)+(二) [2017/02/03] @臺中市政府
開源x節流:企業應用經驗分享 (一)+(二) [2017/02/03] @臺中市政府開源x節流:企業應用經驗分享 (一)+(二) [2017/02/03] @臺中市政府
開源x節流:企業應用經驗分享 (一)+(二) [2017/02/03] @臺中市政府
 
閉域網接続の技術入門
閉域網接続の技術入門閉域網接続の技術入門
閉域網接続の技術入門
 
Office 365 Mail migration strategies
Office 365 Mail migration strategiesOffice 365 Mail migration strategies
Office 365 Mail migration strategies
 
Proxmox VE 功能概觀、案例分享與實用工具 [2019/12/07] @Proxmox VE 中文使用者社團 2019 年會
Proxmox VE 功能概觀、案例分享與實用工具 [2019/12/07] @Proxmox VE 中文使用者社團 2019 年會Proxmox VE 功能概觀、案例分享與實用工具 [2019/12/07] @Proxmox VE 中文使用者社團 2019 年會
Proxmox VE 功能概觀、案例分享與實用工具 [2019/12/07] @Proxmox VE 中文使用者社團 2019 年會
 

Similar to MCT Summit Middle East 2021 - Exchange Hybrid - What, Why, and How

Microsoft Exchange 2013 Platform Options
Microsoft Exchange 2013 Platform OptionsMicrosoft Exchange 2013 Platform Options
Microsoft Exchange 2013 Platform Options
David J Rosenthal
 
Take a Leap into the Connected Cloud; 3 Trending Hybrid Cloud Scenarios
Take a Leap into the Connected Cloud; 3 Trending Hybrid Cloud ScenariosTake a Leap into the Connected Cloud; 3 Trending Hybrid Cloud Scenarios
Take a Leap into the Connected Cloud; 3 Trending Hybrid Cloud Scenarios
Gina Montgomery, V-TSP
 
Session 1: The SOAP Story
Session 1: The SOAP StorySession 1: The SOAP Story
Session 1: The SOAP Story
ukdpe
 
10135 a 12
10135 a 1210135 a 12
10135 a 12
Bố Su
 
1. WCF Services - Exam 70-487
1. WCF Services - Exam 70-4871. WCF Services - Exam 70-487
1. WCF Services - Exam 70-487
Bat Programmer
 
10135 a xb
10135 a xb10135 a xb
10135 a xb
Bố Su
 
Bpos Architectural Consideration Architectural Forum
Bpos Architectural Consideration Architectural ForumBpos Architectural Consideration Architectural Forum
Bpos Architectural Consideration Architectural Forum
ukdpe
 

Similar to MCT Summit Middle East 2021 - Exchange Hybrid - What, Why, and How (20)

Exchange Server Hybrid - Was, Warum und Wie
Exchange Server Hybrid - Was, Warum und WieExchange Server Hybrid - Was, Warum und Wie
Exchange Server Hybrid - Was, Warum und Wie
 
Microsoft Exchange 2013 Platform Options
Microsoft Exchange 2013 Platform OptionsMicrosoft Exchange 2013 Platform Options
Microsoft Exchange 2013 Platform Options
 
Take a Leap into the Connected Cloud; 3 Trending Hybrid Cloud Scenarios
Take a Leap into the Connected Cloud; 3 Trending Hybrid Cloud ScenariosTake a Leap into the Connected Cloud; 3 Trending Hybrid Cloud Scenarios
Take a Leap into the Connected Cloud; 3 Trending Hybrid Cloud Scenarios
 
Session 1: The SOAP Story
Session 1: The SOAP StorySession 1: The SOAP Story
Session 1: The SOAP Story
 
10135 a 12
10135 a 1210135 a 12
10135 a 12
 
1. WCF Services - Exam 70-487
1. WCF Services - Exam 70-4871. WCF Services - Exam 70-487
1. WCF Services - Exam 70-487
 
Application integration framework & Adaptor ppt
Application integration framework & Adaptor pptApplication integration framework & Adaptor ppt
Application integration framework & Adaptor ppt
 
Office Track: Exchange 2013 in the real world - Michael Van Horenbeeck
Office Track: Exchange 2013 in the real world - Michael Van HorenbeeckOffice Track: Exchange 2013 in the real world - Michael Van Horenbeeck
Office Track: Exchange 2013 in the real world - Michael Van Horenbeeck
 
WCF Fundamentals
WCF Fundamentals WCF Fundamentals
WCF Fundamentals
 
24 Hours Of Exchange Server 2007 ( Part 15 Of 24)
24 Hours Of Exchange Server 2007 ( Part 15 Of 24)24 Hours Of Exchange Server 2007 ( Part 15 Of 24)
24 Hours Of Exchange Server 2007 ( Part 15 Of 24)
 
10135 a xb
10135 a xb10135 a xb
10135 a xb
 
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage Service
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage ServiceNetwork Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage Service
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage Service
 
Bpos Architectural Consideration Architectural Forum
Bpos Architectural Consideration Architectural ForumBpos Architectural Consideration Architectural Forum
Bpos Architectural Consideration Architectural Forum
 
The Hitchhiker’s Guide to Hybrid Connectivity
The Hitchhiker’s Guide to Hybrid ConnectivityThe Hitchhiker’s Guide to Hybrid Connectivity
The Hitchhiker’s Guide to Hybrid Connectivity
 
Exchange 2003 / 2010 Notes from the Field
Exchange 2003 / 2010 Notes from the FieldExchange 2003 / 2010 Notes from the Field
Exchange 2003 / 2010 Notes from the Field
 
Exchange online real world migration challenges
Exchange online real world migration challengesExchange online real world migration challenges
Exchange online real world migration challenges
 
Telpro Integration
Telpro IntegrationTelpro Integration
Telpro Integration
 
Integration on windows azure
Integration on windows azureIntegration on windows azure
Integration on windows azure
 
HP: Implementácia cloudu s HP
HP: Implementácia cloudu s HPHP: Implementácia cloudu s HP
HP: Implementácia cloudu s HP
 
Ch03 cas
Ch03 casCh03 cas
Ch03 cas
 

More from Thomas Stensitzki

More from Thomas Stensitzki (20)

19. Treffen der Teams User Group Berlin
19. Treffen der Teams User Group Berlin19. Treffen der Teams User Group Berlin
19. Treffen der Teams User Group Berlin
 
Tech Talk 16 - Exchange Server 2019 CU12
Tech Talk 16 - Exchange Server 2019 CU12Tech Talk 16 - Exchange Server 2019 CU12
Tech Talk 16 - Exchange Server 2019 CU12
 
18. Treffen der Teams User Group Berlin
18. Treffen der Teams User Group Berlin18. Treffen der Teams User Group Berlin
18. Treffen der Teams User Group Berlin
 
Teams Nation 2022 - Securing Microsoft 365 data with service encryption
Teams Nation 2022 - Securing Microsoft 365 data with service encryptionTeams Nation 2022 - Securing Microsoft 365 data with service encryption
Teams Nation 2022 - Securing Microsoft 365 data with service encryption
 
17. Treffen der Teams User Group Berlin
17. Treffen der Teams User Group Berlin17. Treffen der Teams User Group Berlin
17. Treffen der Teams User Group Berlin
 
16. Treffen der Teams User Group Berlin
16. Treffen der Teams User Group Berlin16. Treffen der Teams User Group Berlin
16. Treffen der Teams User Group Berlin
 
EXUSG - 2021 - Q4 - Exchange Emergency Mitigation Service
EXUSG - 2021 - Q4 - Exchange Emergency Mitigation ServiceEXUSG - 2021 - Q4 - Exchange Emergency Mitigation Service
EXUSG - 2021 - Q4 - Exchange Emergency Mitigation Service
 
15. Treffen der Teams User Group Berlin
15. Treffen der Teams User Group Berlin15. Treffen der Teams User Group Berlin
15. Treffen der Teams User Group Berlin
 
Tech Talk 13 - Teams Admin Center - Einführung
Tech Talk 13 - Teams Admin Center - EinführungTech Talk 13 - Teams Admin Center - Einführung
Tech Talk 13 - Teams Admin Center - Einführung
 
14. Treffen der Teams User Group Berlin
14. Treffen der Teams User Group Berlin14. Treffen der Teams User Group Berlin
14. Treffen der Teams User Group Berlin
 
Tech Talk 12 - Exchange Server Support Life-Cycle
Tech Talk 12 - Exchange Server Support Life-CycleTech Talk 12 - Exchange Server Support Life-Cycle
Tech Talk 12 - Exchange Server Support Life-Cycle
 
12. Treffen der Teams User Group Berlin
12. Treffen der Teams User Group Berlin 12. Treffen der Teams User Group Berlin
12. Treffen der Teams User Group Berlin
 
EXUSG - Exchange Server vNEXT
EXUSG - Exchange Server vNEXTEXUSG - Exchange Server vNEXT
EXUSG - Exchange Server vNEXT
 
10. Treffen der Teams User Group Berlin
10. Treffen der Teams User Group Berlin10. Treffen der Teams User Group Berlin
10. Treffen der Teams User Group Berlin
 
Tech Talk 9 - Exchange Server vNEXT
Tech Talk 9 - Exchange Server vNEXTTech Talk 9 - Exchange Server vNEXT
Tech Talk 9 - Exchange Server vNEXT
 
Thomas' Tech Talk 7 - AD FS oder PTA
Thomas' Tech Talk 7 - AD FS oder PTAThomas' Tech Talk 7 - AD FS oder PTA
Thomas' Tech Talk 7 - AD FS oder PTA
 
Thomas' Tech Talk 4 - Lohnt sich ein Wechsel zu Exchange Server 2019?
Thomas' Tech Talk 4 - Lohnt sich ein Wechsel zu Exchange Server 2019?Thomas' Tech Talk 4 - Lohnt sich ein Wechsel zu Exchange Server 2019?
Thomas' Tech Talk 4 - Lohnt sich ein Wechsel zu Exchange Server 2019?
 
Thomas' Tech Talk 3 - Exchange Server Hybrid
Thomas' Tech Talk 3 - Exchange Server HybridThomas' Tech Talk 3 - Exchange Server Hybrid
Thomas' Tech Talk 3 - Exchange Server Hybrid
 
Thomas' Tech Talk 2 - Migration von Exchange Server zu Exchange Online
Thomas' Tech Talk 2 - Migration von Exchange Server zu Exchange OnlineThomas' Tech Talk 2 - Migration von Exchange Server zu Exchange Online
Thomas' Tech Talk 2 - Migration von Exchange Server zu Exchange Online
 
Externe Dienstleister und sicherer E-Mail-Versand
Externe Dienstleister und sicherer E-Mail-VersandExterne Dienstleister und sicherer E-Mail-Versand
Externe Dienstleister und sicherer E-Mail-Versand
 

Recently uploaded

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 

Recently uploaded (20)

Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Introduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDMIntroduction to use of FHIR Documents in ABDM
Introduction to use of FHIR Documents in ABDM
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)Introduction to Multilingual Retrieval Augmented Generation (RAG)
Introduction to Multilingual Retrieval Augmented Generation (RAG)
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 

MCT Summit Middle East 2021 - Exchange Hybrid - What, Why, and How

  • 2. Thomas Stensitzki Enterprise Consultant | Owner Granikos GmbH & Co. KG MVP | Office Apps & Services MCT Regional Lead Email thomas.stensitzki@granikos.eu Twitter @Stensitzki LinkedIn https://linkedin.com/in/thomasstensitzki Blog http://JustCantGetEnough.Granikos.eu Web https://www.stensitzki.de
  • 4. On-Premises Exchange Organization Microsoft 365 Exchange Online Hybrid Configuration  Trusted relationship between an on-premises Exchange Organization and Exchange Online  Hybrid connections for mail flow (SMTP), and service access (HTTPS) for Exchange hybrid functionality  Hybrid Configuration Wizard (HCW) activates and configures the hybrid mode of operation What is Exchange Hybrid?
  • 5. Hybrid Mode Classic Express Minimal Full Modern Minimal Full Exchange Hybrid Two Modes – Three Variants
  • 6. On-Premises Exchange Organization Hybrid Configuration Perimeter Network Microsoft 365 Exchange Online Azure AD Company Network SMTP HTTPS  Active Directory Hybrid with Azure AD Connect  Exchange Hybrid option enabled  SMTP Connection between On-Premises and Exchange Online  Separate hostname (e.g., smtp365.company.com)  Additional public IP address  TLS certificate for hostname  Edge Transport Role in perimeter network (1)  Alternatively, direct inbound connection (2)  Inbound HTTPS connection to Client Access Service  Internal Exchange Servers published by a Reverse Proxy  Requires additional public IP address  Outbound HTTPS connections to Exchange Online  Exchange Server communication to Exchange Online Classic Full Hybrid
  • 7.  Active Directory Hybrid with Azure AD Connect  Exchange Hybrid option enabled  SMTP Connection between On-Premises and Exchange Online  Separate hostname (e.g., smtp365.company.com)  Additional public IP address  TLS certificate for hostname  Edge Transport Role in perimeter network (1)  Alternatively, direct inbound connection (2)  Outbound HTTPS connections to Exchange Online  Exchange Hybrid-Agent Exchange Online to Exchange on-premises communication  Exchange Server communication to Exchange Online  Install additional Hybrid-Agents for redundancy Hybrid Configuration Perimeter Network Microsoft 365 Exchange Online Azure AD Company Network On-Premises Exchange Organization HTTPS SMTP Modern Full Hybrid
  • 8. Full Full classic hybrid configuration, Exchange server published to the internet (SMTP/HTTPS)  permanent hybrid operation and Teams access to on-premises Minimal Hybrid configuration, without rich coexistence to migrate all on-premises mailboxes to Exchange Online  temporary hybrid operation for a few weeks / months Express Hybrid configuration, with Azure AD Connect Express settings, to migrate all on-premises mailboxes to Exchange Online  temporary hybrid operation for a few days / weeks Full Full Modern Hybrid configuration, for new hybrid setups based on Hybrid Agent deployment, with reduced hybrid functionality  permanent hybrid operation Minimal Modern Hybrid configuration, to migrate all on-premises mailboxes to Exchange Online  temporary hybrid operation for a few weeks / months Exchange Hybrid The Differences
  • 9. Why do you need Exchange Hybrid?
  • 10.  Coexistence between your on-premises Exchange Organization and Exchange Online  Mailbox migration to and from Exchange Online  Seamless public folder migration to Exchange Online  Microsoft Teams with on-premises mailboxes (calendar access)  Transition from an on-premises Exchange Organization to Exchange Online  Optimal migration experience for end users  Centralized mail flow for use of on-premises email solutions with user mailboxes in Exchange Online  Gateway-based S/MIME decryption/encryption, email disclaimer, archiving, journaling, …  Hybrid mail flow providing email relay functionality for on-premises legacy applications and devices with  No access to the internet  No support for TLS protocols 1.0 or 1.1  No support for SMTPAUTH user authentication  No support for SMTP modern authentication Why do you need Exchange Hybrid?
  • 11.  On-Premises Exchange Server 2019 hybrid endpoint  Microsoft Teams backend services use AutoDiscover v2 to discover on-premises EWS and REST endpoints  Client Access Endpoint accessible for Microsoft Teams backend services  Always use latest Exchange Server cumulative update  In-Place upgrade capability for Exchange Server vNEXT (H2 2021)  Use Third-Party TLS-certificate with all required subject alternate names (SAN) for incoming HTTPS connections  AutoDiscover  Exchange namespace  Exchange Virtual Directory’s external URL-Settings  Use a dedicated Third-Party TLS-certificate for SMTP when using centralized mail flow  Enable and configure OAUTH authentication using Hybrid Configuration Wizard  Exchange team provides detailed information on how to configure OAUTH manually  AutoDiscover DNS resource records for SMTP domains used for primary email addresses  Use Exchange Server 2016 if you need a coexistence server only Exchange Hybrid Recommendations
  • 13.  Know the differences of the Exchange hybrid variants and modes of operation available  Know the mode of operation for your Exchange Organization and hybrid requirements  Have your on-premises Exchange organization ready for hybrid configuration  Install latest Exchange Server Cumulative Updates on all Exchange Servers, including Edge Transport  Have required IP addresses & DNS hostnames for the Exchange namespace set up  Verify inbound connectivity to your Exchange organization using Remote Connectivity Analyzer (RCA)  When your firewall policy is restricted for inbound traffic, add the RCA IP addresses to that policy  RCA release notes  Have Edge Transport TLS certificates installed on internal an Exchange Server for selection by HCW, when using Edge  Do NOT enable this certificate for any Exchange service  Enable Exchange Hybrid option in Azure AD Connect first Exchange Hybrid Requirtements
  • 14.  Click-2-Run Setup  https://aka.ms/HybridWizard  .application file type requires mapping to Internet Explorer  Note the HCW version information  Current: v17  Uninstall v16 first  HCW is updated regularly  HCW downloads a newer version automatically when started  HCW configuration steps vary depending on your Exchange Organization configuration Hybrid Configuration Wizard
  • 15.  HCW detects the optimal Exchange Server for configuration automatically  Specify a CAS server manually, if needed  Select the appropriate Office 365 target infrastructure  Office 365 Worldwide is the default for commercial customers Hybrid Configuration Wizard On-Premises Organization
  • 16.  HCW connects to on-premises Exchange and Exchange Online to gather the current organizational configuration  Adjust credentials as needed   Check, if WinRM allows Basic Authentication Hybrid Configuration Wizard Gathering Organization Configuration
  • 17.  Select hybrid features to configure  Minimal Hybrid  Full Hybrid  Enable Organization Configuration Transfer  One-time transfer of selected configuration objects  Available objects depend on the on-premises Exchange Server version Hybrid Organization Configuration Transfer Documentation Hybrid Configuration Wizard Hybrid Features
  • 18.  Select Hybrid Topology  Exchange Classic Hybrid  Exchange Modern Hybrid  Modern Hybrid uses the Modern Hybrid Agent  Azure Application Proxy-style component using HTTPS outbound connectivity only  Automatic download and installation of  Hybrid Updater  Hybrid Agent  HCW uninstalls and unregisters the Modern Hybrid Agent when switching from Modern Hybrid Hybrid Configuration Wizard Hybrid Topology
  • 19.  Configure hybrid mail flow  Direct to/from internal Exchange Servers  Via Edge Transport Servers in perimeter network, already subscribed to Active Directory site  Centralized mail flow  Route all mail flow to/from Exchange Online mailboxes via on-premises Exchange Organization Hybrid Configuration Wizard Hybrid Mail Flow
  • 20.  Select the Exchange server used for receiving email messages from Exchange Online  Select the Exchange Server published to the Internet  HCW configures the default frontend receive connector  HCW might select the wrong receive connector  You use additional receive connectors with a remote IP address range 0.0.0.0 – 255.255.255.255  The default frontend connector uses individual remote IP address ranges configuration  Compare TlsCertificateName and TlsDomainCapabilities connector properties afterwards Hybrid Configuration Wizard Receive Connector
  • 21.  Select Exchange server for sending email messages from the on-premises Exchange Organization to Exchange Online  HCW configures Send Connector  Exchange Server needs outbound connectivity to Exchange Online  EdgeSync transfers the Edge Servers’ Send Connector configuration (when using Edge Transport) Hybrid Configuration Wizard Send Connector
  • 22.  Select TLS certificate to secure the trusted mail flow between on-premises Exchange and Exchange Online  With Edge Transport  Ensure that the dedicated TLS certificate is installed in the certificate store of one of the internal Exchange servers  Import the TLS certificate prior to executing HCW into the local Exchange Server certificate store  Do NOT enable the TLS certificate for any Exchange service  Avoid using NAT between Edge Transport Servers and internal Exchange servers  Do NOT use TLS intercepting SMTP proxy servers Hybrid Configuration Wizard Transport Certificate
  • 23.  Enter the external FQDN of the Exchange Organization for inbound SMTP  Hostname should match TLS certificate  Hybrid mail flow requires Exchange to Exchange communication  Recommendation for centralized mail flow  Use a dedicated host name, IP address, and TLS certificate  Use Edge Transport Server(s) Hybrid Configuration Wizard Organization FQDN
  • 24.  Update and wait  If updating fails  HCW provides full log files  %appdata%RoamingMicrosoftExchange Hybrid Configuration  Log file contains all PowerShell configuration steps  Use Remote Connectivity Analyzer to check inbound connectivity  Issues  Remote connectivity  Firewall policies, proxy servers, DNS  WinRM Windows service configuration issues Hybrid Configuration Wizard
  • 26.  Microsoft Teams Client communicates with Teams Middle-Tier, not with Exchange directly  Microsoft Teams Middle-Tier contacts Exchange Online first  If user mailbox is not in Exchange Online, the Teams Backend receives an HTTP 302 Redirect to On-Premises  On-premises endpoint is always discovered using AutoDiscover v2  Exchange Redirect requires AAD Connect synchronization with Exchange Hybrid option enabled  Authentication requires OAuth between Exchange Server and Exchange Online / Azure AD  Use Hybrid Configuration Wizard to configure OAuth (preferred)  Microsoft Teams Backend requires communication with AutoDiscover, EWS, and REST endpoints Microsoft Teams and Exchange Server
  • 27.  When using many different SMTP domain names, you need a dedicated AutoDiscover v2 endpoint for each domain  Microsoft Teams backend services do not handle an on-premises HTTP 302 redirect correctly  Publish an AutoDiscover endpoint for each SMTP domain  Use an edge router if you cannot add all domains to a single SAN certificate, e.g., Traeffic  Check Microsoft Teams Coexistence mode with Skype for Business Online  Only Island, Teams Only, or Skype for Business with Teams Collaboration and Meeting support the calendar tab  Verify that the calendar tab is enabled in Teams App Policy  Ensure that Exchange Hybrid is enabled in Azure AD Connect Microsoft Teams and Exchange Server
  • 28. Thomas Stensitzki Enterprise Consultant | Owner Granikos GmbH & Co. KG MVP | Office Apps & Services Email thomas.stensitzki@granikos.eu Twitter @Stensitzki LinkedIn https://linkedin.com/in/thomasstensitzki Blog http://JustCantGetEnough.Granikos.eu Web https://www.stensitzki.de