SlideShare a Scribd company logo

MCT Summit Middle East 2021 - Exchange Hybrid - What, Why, and How

Download as PPTX, PDF
Thomas Stensitzki
Thomas Stensitzki

MCT Summit Middle East 2021 My session about Exchange Server Hybrid, the available options, and how you implement Exchange Hybrid.

Technology
1 of 28
WHAT IS EXCHANGE HYBRID?
Thomas Stensitzki Enterprise Consultant | Owner Granikos GmbH & Co. KG MVP | Office Apps & Services MCT Regional Lead Email thomas.stensitzki@granikos.eu Twitter @Stensitzki LinkedIn https://linkedin.com/in/thomasstensitzki Blog http://JustCantGetEnough.Granikos.eu Web https://www.stensitzki.de
What is Exchange Hybrid?
On-Premises Exchange Organization Microsoft 365 Exchange Online Hybrid Configuration  Trusted relationship between an on-premises Exchange Organization and Exchange Online  Hybrid connections for mail flow (SMTP), and service access (HTTPS) for Exchange hybrid functionality  Hybrid Configuration Wizard (HCW) activates and configures the hybrid mode of operation What is Exchange Hybrid?
Hybrid Mode Classic Express Minimal Full Modern Minimal Full Exchange Hybrid Two Modes – Three Variants
On-Premises Exchange Organization Hybrid Configuration Perimeter Network Microsoft 365 Exchange Online Azure AD Company Network SMTP HTTPS  Active Directory Hybrid with Azure AD Connect  Exchange Hybrid option enabled  SMTP Connection between On-Premises and Exchange Online  Separate hostname (e.g., smtp365.company.com)  Additional public IP address  TLS certificate for hostname  Edge Transport Role in perimeter network (1)  Alternatively, direct inbound connection (2)  Inbound HTTPS connection to Client Access Service  Internal Exchange Servers published by a Reverse Proxy  Requires additional public IP address  Outbound HTTPS connections to Exchange Online  Exchange Server communication to Exchange Online Classic Full Hybrid
 Active Directory Hybrid with Azure AD Connect  Exchange Hybrid option enabled  SMTP Connection between On-Premises and Exchange Online  Separate hostname (e.g., smtp365.company.com)  Additional public IP address  TLS certificate for hostname  Edge Transport Role in perimeter network (1)  Alternatively, direct inbound connection (2)  Outbound HTTPS connections to Exchange Online  Exchange Hybrid-Agent Exchange Online to Exchange on-premises communication  Exchange Server communication to Exchange Online  Install additional Hybrid-Agents for redundancy Hybrid Configuration Perimeter Network Microsoft 365 Exchange Online Azure AD Company Network On-Premises Exchange Organization HTTPS SMTP Modern Full Hybrid
Full Full classic hybrid configuration, Exchange server published to the internet (SMTP/HTTPS)  permanent hybrid operation and Teams access to on-premises Minimal Hybrid configuration, without rich coexistence to migrate all on-premises mailboxes to Exchange Online  temporary hybrid operation for a few weeks / months Express Hybrid configuration, with Azure AD Connect Express settings, to migrate all on-premises mailboxes to Exchange Online  temporary hybrid operation for a few days / weeks Full Full Modern Hybrid configuration, for new hybrid setups based on Hybrid Agent deployment, with reduced hybrid functionality  permanent hybrid operation Minimal Modern Hybrid configuration, to migrate all on-premises mailboxes to Exchange Online  temporary hybrid operation for a few weeks / months Exchange Hybrid The Differences
Why do you need Exchange Hybrid?
 Coexistence between your on-premises Exchange Organization and Exchange Online  Mailbox migration to and from Exchange Online  Seamless public folder migration to Exchange Online  Microsoft Teams with on-premises mailboxes (calendar access)  Transition from an on-premises Exchange Organization to Exchange Online  Optimal migration experience for end users  Centralized mail flow for use of on-premises email solutions with user mailboxes in Exchange Online  Gateway-based S/MIME decryption/encryption, email disclaimer, archiving, journaling, …  Hybrid mail flow providing email relay functionality for on-premises legacy applications and devices with  No access to the internet  No support for TLS protocols 1.0 or 1.1  No support for SMTPAUTH user authentication  No support for SMTP modern authentication Why do you need Exchange Hybrid?
 On-Premises Exchange Server 2019 hybrid endpoint  Microsoft Teams backend services use AutoDiscover v2 to discover on-premises EWS and REST endpoints  Client Access Endpoint accessible for Microsoft Teams backend services  Always use latest Exchange Server cumulative update  In-Place upgrade capability for Exchange Server vNEXT (H2 2021)  Use Third-Party TLS-certificate with all required subject alternate names (SAN) for incoming HTTPS connections  AutoDiscover  Exchange namespace  Exchange Virtual Directory’s external URL-Settings  Use a dedicated Third-Party TLS-certificate for SMTP when using centralized mail flow  Enable and configure OAUTH authentication using Hybrid Configuration Wizard  Exchange team provides detailed information on how to configure OAUTH manually  AutoDiscover DNS resource records for SMTP domains used for primary email addresses  Use Exchange Server 2016 if you need a coexistence server only Exchange Hybrid Recommendations
How to implement Exchange Hybrid?
 Know the differences of the Exchange hybrid variants and modes of operation available  Know the mode of operation for your Exchange Organization and hybrid requirements  Have your on-premises Exchange organization ready for hybrid configuration  Install latest Exchange Server Cumulative Updates on all Exchange Servers, including Edge Transport  Have required IP addresses & DNS hostnames for the Exchange namespace set up  Verify inbound connectivity to your Exchange organization using Remote Connectivity Analyzer (RCA)  When your firewall policy is restricted for inbound traffic, add the RCA IP addresses to that policy  RCA release notes  Have Edge Transport TLS certificates installed on internal an Exchange Server for selection by HCW, when using Edge  Do NOT enable this certificate for any Exchange service  Enable Exchange Hybrid option in Azure AD Connect first Exchange Hybrid Requirtements
 Click-2-Run Setup  https://aka.ms/HybridWizard  .application file type requires mapping to Internet Explorer  Note the HCW version information  Current: v17  Uninstall v16 first  HCW is updated regularly  HCW downloads a newer version automatically when started  HCW configuration steps vary depending on your Exchange Organization configuration Hybrid Configuration Wizard
 HCW detects the optimal Exchange Server for configuration automatically  Specify a CAS server manually, if needed  Select the appropriate Office 365 target infrastructure  Office 365 Worldwide is the default for commercial customers Hybrid Configuration Wizard On-Premises Organization
 HCW connects to on-premises Exchange and Exchange Online to gather the current organizational configuration  Adjust credentials as needed   Check, if WinRM allows Basic Authentication Hybrid Configuration Wizard Gathering Organization Configuration
 Select hybrid features to configure  Minimal Hybrid  Full Hybrid  Enable Organization Configuration Transfer  One-time transfer of selected configuration objects  Available objects depend on the on-premises Exchange Server version Hybrid Organization Configuration Transfer Documentation Hybrid Configuration Wizard Hybrid Features
 Select Hybrid Topology  Exchange Classic Hybrid  Exchange Modern Hybrid  Modern Hybrid uses the Modern Hybrid Agent  Azure Application Proxy-style component using HTTPS outbound connectivity only  Automatic download and installation of  Hybrid Updater  Hybrid Agent  HCW uninstalls and unregisters the Modern Hybrid Agent when switching from Modern Hybrid Hybrid Configuration Wizard Hybrid Topology
 Configure hybrid mail flow  Direct to/from internal Exchange Servers  Via Edge Transport Servers in perimeter network, already subscribed to Active Directory site  Centralized mail flow  Route all mail flow to/from Exchange Online mailboxes via on-premises Exchange Organization Hybrid Configuration Wizard Hybrid Mail Flow
 Select the Exchange server used for receiving email messages from Exchange Online  Select the Exchange Server published to the Internet  HCW configures the default frontend receive connector  HCW might select the wrong receive connector  You use additional receive connectors with a remote IP address range 0.0.0.0 – 255.255.255.255  The default frontend connector uses individual remote IP address ranges configuration  Compare TlsCertificateName and TlsDomainCapabilities connector properties afterwards Hybrid Configuration Wizard Receive Connector
 Select Exchange server for sending email messages from the on-premises Exchange Organization to Exchange Online  HCW configures Send Connector  Exchange Server needs outbound connectivity to Exchange Online  EdgeSync transfers the Edge Servers’ Send Connector configuration (when using Edge Transport) Hybrid Configuration Wizard Send Connector
 Select TLS certificate to secure the trusted mail flow between on-premises Exchange and Exchange Online  With Edge Transport  Ensure that the dedicated TLS certificate is installed in the certificate store of one of the internal Exchange servers  Import the TLS certificate prior to executing HCW into the local Exchange Server certificate store  Do NOT enable the TLS certificate for any Exchange service  Avoid using NAT between Edge Transport Servers and internal Exchange servers  Do NOT use TLS intercepting SMTP proxy servers Hybrid Configuration Wizard Transport Certificate
 Enter the external FQDN of the Exchange Organization for inbound SMTP  Hostname should match TLS certificate  Hybrid mail flow requires Exchange to Exchange communication  Recommendation for centralized mail flow  Use a dedicated host name, IP address, and TLS certificate  Use Edge Transport Server(s) Hybrid Configuration Wizard Organization FQDN
 Update and wait  If updating fails  HCW provides full log files  %appdata%RoamingMicrosoftExchange Hybrid Configuration  Log file contains all PowerShell configuration steps  Use Remote Connectivity Analyzer to check inbound connectivity  Issues  Remote connectivity  Firewall policies, proxy servers, DNS  WinRM Windows service configuration issues Hybrid Configuration Wizard
Microsoft Teams and Exchange Server
 Microsoft Teams Client communicates with Teams Middle-Tier, not with Exchange directly  Microsoft Teams Middle-Tier contacts Exchange Online first  If user mailbox is not in Exchange Online, the Teams Backend receives an HTTP 302 Redirect to On-Premises  On-premises endpoint is always discovered using AutoDiscover v2  Exchange Redirect requires AAD Connect synchronization with Exchange Hybrid option enabled  Authentication requires OAuth between Exchange Server and Exchange Online / Azure AD  Use Hybrid Configuration Wizard to configure OAuth (preferred)  Microsoft Teams Backend requires communication with AutoDiscover, EWS, and REST endpoints Microsoft Teams and Exchange Server
 When using many different SMTP domain names, you need a dedicated AutoDiscover v2 endpoint for each domain  Microsoft Teams backend services do not handle an on-premises HTTP 302 redirect correctly  Publish an AutoDiscover endpoint for each SMTP domain  Use an edge router if you cannot add all domains to a single SAN certificate, e.g., Traeffic  Check Microsoft Teams Coexistence mode with Skype for Business Online  Only Island, Teams Only, or Skype for Business with Teams Collaboration and Meeting support the calendar tab  Verify that the calendar tab is enabled in Teams App Policy  Ensure that Exchange Hybrid is enabled in Azure AD Connect Microsoft Teams and Exchange Server
Thomas Stensitzki Enterprise Consultant | Owner Granikos GmbH & Co. KG MVP | Office Apps & Services Email thomas.stensitzki@granikos.eu Twitter @Stensitzki LinkedIn https://linkedin.com/in/thomasstensitzki Blog http://JustCantGetEnough.Granikos.eu Web https://www.stensitzki.de

Recommended

Enterprise Integration - Solution Patterns From the Field
Enterprise Integration - Solution Patterns From the FieldEnterprise Integration - Solution Patterns From the Field
Enterprise Integration - Solution Patterns From the Field
Salesforce Developers
 
Azure Devops Build Tools for Powerapps
Azure Devops Build Tools for PowerappsAzure Devops Build Tools for Powerapps
Azure Devops Build Tools for Powerapps
Joost Veldhuis, MSc
 
Continuous deployment-at-flipkart
Continuous deployment-at-flipkartContinuous deployment-at-flipkart
Continuous deployment-at-flipkart
Pankaj Kaushal
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass Workshop
Aruba, a Hewlett Packard Enterprise company
 
Massive Lift & Shift Migrations to Microsoft Azure with the Microsoft Migrati...
Massive Lift & Shift Migrations to Microsoft Azure with the Microsoft Migrati...Massive Lift & Shift Migrations to Microsoft Azure with the Microsoft Migrati...
Massive Lift & Shift Migrations to Microsoft Azure with the Microsoft Migrati...
Morgan Simonsen
 
Azure WAF
Azure WAFAzure WAF
Azure WAF
Cheah Eng Soon
 
Microsoft intune
Microsoft intuneMicrosoft intune
Microsoft intune
ManishKumar959920
 
Bots, adaptive cards, task module, message extensions in microsoft teams
Bots, adaptive cards, task module, message extensions in microsoft teamsBots, adaptive cards, task module, message extensions in microsoft teams
Bots, adaptive cards, task module, message extensions in microsoft teams
Jenkins NS
 

Recommended

Enterprise Integration - Solution Patterns From the Field
Enterprise Integration - Solution Patterns From the FieldEnterprise Integration - Solution Patterns From the Field
Enterprise Integration - Solution Patterns From the Field
Salesforce Developers
 
Azure Devops Build Tools for Powerapps
Azure Devops Build Tools for PowerappsAzure Devops Build Tools for Powerapps
Azure Devops Build Tools for Powerapps
Joost Veldhuis, MSc
 
Continuous deployment-at-flipkart
Continuous deployment-at-flipkartContinuous deployment-at-flipkart
Continuous deployment-at-flipkart
Pankaj Kaushal
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass Workshop
Aruba, a Hewlett Packard Enterprise company
 
Massive Lift & Shift Migrations to Microsoft Azure with the Microsoft Migrati...
Massive Lift & Shift Migrations to Microsoft Azure with the Microsoft Migrati...Massive Lift & Shift Migrations to Microsoft Azure with the Microsoft Migrati...
Massive Lift & Shift Migrations to Microsoft Azure with the Microsoft Migrati...
Morgan Simonsen
 
Azure WAF
Azure WAFAzure WAF
Azure WAF
Cheah Eng Soon
 
Microsoft intune
Microsoft intuneMicrosoft intune
Microsoft intune
ManishKumar959920
 
Bots, adaptive cards, task module, message extensions in microsoft teams
Bots, adaptive cards, task module, message extensions in microsoft teamsBots, adaptive cards, task module, message extensions in microsoft teams
Bots, adaptive cards, task module, message extensions in microsoft teams
Jenkins NS
 
Cloud frontの概要と勘所
Cloud frontの概要と勘所Cloud frontの概要と勘所
Cloud frontの概要と勘所
Kei Hirata
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS
Amazon Web Services
 
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
Neeraj Kumar
 
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUGAzure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Roy Kim
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOps
Allied Consultants
 
Azure 101
Azure 101Azure 101
Azure 101
Korry Lavoie
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio update
Atanas Gergiminov
 
Azure Site Recovery - BC/DR - Migrations & assessments in 60 minutes!
Azure Site Recovery - BC/DR - Migrations & assessments in 60 minutes!Azure Site Recovery - BC/DR - Migrations & assessments in 60 minutes!
Azure Site Recovery - BC/DR - Migrations & assessments in 60 minutes!
Johan Biere
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorial
mestery
 
Maturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsMaturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOps
Amazon Web Services
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
Robert Crane
 
Cloud-Native Microservices using Helidon
Cloud-Native Microservices using HelidonCloud-Native Microservices using Helidon
Cloud-Native Microservices using Helidon
Sven Bernhardt
 
Microsoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloudMicrosoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloud
Atanas Gergiminov
 
Migrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceMigrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with Confidence
David J Rosenthal
 
Liferay as a Microservice Platform
Liferay as a Microservice PlatformLiferay as a Microservice Platform
Liferay as a Microservice Platform
Daniel Reuther
 
Office 365 Mail migration strategies
Office 365 Mail migration strategiesOffice 365 Mail migration strategies
Office 365 Mail migration strategies
Fulvio Salanitro
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip Verloy
Filip Verloy
 
[AWSマイスターシリーズ] Amazon CloudFront / Amazon Elastic Transcoderによるコンテンツ配信
[AWSマイスターシリーズ] Amazon CloudFront / Amazon Elastic Transcoderによるコンテンツ配信[AWSマイスターシリーズ] Amazon CloudFront / Amazon Elastic Transcoderによるコンテンツ配信
[AWSマイスターシリーズ] Amazon CloudFront / Amazon Elastic Transcoderによるコンテンツ配信
Amazon Web Services Japan
 
[SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能!
[SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能![SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能!
[SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能!
TAKUYA OHTA
 
AWS Black Belt Techシリーズ Amazon SES
AWS Black Belt Techシリーズ Amazon SESAWS Black Belt Techシリーズ Amazon SES
AWS Black Belt Techシリーズ Amazon SES
Amazon Web Services Japan
 
Exchange Server Hybrid - Was, Warum und Wie
Exchange Server Hybrid - Was, Warum und WieExchange Server Hybrid - Was, Warum und Wie
Exchange Server Hybrid - Was, Warum und Wie
Thomas Stensitzki
 
Microsoft Exchange 2013 Platform Options
Microsoft Exchange 2013 Platform OptionsMicrosoft Exchange 2013 Platform Options
Microsoft Exchange 2013 Platform Options
David J Rosenthal
 

More Related Content

What's hot

(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS
Amazon Web Services
 
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUGAzure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Roy Kim
 
Cloud-Native Microservices using Helidon
Cloud-Native Microservices using HelidonCloud-Native Microservices using Helidon
Cloud-Native Microservices using Helidon
Sven Bernhardt
 
[AWSマイスターシリーズ] Amazon CloudFront / Amazon Elastic Transcoderによるコンテンツ配信
[AWSマイスターシリーズ] Amazon CloudFront / Amazon Elastic Transcoderによるコンテンツ配信[AWSマイスターシリーズ] Amazon CloudFront / Amazon Elastic Transcoderによるコンテンツ配信
[AWSマイスターシリーズ] Amazon CloudFront / Amazon Elastic Transcoderによるコンテンツ配信
Amazon Web Services Japan
 

What's hot (20)

Cloud frontの概要と勘所
Cloud frontの概要と勘所Cloud frontの概要と勘所
Cloud frontの概要と勘所
 
(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS(NET405) Build a Remote Access VPN Solution on AWS
(NET405) Build a Remote Access VPN Solution on AWS
 
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
Part 03: Azure Virtual Networks – Understanding and Creating Point-to-Site VP...
 
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUGAzure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
Azure AD App Proxy Login Scenarios with an On Premises Applications - TSPUG
 
Azure DevOps
Azure DevOpsAzure DevOps
Azure DevOps
 
Azure 101
Azure 101Azure 101
Azure 101
 
Cisco Security portfolio update
Cisco Security portfolio updateCisco Security portfolio update
Cisco Security portfolio update
 
Azure Site Recovery - BC/DR - Migrations & assessments in 60 minutes!
Azure Site Recovery - BC/DR - Migrations & assessments in 60 minutes!Azure Site Recovery - BC/DR - Migrations & assessments in 60 minutes!
Azure Site Recovery - BC/DR - Migrations & assessments in 60 minutes!
 
OpenStack Neutron Tutorial
OpenStack Neutron TutorialOpenStack Neutron Tutorial
OpenStack Neutron Tutorial
 
Maturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOpsMaturing your organization from DevOps to DevSecOps
Maturing your organization from DevOps to DevSecOps
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
 
Cloud-Native Microservices using Helidon
Cloud-Native Microservices using HelidonCloud-Native Microservices using Helidon
Cloud-Native Microservices using Helidon
 
Microsoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloudMicrosoft Azure - Introduction to microsoft's public cloud
Microsoft Azure - Introduction to microsoft's public cloud
 
Migrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with ConfidenceMigrate to Microsoft Azure with Confidence
Migrate to Microsoft Azure with Confidence
 
Liferay as a Microservice Platform
Liferay as a Microservice PlatformLiferay as a Microservice Platform
Liferay as a Microservice Platform
 
Office 365 Mail migration strategies
Office 365 Mail migration strategiesOffice 365 Mail migration strategies
Office 365 Mail migration strategies
 
VMUGbe 21 Filip Verloy
VMUGbe 21 Filip VerloyVMUGbe 21 Filip Verloy
VMUGbe 21 Filip Verloy
 
[AWSマイスターシリーズ] Amazon CloudFront / Amazon Elastic Transcoderによるコンテンツ配信
[AWSマイスターシリーズ] Amazon CloudFront / Amazon Elastic Transcoderによるコンテンツ配信[AWSマイスターシリーズ] Amazon CloudFront / Amazon Elastic Transcoderによるコンテンツ配信
[AWSマイスターシリーズ] Amazon CloudFront / Amazon Elastic Transcoderによるコンテンツ配信
 
[SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能!
[SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能![SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能!
[SCCM 友の会] System Center Configuration Manager この秋おさえておきたい最新機能!
 
AWS Black Belt Techシリーズ Amazon SES
AWS Black Belt Techシリーズ Amazon SESAWS Black Belt Techシリーズ Amazon SES
AWS Black Belt Techシリーズ Amazon SES
 

Similar to MCT Summit Middle East 2021 - Exchange Hybrid - What, Why, and How

Microsoft Exchange 2013 Platform Options
Microsoft Exchange 2013 Platform OptionsMicrosoft Exchange 2013 Platform Options
Microsoft Exchange 2013 Platform Options
David J Rosenthal
 
Take a Leap into the Connected Cloud; 3 Trending Hybrid Cloud Scenarios
Take a Leap into the Connected Cloud; 3 Trending Hybrid Cloud ScenariosTake a Leap into the Connected Cloud; 3 Trending Hybrid Cloud Scenarios
Take a Leap into the Connected Cloud; 3 Trending Hybrid Cloud Scenarios
Gina Montgomery, V-TSP
 
Session 1: The SOAP Story
Session 1: The SOAP StorySession 1: The SOAP Story
Session 1: The SOAP Story
ukdpe
 
10135 a 12
10135 a 1210135 a 12
10135 a 12
Bố Su
 
1. WCF Services - Exam 70-487
1. WCF Services - Exam 70-4871. WCF Services - Exam 70-487
1. WCF Services - Exam 70-487
Bat Programmer
 
10135 a xb
10135 a xb10135 a xb
10135 a xb
Bố Su
 
Bpos Architectural Consideration Architectural Forum
Bpos Architectural Consideration Architectural ForumBpos Architectural Consideration Architectural Forum
Bpos Architectural Consideration Architectural Forum
ukdpe
 

Similar to MCT Summit Middle East 2021 - Exchange Hybrid - What, Why, and How (20)

Exchange Server Hybrid - Was, Warum und Wie
Exchange Server Hybrid - Was, Warum und WieExchange Server Hybrid - Was, Warum und Wie
Exchange Server Hybrid - Was, Warum und Wie
 
Microsoft Exchange 2013 Platform Options
Microsoft Exchange 2013 Platform OptionsMicrosoft Exchange 2013 Platform Options
Microsoft Exchange 2013 Platform Options
 
Take a Leap into the Connected Cloud; 3 Trending Hybrid Cloud Scenarios
Take a Leap into the Connected Cloud; 3 Trending Hybrid Cloud ScenariosTake a Leap into the Connected Cloud; 3 Trending Hybrid Cloud Scenarios
Take a Leap into the Connected Cloud; 3 Trending Hybrid Cloud Scenarios
 
Office 365: Migrating Your Business to Office 365!
Office 365: Migrating Your Business to Office 365!Office 365: Migrating Your Business to Office 365!
Office 365: Migrating Your Business to Office 365!
 
Session 1: The SOAP Story
Session 1: The SOAP StorySession 1: The SOAP Story
Session 1: The SOAP Story
 
10135 a 12
10135 a 1210135 a 12
10135 a 12
 
1. WCF Services - Exam 70-487
1. WCF Services - Exam 70-4871. WCF Services - Exam 70-487
1. WCF Services - Exam 70-487
 
Application integration framework & Adaptor ppt
Application integration framework & Adaptor pptApplication integration framework & Adaptor ppt
Application integration framework & Adaptor ppt
 
Office Track: Exchange 2013 in the real world - Michael Van Horenbeeck
Office Track: Exchange 2013 in the real world - Michael Van HorenbeeckOffice Track: Exchange 2013 in the real world - Michael Van Horenbeeck
Office Track: Exchange 2013 in the real world - Michael Van Horenbeeck
 
WCF Fundamentals
WCF Fundamentals WCF Fundamentals
WCF Fundamentals
 
24 Hours Of Exchange Server 2007 ( Part 15 Of 24)
24 Hours Of Exchange Server 2007 ( Part 15 Of 24)24 Hours Of Exchange Server 2007 ( Part 15 Of 24)
24 Hours Of Exchange Server 2007 ( Part 15 Of 24)
 
10135 a xb
10135 a xb10135 a xb
10135 a xb
 
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage Service
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage ServiceNetwork Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage Service
Network Setup Guide: Deploying Your Cloudian HyperStore Hybrid Storage Service
 
Bpos Architectural Consideration Architectural Forum
Bpos Architectural Consideration Architectural ForumBpos Architectural Consideration Architectural Forum
Bpos Architectural Consideration Architectural Forum
 
The Hitchhiker’s Guide to Hybrid Connectivity
The Hitchhiker’s Guide to Hybrid ConnectivityThe Hitchhiker’s Guide to Hybrid Connectivity
The Hitchhiker’s Guide to Hybrid Connectivity
 
Exchange 2003 / 2010 Notes from the Field
Exchange 2003 / 2010 Notes from the FieldExchange 2003 / 2010 Notes from the Field
Exchange 2003 / 2010 Notes from the Field
 
Exchange online real world migration challenges
Exchange online real world migration challengesExchange online real world migration challenges
Exchange online real world migration challenges
 
Telpro Integration
Telpro IntegrationTelpro Integration
Telpro Integration
 
Integration on windows azure
Integration on windows azureIntegration on windows azure
Integration on windows azure
 
HP: Implementácia cloudu s HP
HP: Implementácia cloudu s HPHP: Implementácia cloudu s HP
HP: Implementácia cloudu s HP
 

More from Thomas Stensitzki

More from Thomas Stensitzki (20)

19. Treffen der Teams User Group Berlin
19. Treffen der Teams User Group Berlin19. Treffen der Teams User Group Berlin
19. Treffen der Teams User Group Berlin
 
Tech Talk 16 - Exchange Server 2019 CU12
Tech Talk 16 - Exchange Server 2019 CU12Tech Talk 16 - Exchange Server 2019 CU12
Tech Talk 16 - Exchange Server 2019 CU12
 
18. Treffen der Teams User Group Berlin
18. Treffen der Teams User Group Berlin18. Treffen der Teams User Group Berlin
18. Treffen der Teams User Group Berlin
 
Teams Nation 2022 - Securing Microsoft 365 data with service encryption
Teams Nation 2022 - Securing Microsoft 365 data with service encryptionTeams Nation 2022 - Securing Microsoft 365 data with service encryption
Teams Nation 2022 - Securing Microsoft 365 data with service encryption
 
17. Treffen der Teams User Group Berlin
17. Treffen der Teams User Group Berlin17. Treffen der Teams User Group Berlin
17. Treffen der Teams User Group Berlin
 
16. Treffen der Teams User Group Berlin
16. Treffen der Teams User Group Berlin16. Treffen der Teams User Group Berlin
16. Treffen der Teams User Group Berlin
 
EXUSG - 2021 - Q4 - Exchange Emergency Mitigation Service
EXUSG - 2021 - Q4 - Exchange Emergency Mitigation ServiceEXUSG - 2021 - Q4 - Exchange Emergency Mitigation Service
EXUSG - 2021 - Q4 - Exchange Emergency Mitigation Service
 
15. Treffen der Teams User Group Berlin
15. Treffen der Teams User Group Berlin15. Treffen der Teams User Group Berlin
15. Treffen der Teams User Group Berlin
 
Tech Talk 13 - Teams Admin Center - Einführung
Tech Talk 13 - Teams Admin Center - EinführungTech Talk 13 - Teams Admin Center - Einführung
Tech Talk 13 - Teams Admin Center - Einführung
 
14. Treffen der Teams User Group Berlin
14. Treffen der Teams User Group Berlin14. Treffen der Teams User Group Berlin
14. Treffen der Teams User Group Berlin
 
Tech Talk 12 - Exchange Server Support Life-Cycle
Tech Talk 12 - Exchange Server Support Life-CycleTech Talk 12 - Exchange Server Support Life-Cycle
Tech Talk 12 - Exchange Server Support Life-Cycle
 
12. Treffen der Teams User Group Berlin
12. Treffen der Teams User Group Berlin 12. Treffen der Teams User Group Berlin
12. Treffen der Teams User Group Berlin
 
EXUSG - Exchange Server vNEXT
EXUSG - Exchange Server vNEXTEXUSG - Exchange Server vNEXT
EXUSG - Exchange Server vNEXT
 
10. Treffen der Teams User Group Berlin
10. Treffen der Teams User Group Berlin10. Treffen der Teams User Group Berlin
10. Treffen der Teams User Group Berlin
 
Tech Talk 9 - Exchange Server vNEXT
Tech Talk 9 - Exchange Server vNEXTTech Talk 9 - Exchange Server vNEXT
Tech Talk 9 - Exchange Server vNEXT
 
Thomas' Tech Talk 7 - AD FS oder PTA
Thomas' Tech Talk 7 - AD FS oder PTAThomas' Tech Talk 7 - AD FS oder PTA
Thomas' Tech Talk 7 - AD FS oder PTA
 
Thomas' Tech Talk 4 - Lohnt sich ein Wechsel zu Exchange Server 2019?
Thomas' Tech Talk 4 - Lohnt sich ein Wechsel zu Exchange Server 2019?Thomas' Tech Talk 4 - Lohnt sich ein Wechsel zu Exchange Server 2019?
Thomas' Tech Talk 4 - Lohnt sich ein Wechsel zu Exchange Server 2019?
 
Thomas' Tech Talk 3 - Exchange Server Hybrid
Thomas' Tech Talk 3 - Exchange Server HybridThomas' Tech Talk 3 - Exchange Server Hybrid
Thomas' Tech Talk 3 - Exchange Server Hybrid
 
Thomas' Tech Talk 2 - Migration von Exchange Server zu Exchange Online
Thomas' Tech Talk 2 - Migration von Exchange Server zu Exchange OnlineThomas' Tech Talk 2 - Migration von Exchange Server zu Exchange Online
Thomas' Tech Talk 2 - Migration von Exchange Server zu Exchange Online
 
Externe Dienstleister und sicherer E-Mail-Versand
Externe Dienstleister und sicherer E-Mail-VersandExterne Dienstleister und sicherer E-Mail-Versand
Externe Dienstleister und sicherer E-Mail-Versand
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 

Recently uploaded (20)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 

MCT Summit Middle East 2021 - Exchange Hybrid - What, Why, and How

  • 2. Thomas Stensitzki Enterprise Consultant | Owner Granikos GmbH & Co. KG MVP | Office Apps & Services MCT Regional Lead Email thomas.stensitzki@granikos.eu Twitter @Stensitzki LinkedIn https://linkedin.com/in/thomasstensitzki Blog http://JustCantGetEnough.Granikos.eu Web https://www.stensitzki.de
  • 4. On-Premises Exchange Organization Microsoft 365 Exchange Online Hybrid Configuration  Trusted relationship between an on-premises Exchange Organization and Exchange Online  Hybrid connections for mail flow (SMTP), and service access (HTTPS) for Exchange hybrid functionality  Hybrid Configuration Wizard (HCW) activates and configures the hybrid mode of operation What is Exchange Hybrid?
  • 5. Hybrid Mode Classic Express Minimal Full Modern Minimal Full Exchange Hybrid Two Modes – Three Variants
  • 6. On-Premises Exchange Organization Hybrid Configuration Perimeter Network Microsoft 365 Exchange Online Azure AD Company Network SMTP HTTPS  Active Directory Hybrid with Azure AD Connect  Exchange Hybrid option enabled  SMTP Connection between On-Premises and Exchange Online  Separate hostname (e.g., smtp365.company.com)  Additional public IP address  TLS certificate for hostname  Edge Transport Role in perimeter network (1)  Alternatively, direct inbound connection (2)  Inbound HTTPS connection to Client Access Service  Internal Exchange Servers published by a Reverse Proxy  Requires additional public IP address  Outbound HTTPS connections to Exchange Online  Exchange Server communication to Exchange Online Classic Full Hybrid
  • 7.  Active Directory Hybrid with Azure AD Connect  Exchange Hybrid option enabled  SMTP Connection between On-Premises and Exchange Online  Separate hostname (e.g., smtp365.company.com)  Additional public IP address  TLS certificate for hostname  Edge Transport Role in perimeter network (1)  Alternatively, direct inbound connection (2)  Outbound HTTPS connections to Exchange Online  Exchange Hybrid-Agent Exchange Online to Exchange on-premises communication  Exchange Server communication to Exchange Online  Install additional Hybrid-Agents for redundancy Hybrid Configuration Perimeter Network Microsoft 365 Exchange Online Azure AD Company Network On-Premises Exchange Organization HTTPS SMTP Modern Full Hybrid
  • 8. Full Full classic hybrid configuration, Exchange server published to the internet (SMTP/HTTPS)  permanent hybrid operation and Teams access to on-premises Minimal Hybrid configuration, without rich coexistence to migrate all on-premises mailboxes to Exchange Online  temporary hybrid operation for a few weeks / months Express Hybrid configuration, with Azure AD Connect Express settings, to migrate all on-premises mailboxes to Exchange Online  temporary hybrid operation for a few days / weeks Full Full Modern Hybrid configuration, for new hybrid setups based on Hybrid Agent deployment, with reduced hybrid functionality  permanent hybrid operation Minimal Modern Hybrid configuration, to migrate all on-premises mailboxes to Exchange Online  temporary hybrid operation for a few weeks / months Exchange Hybrid The Differences
  • 9. Why do you need Exchange Hybrid?
  • 10.  Coexistence between your on-premises Exchange Organization and Exchange Online  Mailbox migration to and from Exchange Online  Seamless public folder migration to Exchange Online  Microsoft Teams with on-premises mailboxes (calendar access)  Transition from an on-premises Exchange Organization to Exchange Online  Optimal migration experience for end users  Centralized mail flow for use of on-premises email solutions with user mailboxes in Exchange Online  Gateway-based S/MIME decryption/encryption, email disclaimer, archiving, journaling, …  Hybrid mail flow providing email relay functionality for on-premises legacy applications and devices with  No access to the internet  No support for TLS protocols 1.0 or 1.1  No support for SMTPAUTH user authentication  No support for SMTP modern authentication Why do you need Exchange Hybrid?
  • 11.  On-Premises Exchange Server 2019 hybrid endpoint  Microsoft Teams backend services use AutoDiscover v2 to discover on-premises EWS and REST endpoints  Client Access Endpoint accessible for Microsoft Teams backend services  Always use latest Exchange Server cumulative update  In-Place upgrade capability for Exchange Server vNEXT (H2 2021)  Use Third-Party TLS-certificate with all required subject alternate names (SAN) for incoming HTTPS connections  AutoDiscover  Exchange namespace  Exchange Virtual Directory’s external URL-Settings  Use a dedicated Third-Party TLS-certificate for SMTP when using centralized mail flow  Enable and configure OAUTH authentication using Hybrid Configuration Wizard  Exchange team provides detailed information on how to configure OAUTH manually  AutoDiscover DNS resource records for SMTP domains used for primary email addresses  Use Exchange Server 2016 if you need a coexistence server only Exchange Hybrid Recommendations
  • 13.  Know the differences of the Exchange hybrid variants and modes of operation available  Know the mode of operation for your Exchange Organization and hybrid requirements  Have your on-premises Exchange organization ready for hybrid configuration  Install latest Exchange Server Cumulative Updates on all Exchange Servers, including Edge Transport  Have required IP addresses & DNS hostnames for the Exchange namespace set up  Verify inbound connectivity to your Exchange organization using Remote Connectivity Analyzer (RCA)  When your firewall policy is restricted for inbound traffic, add the RCA IP addresses to that policy  RCA release notes  Have Edge Transport TLS certificates installed on internal an Exchange Server for selection by HCW, when using Edge  Do NOT enable this certificate for any Exchange service  Enable Exchange Hybrid option in Azure AD Connect first Exchange Hybrid Requirtements
  • 14.  Click-2-Run Setup  https://aka.ms/HybridWizard  .application file type requires mapping to Internet Explorer  Note the HCW version information  Current: v17  Uninstall v16 first  HCW is updated regularly  HCW downloads a newer version automatically when started  HCW configuration steps vary depending on your Exchange Organization configuration Hybrid Configuration Wizard
  • 15.  HCW detects the optimal Exchange Server for configuration automatically  Specify a CAS server manually, if needed  Select the appropriate Office 365 target infrastructure  Office 365 Worldwide is the default for commercial customers Hybrid Configuration Wizard On-Premises Organization
  • 16.  HCW connects to on-premises Exchange and Exchange Online to gather the current organizational configuration  Adjust credentials as needed   Check, if WinRM allows Basic Authentication Hybrid Configuration Wizard Gathering Organization Configuration
  • 17.  Select hybrid features to configure  Minimal Hybrid  Full Hybrid  Enable Organization Configuration Transfer  One-time transfer of selected configuration objects  Available objects depend on the on-premises Exchange Server version Hybrid Organization Configuration Transfer Documentation Hybrid Configuration Wizard Hybrid Features
  • 18.  Select Hybrid Topology  Exchange Classic Hybrid  Exchange Modern Hybrid  Modern Hybrid uses the Modern Hybrid Agent  Azure Application Proxy-style component using HTTPS outbound connectivity only  Automatic download and installation of  Hybrid Updater  Hybrid Agent  HCW uninstalls and unregisters the Modern Hybrid Agent when switching from Modern Hybrid Hybrid Configuration Wizard Hybrid Topology
  • 19.  Configure hybrid mail flow  Direct to/from internal Exchange Servers  Via Edge Transport Servers in perimeter network, already subscribed to Active Directory site  Centralized mail flow  Route all mail flow to/from Exchange Online mailboxes via on-premises Exchange Organization Hybrid Configuration Wizard Hybrid Mail Flow
  • 20.  Select the Exchange server used for receiving email messages from Exchange Online  Select the Exchange Server published to the Internet  HCW configures the default frontend receive connector  HCW might select the wrong receive connector  You use additional receive connectors with a remote IP address range 0.0.0.0 – 255.255.255.255  The default frontend connector uses individual remote IP address ranges configuration  Compare TlsCertificateName and TlsDomainCapabilities connector properties afterwards Hybrid Configuration Wizard Receive Connector
  • 21.  Select Exchange server for sending email messages from the on-premises Exchange Organization to Exchange Online  HCW configures Send Connector  Exchange Server needs outbound connectivity to Exchange Online  EdgeSync transfers the Edge Servers’ Send Connector configuration (when using Edge Transport) Hybrid Configuration Wizard Send Connector
  • 22.  Select TLS certificate to secure the trusted mail flow between on-premises Exchange and Exchange Online  With Edge Transport  Ensure that the dedicated TLS certificate is installed in the certificate store of one of the internal Exchange servers  Import the TLS certificate prior to executing HCW into the local Exchange Server certificate store  Do NOT enable the TLS certificate for any Exchange service  Avoid using NAT between Edge Transport Servers and internal Exchange servers  Do NOT use TLS intercepting SMTP proxy servers Hybrid Configuration Wizard Transport Certificate
  • 23.  Enter the external FQDN of the Exchange Organization for inbound SMTP  Hostname should match TLS certificate  Hybrid mail flow requires Exchange to Exchange communication  Recommendation for centralized mail flow  Use a dedicated host name, IP address, and TLS certificate  Use Edge Transport Server(s) Hybrid Configuration Wizard Organization FQDN
  • 24.  Update and wait  If updating fails  HCW provides full log files  %appdata%RoamingMicrosoftExchange Hybrid Configuration  Log file contains all PowerShell configuration steps  Use Remote Connectivity Analyzer to check inbound connectivity  Issues  Remote connectivity  Firewall policies, proxy servers, DNS  WinRM Windows service configuration issues Hybrid Configuration Wizard
  • 26.  Microsoft Teams Client communicates with Teams Middle-Tier, not with Exchange directly  Microsoft Teams Middle-Tier contacts Exchange Online first  If user mailbox is not in Exchange Online, the Teams Backend receives an HTTP 302 Redirect to On-Premises  On-premises endpoint is always discovered using AutoDiscover v2  Exchange Redirect requires AAD Connect synchronization with Exchange Hybrid option enabled  Authentication requires OAuth between Exchange Server and Exchange Online / Azure AD  Use Hybrid Configuration Wizard to configure OAuth (preferred)  Microsoft Teams Backend requires communication with AutoDiscover, EWS, and REST endpoints Microsoft Teams and Exchange Server
  • 27.  When using many different SMTP domain names, you need a dedicated AutoDiscover v2 endpoint for each domain  Microsoft Teams backend services do not handle an on-premises HTTP 302 redirect correctly  Publish an AutoDiscover endpoint for each SMTP domain  Use an edge router if you cannot add all domains to a single SAN certificate, e.g., Traeffic  Check Microsoft Teams Coexistence mode with Skype for Business Online  Only Island, Teams Only, or Skype for Business with Teams Collaboration and Meeting support the calendar tab  Verify that the calendar tab is enabled in Teams App Policy  Ensure that Exchange Hybrid is enabled in Azure AD Connect Microsoft Teams and Exchange Server
  • 28. Thomas Stensitzki Enterprise Consultant | Owner Granikos GmbH & Co. KG MVP | Office Apps & Services Email thomas.stensitzki@granikos.eu Twitter @Stensitzki LinkedIn https://linkedin.com/in/thomasstensitzki Blog http://JustCantGetEnough.Granikos.eu Web https://www.stensitzki.de