Hi @Ramki ,
1.Agree with above. It depends on the location of your mailbox.
1)If all mailboxes has been migrated to Exchange online. You could set up the Autodiscover DNS records point to Exchange online instead of to on-premises. And run the following command to remove the Servcie Connection Point(SCP) values on your Exchange servers.
Get-ClientAccessService | Set-ClientAccessService -AutoDiscoverServiceInternalUri $Null
For more information, please refer to the scenario two in this article: How and when to decommission your on-premises Exchange servers in a hybrid deployment
2)If there are mailboxes located on the on-premises Exchange server. We need point autodiscover record to On-premise Exchange server. For On-premise mailbox, it remain use previous autodiscover lookup behavior to find endpoint and access to Exchange. For migrated mailbox, autodiscover service will redirect On-premise autodiscover record to Office 365 (autodiscover-s.outlook.com), and access to Office 365.
2.Regarding the certificate error. Generally, there are three types of certificate errors, and the reasons for each type of error are different. Please share the specific information of your certificate error. It should be noted that please cover your personal privacy information.
In addition, you could refer to this article to check whether your certificate meets the requirements of hybrid environment: Certificate requirements for hybrid deployments
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.