Exchange hybrid with working cloud services

Mariusz Gora 41

Hello,

We consider to move from Exchange on premise to hybrid deployment.

We also using Teams and soon we plan use Dynamic 365 so we have some AzureAD (EntraID) accounts.

Many accounts from our local AD are "duplicated" (the same email, first, last name, account name, ...) with AzureAD.

Local AD and AzureAD are never synced but they have the same domain.

I have doubts about what will happen with these accounts after synchronizing local AD with AzureAD. I worry users will lost access to Teams (and D365) or their chats and/or planed meetings on Teams after synchronization.

I also would know is there way-back after go to Hybrid Exchange? Can we stop syncing with AzureAD, change back MX records to on-prem Exchange, remove O365 connectors from Exchange on-prem server and serving mail services as before move to hybrid?

In migration wizard we can choose SSL certificate used to communicate with Exchange Online. Our SSL cert for Exchange on premise expires soon. We plan to obtain new one instead renew existing. Is it possible to change cert used to communicate with Exchange Online after migration to hybrid?

Can Exchange Online in Hybrid deployment act as "proxy" for on premise ActiveSync, EWS, OWA and we can disable wide access to these services from public network?

Has anyone had a similar situation and would be able to solve my doubts?

Regards

Mariusz

1 answer

Carlos Solís Salazar 17,021 Reputation points MVP

2024-05-13T22:52:41.7+00:00

Hello

Your main challenge is to avoid duplicity of users when configuring Entra ID Connect, to solve this I recommend you to run the ID Fix Tool (https://microsoft.github.io/idfix/).

When you do a hybrid configuration the emails will not go out or in through Exchange online automatically, as you migrate users they will be able to connect to their mailbox through Office365, unfortunately, office.com will not work as a proxy.

Hope this helps!

Remember to accept the answer if it is helpful.
Please sign in to rate this answer.
Mariusz Gora 41 Reputation points

2024-05-14T08:42:51.6733333+00:00

Hello Carlos

Thank you for link to the ID Fix Tool.

If I correctly understand Microsoft documentation for Hybrid deployment Exchange Online is like another Exchange server in environment and client (e.g. Outlook) can connect to it and get access to mailbox even if the mailbox is located on on-premise Exchange server. So it works similar as CAS server in Exchange 2013. Additional you can reconfigure connectors to route inbound and outbound emails through Exchange Online.
Please correct me if I have misunderstood something.

For security perspective is great option because it can reduce access from internet to your server with mailboxes to Exchange Online.

For me the most important is find answer for question is there a way back after migrating to a hybrid environment?

Carlos Solís Salazar 17,021 Reputation points MVP

2024-05-14T13:47:15.98+00:00

I will answer your comment in parts:

If I correctly understand Microsoft documentation for Hybrid deployment Exchange Online is like another Exchange server in environment and client (e.g. Outlook) can connect to it and get access to mailbox even if the mailbox is located on on-premise Exchange server. So it works similar as CAS server in Exchange 2013.

If the mailbox is located locally, the user must have access to the premise server, the hybrid configuration helps you with the mail flow, not with the user access to the mail client.

Additional you can reconfigure connectors to route inbound and outbound emails through Exchange Online.

Yes, you can make connectors for mail flow between exchange Server and Exchange Online. and you can make inbound and outbound traffic through exchange online.

For security perspective is great option because it can reduce access from internet to your server with mailboxes to Exchange Online.

Yes, you can limit access only to Office 365 URLs (https://learn.microsoft.com/en-us/exchange/hybrid-deployment-prerequisites#hybrid-deployment-protocols-ports-and-endpoints).

For me the most important is find answer for question is there a way back after migrating to a hybrid environment?

Yes, it is possible to revert a hybrid Exchange configuration to a 100% on-premises configuration. However, this process can be complex and requires careful planning. Here are some general steps you could follow:

Move all Mailboxes: First, you would need to move all Exchange Online mailboxes back to your on-premises server.

Change the UPN: Change the UPN on the on-premises server.

Remove Hybrid Configuration: You can remove the hybrid configuration using the Remove-HybridConfiguration cmdlet in the Exchange Management Shell.

Remove Office 365 Send Connector: Removes the Office 365 Send Connector on the on-premises server.

Remove Office 365 Accepted Domain: Removes the Office 365 accepted domain on the on-premises server.

Maintain an Exchange Server: It is recommended to maintain at least one Exchange server for management purposes.

Disable OAuth Settings: Disables OAuth settings on both the local server and Microsoft 3653.

Please note that these are only general steps and the exact process may vary depending on your specific configuration.

Hope this helps!

Remember to accept the answer if it is helpful.

Noah Ma-MSFT 1,220 Reputation points Microsoft Vendor

2024-05-17T09:57:56.3+00:00

Just checking in to see if above information was helpful.

If the issue has been resolved, please mark the helpful replies as answers.
Sign in to comment

Share via

Exchange hybrid with working cloud services

1 answer