Exchange Server 混合部署Exchange Server Hybrid Deployments

摘要:您對於規劃 Exchange 混合式部署需要知道的項目。Summary: What you need to know to plan an Exchange hybrid deployment.

混合部署為組織提供了從現有內部部署 Microsoft Exchange 組織將功能豐富的經驗與管理控制延伸至雲端的能力。混合部署在內部部署 Exchange 組織與 Microsoft Office 365 的 Exchange Online 之間提供了單一 Exchange 組織的完美外觀與感受。此外,混合部署還能夠當做一個中繼步驟,有助於完整移轉至 Exchange Online 組織。A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange organization and Exchange Online in Microsoft Office 365. In addition, a hybrid deployment can serve as an intermediate step to moving completely to an Exchange Online organization.

Exchange 混合式部署功能Exchange hybrid deployment features

混合部署具備下列特色:A hybrid deployment enables the following features:

  • 內部部署和 Exchange Online 組織之間的安全郵件路由。Secure mail routing between on-premises and Exchange Online organizations.

  • 以共用網域命名空間進行的郵件路由傳送。例如,內部部署和 Exchange Online 組織都採用 @contoso.com SMTP 網域。Mail routing with a shared domain namespace. For example, both on-premises and Exchange Online organizations use the @contoso.com SMTP domain.

  • 統一的全域通訊清單 (GAL),也稱為「共用通訊錄」。A unified global address list (GAL), also called a "shared address book."

  • 在內部部署和 Exchange Online 組織之間共用空閒/忙碌和行事曆。Free/busy and calendar sharing between on-premises and Exchange Online organizations.

  • 集中式輸入與輸出郵件流程控制。您可設定所有輸入與輸出 Exchange Online 郵件以透過內部部署 Exchange 組織路由傳輸。Centralized control of inbound and outbound mail flow. You can configure all inbound and outbound Exchange Online messages to be routed through the on-premises Exchange organization.

  • 內部部署和 網頁型 Outlook 線上組織採用單一 Exchange URL。A single Outlook on the web URL for both the on-premises and Exchange Online organizations.

  • 將現有內部部署信箱移至 Exchange Online 組織的能力。若需要,Exchange Online 信箱也可移回至內部部署組織。The ability to move existing on-premises mailboxes to the Exchange Online organization. Exchange Online mailboxes can also be moved back to the on-premises organization if needed.

  • 使用內部部署 Exchange 系統管理中心 (EAC) 進行集中式信箱管理。Centralized mailbox management using the on-premises Exchange admin center (EAC).

  • 在內部部署與Exchange Online 織之間進行郵件追蹤、郵件提示和多信箱搜尋。Message tracking, MailTips, and multi-mailbox search between on-premises and Exchange Online organizations.

  • 雲端型郵件封存的內部部署 Exchange 信箱。Exchange Online 封存可以用於混合式部署。深入了解 Exchange Online 封存在Exchange Online 封存中的封存功能Cloud-based message archiving for on-premises Exchange mailboxes. Exchange Online Archiving can be used with a hybrid deployment. Learn more about Exchange Online Archiving at Archive Features in Exchange Online Archiving.

Exchange 混合式部署考量Exchange hybrid deployment considerations

實作 Exchange 混合式部署之前,您應該考量下列事項:You should consider the following before you implement an Exchange hybrid deployment:

  • 混合部署的需求 設定交互式部署之前,您必須先確認內部部署組織符合成功部署所需的所有必要條件。如需詳細資訊,請參閱 混合部署必要條件Hybrid deployment requirements Before you configure a hybrid deployment, you need to make sure your on-premises organization meets all of the prerequisites required for a successful deployment. For more information, see Hybrid deployment prerequisites.

  • Exchange ActiveSync 用戶端 當您將信箱從您的內部部署 Exchange 組織移至 Exchange Online 時,所有存取信箱的用戶端都必須更新為使用 Exchange Online;其中包括 Exchange ActiveSync 裝置。大部分的 Exchange ActiveSync 用戶端即將在信箱移至 Exchange Online 時自動重新設定,但是某些較舊的裝置可能無法正確更新。如需詳細資訊,請參閱 Exchange ActiveSync 裝置設定與 Exchange 混合式部署Exchange ActiveSync clients When you move a mailbox from your on-premises Exchange organization to Exchange Online, all of the clients that access the mailbox need to be updated to use Exchange Online; this includes Exchange ActiveSync devices. Most Exchange ActiveSync clients will now be automatically reconfigured when the mailbox is moved to Exchange Online, however some older devices might not update correctly. For more information, see Exchange ActiveSync device settings with Exchange hybrid deployments.

  • 信箱權限移轉 明確套用至在信箱的內部部署信箱權限 (例如「傳送為」、「完整存取」、「代理傳送者」及「資料夾權限」) 會移轉至 Exchange Online。繼承 (非明確) 的信箱權限以及在 Exchange Online 中授與未啟用郵件功能的物件的權限不會移轉。您應該在移轉之前確定已明確授與所有權限,且所有物件都已啟用郵件功能。因此,您必須規劃在 Office 365 中設定這些權限 (若適用於貴組織)。在使用「傳送為」權限的情況下,若要嘗試傳送的使用者和資源不會同時移動,則您必須使用 Add-RecipientPermission Cmdlet 明確地將「傳送為」權限加入 Exchange Online。Mailbox permissions migration On-premises mailbox permissions such as Send As, Full Access, Send on Behalf of, and folder permissions, that are explicitly applied on the mailbox are migrated to Exchange Online. Inherited (non-explicit) mailbox permissions and permissions granted to objects that aren't mail enabled in Exchange Online are not migrated. You should ensure all permissions are explicitly granted and all objects are mail enabled prior to migration. Therefore, you have to plan for configuring these permissions in Office 365 if applicable for your organization. In the case of Send As permissions, if the user and the resource attempting to be sent as aren't moved at the same time, you'll need to explicitly add the Send As permission in Exchange Online using the Add-RecipientPermission cmdlet.

  • 支援跨部署信箱權限Exchange 混合式部署支援使用的完整存取 」 和 「 代理傳送者間信箱位於內部部署 Exchange 組織與 Office 365 中的信箱的權限。其他步驟所需的下列傳送] 權限。此外,一些其他的組態可能需要支援跨部署信箱的權限在內部部署組織中安裝 Exchange 版本的依據。如需詳細資訊,請參閱在Exchange 混合部署中的權限設定 Exchange 以支援混合式部署中的委派的信箱權限委派信箱權限Support for cross-premises mailbox permissions Exchange hybrid deployments support the use of the Full Access and Send on Behalf Of permissions between mailboxes located in an on-premises Exchange organization and mailboxes located in Office 365. Additional steps are required for Send As permissions. Also, some additional configuration may be required to support cross-premises mailbox permissions depending on the version of Exchange installed in your on-premises organization. For more information, see Delegate mailbox permissions in Permissions in Exchange hybrid deployments and Configure Exchange to support delegated mailbox permissions in a hybrid deployment.

  • 登出 在進行中的收件者管理過程裡,您可能必須將 Exchange Online 信箱移回您的內部部署環境。Offboarding As part of ongoing recipient management, you might have to move Exchange Online mailboxes back to your on-premises environment.

    如需如何在 Exchange 2010 型混合式部署中移動信箱的詳細資訊,請參閱 Move an Exchange Online mailbox to the on-premises organizationFor more information about how to move mailboxes in an Exchange 2010-based hybrid deployment, see Move an Exchange Online mailbox to the on-premises organization.

    如需如何根據 Exchange 2013 或更新版本在混合部署中移動信箱的詳細資訊,請參閱 在混合式部署中內部部署與 Exchange Online 組織之間移動信箱For more information about how to move mailboxes in hybrid deployments based on Exchange 2013 or newer, see Move mailboxes between on-premises and Exchange Online organizations in hybrid deployments.

  • 信箱轉寄設定 可以將信箱設定為將寄給他們的郵件轉寄給另一個信箱。Exchange Online 中支援信箱轉寄,在移轉信箱時不會將轉寄設定複製到 Exchange Online。在將信箱移轉至 Exchange Online,請確定您為每個信箱匯出轉寄設定。轉寄設定會儲存在每個信箱上的 DeliverToMailboxAndForwardForwardingAddress,和 ForwardingSmtpAddress 內容。Mailbox forwarding settings Mailboxes can be set up to automatically forward mail sent to them to another mailbox. While mailbox forwarding is supported in Exchange Online, the forwarding configuration isn't copied to Exchange Online when the mailbox is migrated there. Before you migrate a mailbox to Exchange Online, make sure you export the forwarding configuration for each mailbox. The forwarding configuration is stored in the DeliverToMailboxAndForward, ForwardingAddress, and ForwardingSmtpAddress properties on each mailbox.

Exchange 混合式部署元件Exchange hybrid deployment components

混合部署涉及了數種不同的服務和元件:A hybrid deployment involves several different services and components:

  • Exchange 伺服器 如果您想要設定混合部署,內部部署組織中必須設定至少一個 Exchange 伺服器。如果您正在執行 Exchange 2013 或更舊版本,您必須安裝至少一個執行信箱和用戶端存取角色的伺服器。如果您正在執行 Exchange 2016 或更新版本,必須安裝至少一個執行信箱角色的伺服器。如有必要,Exchange Edge Transport Server 也可以安裝在周邊網路,並支援與 Office 365 之間的安全郵件流程。Exchange servers At least one Exchange server needs to be configured in your on-premises organization if you want to configure a hybrid deployment. If you're running Exchange 2013 or older, you need to install at least one server running the Mailbox and Client Access roles. If you're running Exchange 2016 or newer, at least one server running the Mailbox role needs to be installed. If needed, Exchange Edge Transport servers can also be installed in a perimeter network and support secure mail flow with Office 365.

    注意

    我們不支援在周邊網路中安裝執行信箱或用戶端存取伺服器角色的 Exchange 伺服器。We don't support the installation of Exchange servers running the Mailbox or Client Access server roles in a perimeter network.

  • Microsoft Office 365 Office 365 服務包含 Exchange 雲端式組織做為訂閱服務的一部分。設定混合部署的組織必須為每個移轉至 Exchange Online 組織或在其中建立的信箱購買授權。Microsoft Office 365 The Office 365 service includes an Exchange Online organization as a part of its subscription service. Organizations configuring a hybrid deployment need to purchase a license for each mailbox that's migrated to or created in the Exchange Online organization.

  • 混合組態精靈Exchange 包括混合組態精靈,可提供有效率的程序,讓您在內部部署 Exchange 與 Exchange Online 組織之間設定混合部署。Hybrid Configuration wizard Exchange includes the Hybrid Configuration wizard which provides you with a streamlined process to configure a hybrid deployment between on-premises Exchange and Exchange Online organizations.

    若要深入了解,請參閱 混合組態精靈Learn more at Hybrid Configuration wizard.

  • * * Azure AD 驗證系統 * * Azure Active Directory (AD) 驗證系統是免費的雲端架構服務,做為內部部署 Exchange 2016 組織與 Exchange Online 組織之間的信任 broker。內部部署組織設定混合部署必須具備同盟信任 Azure AD 驗證系統。以手動方式一部分設定同盟的共用功能之間的內部部署 Exchange 組織與其他同盟 Exchange 組織或使用混合式設定混合部署的一部分也可建立同盟信任設定精靈]。您的 Office 365 租用戶的 Azure AD 驗證系統的同盟信任會自動設定時啟動您的 Office 365 服務帳戶。** Azure AD authentication system ** The Azure Active Directory (AD) authentication system is a free cloud-based service that acts as the trust broker between your on-premises Exchange 2016 organization and the Exchange Online organization. On-premises organizations configuring a hybrid deployment must have a federation trust with the Azure AD authentication system. The federation trust can either be created manually as part of configuring federated sharing features between an on-premises Exchange organization and other federated Exchange organizations or as part of configuring a hybrid deployment with the Hybrid Configuration wizard. A federation trust with the Azure AD authentication system for your Office 365 tenant is automatically configured when you activate your Office 365 service account.

    若要深入了解,請參閱 Azure AD 驗證系統Learn more at: Azure AD authentication system

  • Azure Active Directory 同步處理 Azure AD 同步處理會使用 Azure AD Connect 複寫所有擁有郵件功能物件的資訊之內部部署 Active Directory 資訊至 Office 365 組織,以支援統一的全域通訊清單(GAL) 和使用者驗證。設定混合部署的組織必須在不同的內部部署伺服器上部署 Azure AD Connect,才能同步處理您的內部部署 Active Directory 和 Office 365。Azure Active Directory synchronization Azure AD synchronization uses Azure AD Connect to replicate on-premises Active Directory information for mail-enabled objects to the Office 365 organization to support the unified global address list (GAL) and user authentication. Organizations configuring a hybrid deployment need to deploy Azure AD Connect on a separate, on-premises server to synchronize your on-premises Active Directory with Office 365.

    若要深入了解,請參閱:Azure AD Connect - 概觀Learn more at: Azure AD Connect - Overview

混合式部署範例Hybrid deployment example

請參閱下列案例。這是一般 Exchange 2016 部署的範例拓撲。Contoso, Ltd. 是單一樹系、單一網域組織,其中安裝了兩個網域控制站和一個 Exchange 2016 伺服器。遠端 Contoso 使用者在網際網路上使用 網頁型 Outlook 連線至 Exchange 2016,以檢查信箱和存取 Outlook 行事曆。Take a look at the following scenario. It's an example topology that provides an overview of a typical Exchange 2016 deployment. Contoso, Ltd. is a single-forest, single-domain organization with two domain controllers and one Exchange 2016 server installed. Remote Contoso users use Outlook on the web to connect to Exchange 2016 over the Internet to check their mailboxes and access their Outlook calendar.

已設定與 Office 365 混合式部署之前,先內部部署 Exchange 部署

假設您是 Contoso 的網路系統管理員,而您想要設定混合部署。您會部署和設定必要的 Azure AD Connect 伺服器,並且決定使用 Azure AD Connect 密碼同步處理功能來讓使用者將相同的認證用於他們的內部部署網路帳戶和他們的 Office 365 帳戶。在您完成混合部署先決條件並使用混合組態精靈選取混合部署的選項之後,您的新拓撲組態如下:Let's say that you're the network administrator for Contoso, and you're interested in configuring a hybrid deployment. You deploy and configure a required Azure AD Connect server and you also decide to use the Azure AD Connect password synchronization feature to let users use the same credentials for both their on-premises network account and their Office 365 account. After you complete the hybrid deployment prerequisites and use the Hybrid Configuration wizard to select options for the hybrid deployment, your new topology has the following configuration:

  • 使用者將使用其相同的使用者名稱和密碼來登入內部部署與 Exchange Online 組織 (「單一登入」)。Users will use their the same username and password for logging on to the on-premises and Exchange Online organizations ("single sign-on").

  • 位於內部部署及 Exchange Online 組織中的使用者信箱將使用相同的電子郵件地址網域。例如,位於內部部署的信箱及位於 Exchange Online 組織中的信箱都會在使用者電子郵件地址中使用 @contoso.com。User mailboxes located on-premises and in the Exchange Online organization will use the same email address domain. For example, mailboxes located on-premises and mailboxes located in the Exchange Online organization will both use @contoso.com in user email addresses.

  • 所有外送郵件都由內部部署組織傳遞至網際網路。內部部署組織會控制所有郵件傳輸,並擔任 Exchange Online 組織的轉送站 (「集中式郵件傳輸」)。All outbound mail is delivered to the Internet by the on-premises organization. The on-premises organization controls all messaging transport and serves as a relay for the Exchange Online organization ("centralized mail transport").

  • 內部部署和 Exchange Online 組織使用者可以彼此共用行事曆空閒/忙碌資訊。為這兩個組織設定的組織關係,也會啟用跨部署郵件追蹤、郵件提示及訊息搜尋。On-premises and Exchange Online organization users can share calendar free/busy information with each other. Organization relationships configured for both organizations also enable cross-premises message tracking, MailTips, and message search.

  • 內部部署和 Exchange Online 使用者在網際網路上會使用相同的 URL 來連線至信箱。On-premises and Exchange Online users use the same URL to connect to their mailboxes over the Internet.

已設定與 Office 365 混合式部署之後,再內部部署 Exchange 部署

如果您比較 Contoso 的現有組織組態與混合部署組態,則會看到設定混合部署時已新增伺服器及服務,以支援在內部部署組織與 Exchange Online 組織之間共用的其他通訊及功能。以下概述混合部署從初始內部部署 Exchange 組織進行的變更。If you compare Contoso's existing organization configuration and the hybrid deployment configuration, you'll see that configuring a hybrid deployment has added servers and services that support additional communication and features that are shared between the on-premises and Exchange Online organizations. Here's an overview of the changes that a hybrid deployment has made from the initial on-premises Exchange organization.

組態Configuration 混合部署前Before hybrid deployment 混合部署後After hybrid deployment
信箱位置Mailbox location
僅有內部部署信箱。Mailboxes on-premises only.
位於內部部署與 Office 365 中的信箱。Mailboxes on-premises and in Office 365.
訊息傳輸Message transport
內部部署信箱伺服器負責處理所有輸入及輸出的訊息路由。On-premises Mailbox servers handle all inbound and outbound message routing.
內部部署信箱伺服器會處理在內部部署組織和 Office 365 組織之間的內部訊息路由。On-premises Mailbox servers handle internal message routing between the on-premises and Office 365 organization.
網頁型 OutlookOutlook on the web
內部部署信箱伺服器接收所有的 網頁型 Outlook 要求並顯示信箱資訊。On-premises Mailbox servers receive all Outlook on the web requests and displays mailbox information.
內部部署信箱伺服器將 網頁型 Outlook 要求重新導向至內部部署 Exchange 2016 信箱伺服器,或提供登入 Office 365 的連結。On-premises Mailbox servers redirect Outlook on the web requests to either on-premises Exchange 2016 Mailbox servers or provides a link to log on to Office 365.
兩個組織都通用的統一 GALUnified GAL for both organizations
不適用;僅有單一組織。Not applicable; single organization only.
內部部署 Active Directory 同步伺服器將擁有郵件功能之物件的 Active Directory 資訊複寫至 Office 365。On-premises Active Directory synchronization server replicates Active Directory information for mail-enabled objects to Office 365.
兩個組織都通用的單一登入Single-sign on used for both organizations
不適用;僅有單一組織。Not applicable; single organization only.
內部部署 Active Directory 和 Office 365 會將相同的使用者名稱和密碼用在位於內部部署或 Office 365 的信箱。On-premises Active Directory and Office 365 use the same username and password for mailboxes located either on-premises or in Office 365.
建立的組織關係以及對 Azure AD 驗證系統的同盟信任Organization relationship established and a federation trust with Azure AD authentication system
您可以設定對 Azure AD 驗證系統的信任關係,以及與其他同盟 Exchange 組織之間的組織關係。Trust relationship with th Azure AD authentication system and organization relationships with other federated Exchange organizations may be configured.
對 Azure AD 驗證系統的信任關係是必要的。在內部部署與 Office 365 之間建立組織關係。Trust relationship with the Azure AD authentication system is required. Organization relationships are established between the on-premises and Office 365.
空閒/忙碌資訊共用Free/busy sharing
僅能在內部部署使用者之間進行空閒/忙碌資訊共用。Free/busy sharing between on-premises users only.
在內部部署使用者與 Office 365 使用者之間進行空閒/忙碌資訊共用。Free/busy sharing between both on-premises and Office 365 users.

設定混合式部署之前的考量事項Things to consider before configuring a hybrid deployment

既然您已較熟悉混合部署,您需要仔細考量一些重要議題。設定混合部署可能會影響您目前網路及 Exchange 組織中的多個區域。Now that you're a little more familiar with what a hybrid deployment is, you need to carefully consider some important issues. Configuring a hybrid deployment could affect multiple areas in your current network and Exchange organization.

目錄同步處理及單一登入Directory synchronization and single sign-on

每隔 3 小時由執行 Active Directory Connect 的伺服器執行內部部署和 Office 365 之間的 Active Directory 同步處理,這是設定混合部署的必要項。目錄同步處理可讓任何組織中的收件者在全域通訊清單中看到對方。它也會同步處理使用者名稱和密碼,讓使用者利用相同的認證登入您的內部部署組織和 Office 365。Active Directory synchronization between the on-premises and Office 365 organizations, which is performed every three hours by a server running Azure Active Directory Connect, is a requirement for configuring a hybrid deployment. Directory synchronization enables recipients in either organization to see each other in the global address list. It also synchronizes usernames and passwords which enables users to log in with the same credentials in both your on-premises organization and in Office 365.

注意

如果您選擇使用 AD FS 設定 Azure AD Connect,內部部署使用者的使用者名稱和密碼在預設上仍然會同步到 Office 365。不過,使用者將會透過 AD FS 驗證您的內部部署 Active Directory,做為其主要的驗證方法。萬一 AD FS 因任何原因無法連線至您的內部部署 Active Directory,用戶端將嘗試切換方法,並驗證同步至 Office 365 的使用者名稱和密碼。If you choose to configure Azure AD Connect with AD FS, usernames and passwords of on-premises users will still be synchronized to Office 365 by default. However, users will authenticate with your on-premises Active Directory via AD FS as their primary method of authentication. In the event AD FS can't connect to your on-premises Active Directory for any reason, clients will attempt to fall back and authenticate against usernames and passwords synchronized to Office 365.

Azure Active Directory 和 Office 365 的所有客戶預設都有限制:50,000 個物件 (使用者、擁有郵件功能的連絡人和群組)。此限制決定您可以在 Office 365 組織中建立多少物件。當您驗證第一個網域時,此物件限制會自動增加至 300,000 個物件。如果您已驗證網域並需要同步處理 300,000 個以上的物件,或者沒有任何網域需要進行驗證並需要同步處理 50,000 個以上的物件,則需要連絡「Azure Active Directory 支援」以要求增加至您的物件配額限制。All customers of Azure Active Directory and Office 365 have a limit of 50,000 objects (users, mail-enabled contacts, and groups) by default. This limit determines how many objects you can create in your Office 365 organization. When you verify your first domain, this object limit is automatically increased to 300,000 objects. If you have verified a domain and need to synchronize more than 300,000 objects or you do not have any domains to verify, and need to synchronize more than 50,000 objects, you will need to contact Azure Active Directory Support to request an increase to your object quota limit.

除了執行 Azure AD Connect 的伺服器,如果您選擇設定 AD FS,您也必須部署 Web 應用程式 Proxy 伺服器。此伺服器應該放在周邊網路,並且做為您的內部 Azure AD Connect 伺服器和網際網路之間的媒介。Web 應用程式 Proxy 伺服器必須接受在網際網路上使用 TCP 連接埠 443 的用戶端連線。In addition to a server running Azure AD Connect, you'll also need to deploy a web application proxy server if you choose to configure AD FS. This server should be placed in your perimeter network and will act as an intermediary between your internal Azure AD Connect server and the Internet. The web application proxy server needs to accept connections from clients and servers on the Internet using TCP port 443.

混合部署管理Hybrid deployment management

您會透過可同時用於管理內部部署和 Exchange Online 組織的單一統一管理主控台,管理 Exchange 2016 中的混合部署。Exchange 系統管理中心 (EAC) 取代了 Exchange 管理主控台和 Exchange 控制台,可讓您連接和設定這兩種組織的功能。當您初次執行混合組態精靈時,會提示您連接到 Exchange Online 組織。您必須使用本身為 Organization Management 角色群組成員的 Office 365 帳戶,將 EAC 連接至您的 Exchange Online 組織。You manage a hybrid deployment in Exchange 2016 via a single unified management console that allows for managing both your on-premises and Exchange Online organizations. The Exchange admin center (EAC), which replaces the Exchange Management Console and the Exchange Control Panel, allows you to connect and configure features for both organizations. When you run the Hybrid Configuration wizard for the first time, you will be prompted to connect to your Exchange Online organization. You need to use an Office 365 account that is a member of the Organization Management role group to connect the EAC to your Exchange Online organization.

憑證Certificates

安全通訊端層 (SSL) 數位憑證扮演設定混合部署的重要角色。這些憑證有助於保護內部部署混合伺服器與 Exchange Online 組織之間通訊的安全。憑證是設定數種類型服務所必要的。如果您已在 Exchange 組織中使用數位憑證,則可能需要修改憑證以包括其他網域,或向信任的憑證授權單位 (CA) 購買其他憑證。如果您尚未使用憑證,則需要向信任的 CA 購買一或多個憑證。Secure Sockets Layer (SSL) digital certificates play a significant role in configuring a hybrid deployment. They help to secure communications between the on-premises hybrid server and the Exchange Online organization. Certificates are a requirement to configure several types of services. If you're already using digital certificates in your Exchange organization, you may have to modify the certificates to include additional domains or purchase additional certificates from a trusted certificate authority (CA). If you aren't already using certificates, you will need to purchase one or more certificates from a trusted CA.

若要深入了解,請參閱:混合部署的憑證需求Learn more at: Certificate requirements for hybrid deployments

頻寬Bandwidth

與網際網路的網路連線會直接影響內部部署組織與 Office 365 組織之間的通訊效能。尤其是將內部部署 Exchange 2016 伺服器中的信箱移至 Office 365 組織時,影響更顯著。可用的網路頻寬量,加上信箱大小以及平行移動的信箱數目,會導致完成信箱移動的時間不同。此外,其他 Office 365 服務 (例如 SharePoint Server 2016 和 商務用 Skype) 也可能會影響郵件服務的可用頻寬。Your network connection to the Internet will directly impact the communication performance between your on-premises organization and the Office 365 organization. This is particularly true when moving mailboxes from your on-premises Exchange 2016 server to the Office 365 organization. The amount of available network bandwidth, in combination with mailbox size and the number of mailboxes moved in parallel, will result in varied times to complete mailbox moves. Additionally, other Office 365 services, such as SharePoint Server 2016 and Skype for Business, may also affect the available bandwidth for messaging services.

將信箱移至 Office 365 之前,您應該:Before moving mailboxes to Office 365, you should:

  • 決定要移至 Office 365 之信箱的平均大小。Determine the average mailbox size for mailboxes that will be moved to Office 365.

  • 判斷從內部部署組織到網際網路連線的平均連線及輸送量速度。Determine the average connection and throughput speed for your connection to the Internet from your on-premises organization.

  • 計算平均預期傳送速度,並據此計劃信箱移動。Calculate the average expected transfer speed, and plan your mailbox moves accordingly.

若要深入了解,請參閱網路功能Learn more at: Networking

整合通訊Unified Messaging

整合通訊 (UM) 是一種在內部部署組織和 Office 365 組織之間的混合部署中支援的服務。您的內部部署電話語音解決方案必須能夠與 Office 365 組織進行通訊。因此您可能會需要購買其他的硬體和軟體。Unified Messaging (UM) is supported in a hybrid deployment between your on-premises and Office 365 organizations. Your on-premises telephony solution must be able to communicate with Office 365. This may require that you purchase additional hardware and software.

如果您要將信箱從內部部署組織移至 Office 365,且這些信箱已針對 UM 進行設定,則您必須在移動信箱之前,在您的混合部署內設定 UM。如果您在於混合部署中設定 UM 之前移動信箱,這些信箱將不再具有 UM 功能的存取權限。If you want to move mailboxes from your on-premises organization to Office 365, and those mailboxes are configured for UM, you should configure UM in your hybrid deployment prior to moving those mailboxes. If you move mailboxes before you configure UM in your hybrid deployment, those mailboxes will no longer have access to UM functionality.

若要深入了解,請參閱:在混合部署中設定整合通訊Learn more at: Set Up Unified Messaging in a Hybrid Deployment

資訊版權管理Information Rights Management

資訊版權管理 (IRM) 可讓使用者套用 Active Directory Rights Management Services (AD RMS) 範本至他們傳送的郵件。AD RMS 範本讓使用者控制可開啟受權限保護郵件的人員,以及這些人員在開啟郵件後可對郵件執行的動作,藉此來防止資訊外洩。Information Rights Management (IRM) enables users to apply Active Directory Rights Management Services (AD RMS) templates to messages that they send. AD RMS templates can help prevent information leakage by allowing users to control who can open a rights-protected message, and what they can do with that message after it's been opened.

混合部署中的 IRM 需要規劃、手動設定 Office 365 組織,以及了解用戶端如何根據他們位於內部部署或 Exchange Online 組織的信箱來使用 AD RMS 伺服器。IRM in a hybrid deployment requires planning, manual configuration of the Office 365 organization, and an understanding of how clients use AD RMS servers depending on whether their mailbox is in the on-premises or Exchange Online organization.

若要深入了解,請參閱:Exchange 混合式部署中的 IRMLearn more at: IRM in Exchange hybrid deployments

行動裝置Mobile devices

在混合部署中是支援行動裝置的。如果已在現有的伺服器上啟用 Exchange ActiveSync,其會持續將來自行動裝置的要求重新導向至位於內部部署信箱伺服器上的信箱。對於連接至從內部部署組織移至 Office 365 的現有信箱之行動裝置而言,Exchange ActiveSync 設定檔必需自動更新為連接至大部分電話上的 Office 365。所有支援 Exchange ActiveSync 的行動裝置都應該能與混合部署相容。Mobile devices are supported in a hybrid deployment. If Exchange ActiveSync is already enabled on your existing servers, they'll continue to redirect requests from mobile devices to mailboxes located on the on-premises Mailbox server. For mobile devices connecting to existing mailboxes that are moved from the on-premises organization to Office 365, Exchange ActiveSync profiles will automatically be updated to connect to Office 365 on most phones. All mobile devices that support Exchange ActiveSync should be compatible with a hybrid deployment.

若要深入了解,請參閱:行動電話Learn more at: Mobile Phones

用戶端需求Client requirements

我們建議您的用戶端使用 Outlook 2016 或 Outlook 2013,以獲得混合部署的最佳體驗及效能。預先的 Outlook 2010 用戶端在混合部署或 Office 365 中不受支援。We recommend that your clients use Outlook 2016 or Outlook 2013 for the best experience and performance in the hybrid deployment. Pre-Outlook 2010 clients aren't supported in hybrid deployments or with Office 365.

Office 365 授權Licensing for Office 365

若要將信箱移至 Office 365 或是在其中建立信箱,您需要註冊 Office 365 企業版,而且必須具有授權。當您註冊 Office 365 時,會收到可指派給新信箱或指派給從內部部署組織移動之信箱的特定數目授權。Office 365 中的每個信箱都必須要有授權。To create mailboxes in, or move mailboxes to, Office 365, you need to sign up for Office 365 for enterprises and you must have licenses available. When you sign up for Office 365, you'll receive a specific number of licenses that you can assign to new mailboxes or mailboxes moved from the on-premises organization. Each mailbox in Office 365 must have a license.

防毒及反垃圾郵件服務Antivirus and anti-spam services

Exchange Online Protection (EOP) 會自動為移至 Office 365 的信箱提供防毒及反垃圾郵件保護 (由 Office 365 提供的服務)。若您選擇透過 EOP 服務路由傳送所有內送網際網路郵件,則必須為內部部署使用者購買額外的 EOP 授權。建議您仔細評估,在您 Office 365 中的 EOP 保護是否同樣符合內部部署組織的防毒及反垃圾郵件需求。如果您的內部部署組織已有保護功能,則您可能需要升級或設定內部部署的防毒及反垃圾郵件解決方案,以取得組織的最大保護。Mailboxes moved to Office 365 are automatically provided with antivirus and anti-spam protection by Exchange Online Protection (EOP), a service provided by Office 365. You may need to purchase additional EOP licenses for your on-premises users if you chose to route all incoming Internet mail through the EOP service. We recommend that you carefully evaluate whether the EOP protection in your Office 365 is also appropriate to meet the antivirus and anti-spam needs of your on-premises organization. If you have protection in place for your on-premises organization, you may need to upgrade or configure your on-premises antivirus and anti-spam solutions for maximum protection across your organization.

若要深入了解,請參閱:Anti-Spam and Anti-Malware ProtectionLearn more at: Anti-Spam and Anti-Malware Protection

公用資料夾Public folders

Office 365 中已支援公用資料夾,而且內部部署公用資料夾可移轉至 Office 365。此外,Office 365 中的公用資料夾可移至內部部署 Exchange 2016 組織。內部部署與 Office 365 使用者均可存取位於使用網頁型 Outlook、Outlook 2016、Outlook 2013 或 Outlook 2010 SP2 或更新版本之組織中的公用資料夾。在設定混合部署時,現有的內部部署公用資料夾組態以及內部部署信箱的存取不會變更。Public folders are supported in Office 365, and on-premises public folders can be migrated to Office 365. Additionally, public folders in Office 365 can be moved to the on-premises Exchange 2016 organization. Both on-premises and Office 365 users can access public folders located in either organization using Outlook on the web, Outlook 2016, Outlook 2013, or Outlook 2010 SP2 or newer. Existing on-premises public folder configuration and access for on-premises mailboxes doesn't change when you configure a hybrid deployment.

若要深入了解,請參閱:Public FoldersLearn more at: Public Folders

協助工具Accessibility

如需適用於此檢查清單中程序的快速鍵相關資訊,請參閱 Keyboard shortcuts in Exchange 2013For information about keyboard shortcuts that may apply to the procedures in this checklist, see Keyboard shortcuts in the Exchange admin center.

重要詞彙Key terminology

下方列表提供 Exchange 2013 中與混合部署相關的核心元件定義。The following list provides you with definitions of the core components associated with hybrid deployments in Exchange 2013.

集中郵件傳輸centralized mail transport

輸入和輸出網際網路郵件路由透過內部部署 Exchange 組織中的所有 Exchange Online 混合式組態選項。在 [混合組態精靈] 中設定此路由的選項。如需詳細資訊,請參閱傳輸選項在 Exchange 混合部署The hybrid configuration option in which all Exchange Online inbound and outbound Internet messages are routed via the on-premises Exchange organization. This routing option is configured in the Hybrid Configuration wizard. For more information, see Transport options in Exchange hybrid deployments.

共存網域coexistence domain

新增至內部部署組織的混合郵件流可接受的網域,以及 Office 365 服務的自動探索服務請求。此網域將當做次要 Proxy 網域新增到任何具有混合組態精靈中所選取網域之 PrimarySmtpAddress 範本的電子郵件地址原則。依預設,此網域為 <domain>.mail.onmicrosoft.com。An accepted domain added to the on-premises organization for hybrid mail flow and Autodiscover requests for the Office 365 service. This domain is added as a secondary proxy domain to any email address policies which have PrimarySmtpAddress templates for domains selected in the Hybrid Configuration wizard. By default, this domain is <domain>.mail.onmicrosoft.com.

** HybridConfiguration Active Directory 物件 HybridConfiguration Active Directory object **

包含於混合組態精靈中選擇的預期混合部署組態參數之內部部署組織中的 Active Directory 物件。混合組態引擎在設定內部部署與 Exchange Online 設定時將使用這些參數來啟用混合功能。 HybridConfiguration 物件的內容將在每次執行混合組態精靈時重置。The Active Directory object in the on-premises organization that contains the desired hybrid deployment configuration parameters defined by the selections chosen in the Hybrid Configuration wizard. The Hybrid Configuration Engine uses these parameters when configuring on-premises and Exchange Online settings to enable hybrid features. The contents of the HybridConfiguration object are reset each time the Hybrid Configuration wizard is run.

混合組態引擎hybrid configuration engine

「混合組態引擎」(HCE) 會執行設定及更新混合部署所需的核心動作。HCE 將比較 HybridConfiguration Active Directory 物件與目前內部部署 Exchange 及 Exchange Online 組態設定的狀態,然後執行任務以讓部署組態設定與 HybridConfiguration Active Directory 物件中定義的參數相符。如需詳細資訊,請參閱 混合組態引擎The Hybrid Configuration Engine (HCE) runs the core actions necessary for configuring and updating a hybrid deployment. The HCE compares the state of the HybridConfiguration Active Directory object with current on-premises Exchange and Exchange Online configuration settings and then executes tasks to match the deployment configuration settings to the parameters defined in the HybridConfiguration Active Directory object. For more information, see Hybrid Configuration Engine.

混合組態精靈 (HCW)hybrid configuration wizard (HCW)

Exchange 中提供調適性工具將領導管理者在內部部署與 Exchange Online 組織間設定混合部署。精靈將定義 HybridConfiguration 物件中的混合部署組態參數,並指引混合組態引擎執行必要的組態任務,以啟用定義的混合功能。如需詳細資訊,請參閱 混合組態精靈An adaptive tool offered in Exchange that guides administrators through configuring a hybrid deployment between their on-premises and Exchange Online organizations. The wizard defines the hybrid deployment configuration parameters in the HybridConfiguration object and instructs the Hybrid Configuration Engine to run the necessary configuration tasks to enable the defined hybrid features. For more information, see Hybrid Configuration wizard.

以 Exchange 2010 為基礎的混合部署Exchange 2010-based hybrid deployment

將 Exchange Server 2010 內部部署伺服器 Service Pack 3 (SP3) 作為 Office 365 與 Exchange Online 服務連接端點進行設定的混合部署。內部部署 Exchange 2010、Exchange Server 2007 以及 Exchange Server 2003 組織的混合部署選項。A hybrid deployment configured using Service Pack 3 (SP3) for Exchange Server 2010 on-premises servers as the connecting endpoint for the Office 365 and Exchange Online services. A hybrid deployment option for on-premises Exchange 2010, Exchange Server 2007, and Exchange Server 2003 organizations.

以 Exchange 2013 為基礎的混合部署Exchange 2013-based hybrid deployment

將 Exchange Server 2013 內部部署伺服器 Service Pack 3 (SP3) 作為 Office 365 與 Exchange Online 服務連接端點進行設定的混合部署。內部部署 Exchange 2013、Exchange 2010 以及 Exchange 2007 組織的混合部署選項。A hybrid deployment configured using Exchange 2013 on-premises servers as the connecting endpoint for the Office 365 and Exchange Online services. A hybrid deployment option for on-premises Exchange 2013, Exchange 2010, and Exchange 2007 organizations.

以 Exchange 2016 為基礎的混合部署Exchange 2016-based hybrid deployment

將 Exchange Server 2016 內部部署伺服器 Service Pack 3 (SP3) 作為 Office 365 與 Exchange Online 服務連接端點進行設定的混合部署。內部部署 Exchange 2016、Exchange 2013 以及 Exchange 2010 組織的混合部署選項。A hybrid deployment configured using Exchange 2016 on-premises servers as the connecting endpoint for the Office 365 and Exchange Online services. A hybrid deployment option for on-premises Exchange 2016, Exchange 2013, and Exchange 2010 organizations.

安全郵件運輸secure mail transport

混合組態的自動設定功能,可於內部部署與 Exchange Online 組織間使用安全郵件。以混合組態精靈中選擇的憑證來使用相互傳輸層安全性 (TLS) 進行郵件加密與驗證。Office 365 租用戶為源於內部部署組織的混合傳輸連接端點,且為混合傳輸連接至來自 Exchange Online 內部部署組織的端點。An automatically configured feature of a hybrid deployment that enables secure messaging between the on-premises and Exchange Online organizations. Messages are encrypted and authenticated using transport layer security (TLS) with a certificate selected in the Hybrid Configuration wizard. Office 365 tenant is the endpoint for hybrid transport connections originating from the on-premises organization and the source for hybrid transport connections to the on-premises organization from Exchange Online.

Exchange 混合式部署文件Exchange hybrid deployment documentation

下表包含主題的連結,這些主題可協助您了解及管理 Microsoft Exchange 中的混合部署。The following table contains links to topics that will help you learn about and manage hybrid deployments in Microsoft Exchange.

主題Topic 描述Description
混合組態精靈Hybrid Configuration wizard
了解混合組態精靈和「混合組態引擎」如何設定混合部署。Learn how the Hybrid Configuration wizard and the Hybrid Configuration Engine configure a hybrid deployment.
混合部署必要條件Hybrid deployment prerequisites
深入了解混合部署先決條件,包括相容的 Exchange Server 組織、Office 365 需求及其他內部部署組態需求。Learn more about hybrid deployment prerequisites, including compatible Exchange Server organizations, Office 365 requirements, and other on-premises configuration requirements.
混合部署的憑證需求Certificate requirements for hybrid deployments
深入了解混合部署中數位憑證的需求。Learn more about the requirements for digital certificates in hybrid deployments.
Exchange 混合式部署中的傳輸選項Transport options in Exchange hybrid deployments
深入了解混合部署中的內送和外寄郵件傳輸選項。Learn more about the inbound and outbound message transport options in hybrid deployments.
Exchange 混合式部署中的傳輸路由Transport routing in Exchange hybrid deployments
深入了解混合部署中的內送和外寄郵件路由選項。Learn more about inbound and outbound message routing options in a hybrid deployment.
Exchange 混合式部署中的混合式管理Hybrid management in Exchange hybrid deployments
深入了解使用 Exchange 系統管理中心和 Exchange 管理命令介面來管理您的混合部署。Learn more about managing your hybrid deployment with the Exchange admin center and Exchange Management Shell.
Exchange 混合式部署中的共用空閒/忙碌Shared free/busy in Exchange hybrid deployments
深入了解混合部署中內部部署和 Exchange Online 組織之間的行事曆空閒/忙碌資訊共用。Learn more about calendar free/busy sharing between on-premises and Exchange Online organizations in a hybrid deployment.
Exchange 混合式部署中的伺服器角色Server roles in Exchange hybrid deployments
深入了解 Exchange 伺服器角色在混合部署中的運作方式。Learn more about how the Exchange server roles function in a hybrid deployment.
Exchange 混合式部署中的 IRMIRM in Exchange hybrid deployments
深入了解資訊版權管理在混合部署中的運作方式。Learn more about how Information Rights Management functions in a hybrid deployment.
Exchange 混合式部署中的權限Permissions in Exchange hybrid deployments
深入了解混合部署如何使用應用角色的存取控制 (RBAC) 來控制權限。Learn more about how a hybrid deployment uses Role Based Access Control (RBAC) to control permissions.
Edge Transport server 與混合式部署Edge Transport servers with hybrid deployments
深入了解 Exchange Edge Transport Server 及其在混合部署中部署和操作的方式。Learn more about Exchange Edge Transport servers and how they are deployed and operate in a hybrid deployment.
單一登入與混合式部署Single sign-on with hybrid deployments
深入了解如何使用混合部署中的密碼同步處理和 AD FS 功能進行單一登入。Learn more about how single sign-on using password synchronization and AD FS function in a hybrid deployment.
混合式部署程序Hybrid Deployment procedures
探索建立和修改 Exchange 內部部署和 Exchange Online 組織之混合部署的程序。Explore procedures for creating and modifying hybrid deployments for your Exchange on-premises and Exchange Online organizations.
採用 Exchange 2013 及 Exchange 2010 的混合式部署Hybrid deployments with Exchange 2013 and Exchange 2010
深入了解以 Exchange 2013 為基礎的混合部署與 Exchange 2010 組織。Learn more about Exchange 2013-based hybrid deployments with Exchange 2010 organizations.
採用 Exchange 2013 及 Exchange 2007 的混合部署Hybrid deployments with Exchange 2013 and Exchange 2007
深入了解以 Exchange 2013 為基礎的混合部署與 Exchange 2007 組織。Learn more about Exchange 2013-based hybrid deployments with Exchange 2007 organizations.