Office 365 Hybrid Deployment with Exchange 2016

A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange organization and Exchange Online in Microsoft Office 365.

Exchange hybrid deployment featureshttps://docs.microsoft.com/en-us/exchange/exchange-hybrid#exchange-hybrid-deployment-features

A hybrid deployment enables the following features:

• Secure mail routing between on-premises and Exchange Online organizations.
• Mail routing with a shared domain namespace. For example, both on-premises and Exchange Online organizations use the @domain.com SMTP domain.
• A unified global address list (GAL), also called a "shared address book."
• Free/busy and calendar sharing between on-premises and Exchange Online organizations.
• Centralized control of inbound and outbound mail flow. You can configure all inbound and outbound Exchange Online messages to be routed through the on-premises Exchange organization.
• A single Outlook on the web URL for both the on-premises and Exchange Online organizations.
• The ability to move existing on-premises mailboxes to the Exchange Online organization. Exchange Online mailboxes can also be moved back to the on-premises organization if needed.
• Centralized mailbox management using the on-premises Exchange admin center (EAC).
• Message tracking, MailTips, and multi-mailbox search between on-premises and Exchange Online organizations.
• Cloud-based message archiving for on-premises Exchange mailboxes. Exchange Online Archiving can be used with a hybrid deployment.

A hybrid deployment involves several different services and components:

• Exchange 2016 Servers-   The Exchange 2016 Mailbox server role is required in your on-premises Exchange organization. All on-premises
  Exchange 2016 servers need to have the latest release of Exchange 2016, or the release immediately prior to the current release, installed to support hybrid functionality with Office 365.
• Office 365-   Hybrid deployments are supported with Office 365 Enterprise, Government and Academic plans.
• Hybrid Configuration wizard-   Exchange 2016 includes the Hybrid Configuration wizard which provides you with a streamlined process to
  configure a hybrid deployment between on-premises Exchange and Exchange Online organizations.
• Azure AD authentication system-   The Azure Active Directory (AD) authentication system is a free cloud-based service that acts as the trust broker between your on-premises Exchange 2016 organization and the Exchange Online organization. On-premises organizations configuring a hybrid deployment must have a federation trust with the Azure AD authentication system.
• The Hybrid Configuration wizard as part of configuring a hybrid
  deployment creates the federation trust. A federation trust with the Azure AD authentication system for your Office 365 tenant is automatically configured when you activate your Office 365 service account.
• Azure Active Directory synchronization-   Azure AD synchronization uses Azure AD Connect to replicate on-premises Active Directory information for mail-enabled objects to the Office 365 organization to support the unified global address list (GAL) and user authentication.
  Organizations configuring a hybrid deployment need to deploy Azure AD Connect
  on a separate, on-premises server to synchronize your on-premises Active Directory with Office 365.
• Active Directory Federation Services- AD FS provides simplified, secured identity federation and Web single sign-on (SSO) capabilities for end users who want to access applications within an AD FS-secured enterprise, in federation partner organizations, or in the cloud.
• Web Application Proxy Server- The Web Application Proxy under the Remote Access role that allows administrators to securely publish applications for external access. This service acts as a reverse proxy and as an Active Directory Federation Services (AD FS) proxy.

Hybrid infrastructure

• Following components are required to configure hybrid.

Exchange Server 2016 with Mailbox Role	EXCH2016
Exchange Server 2016 with Edge Transport Role	EXCH2016EDGE
Windows Server 2016 with Azure Active Directory Connect (AAD Connect) Installed	AADCONNECT
Active Directory Federation Server(s)	ADFS2016
Web Application Proxy Server in perimeter	EDGE2016
Domain Controller running on minimum Windows Server 2008 R2	DC01
Office 365 Subscriptions with default domain configured i.e. Service tenant FQDN	A.    Domain.onmicrosoft.com
Accepted Domain in Office 365 and On-premises	A.    Domain.com
On-premises domain type	Authoritative
Office 365 Domain Type	Internal Relay
User principal name domain and Microsoft Online ID domain	@domain.com
External Azure AD Connect with AD FS FQDN	a.      sts.domain.com
On-premises Autodiscover FQDN	A.    Autodiscover.domain.com
Office 365 Autodiscover	A.    Autodiscover.outlook.com

• Configuring Hybrid Exchange Server

Step1: Add and validate primary Email domain to Office 365

Step2: Setup Primary SMTP Domain to Internal Relay

Step3: Configure Active Directory synchronization

Step4: Create Federation with Azure Active Directory

Step5: Verify tenant configuration

Step6: Install Edge Transport server

Step7: Configure Edge servers

Step8: Configure DNS

Step9: Firewall Configuration

Step10: Configure Exchange Web Services

Step11: Configure MRS Proxy

Step12: Configure Exchange certificates

Step13: Run Hybrid Configuration wizard

Step14: Send Connector and Receive Connector Configuration on the on-premises server

Step14: Create a test mailbox

Step15: Move or create mailboxes

Step16: Test hybrid deployment connectivity