A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange organization and Exchange Online in Microsoft Office 365.
Exchange hybrid deployment featureshttps://docs.microsoft.com/en-us/exchange/exchange-hybrid#exchange-hybrid-deployment-features
A hybrid deployment involves several different services and components:
Exchange hybrid deployment featureshttps://docs.microsoft.com/en-us/exchange/exchange-hybrid#exchange-hybrid-deployment-features
A hybrid deployment enables the following features:
- Secure mail routing between on-premises and Exchange Online organizations.
- Mail routing with a shared domain namespace. For example, both on-premises and Exchange Online organizations use the @domain.com SMTP domain.
- A unified global address list (GAL), also called a "shared address book."
- Free/busy and calendar sharing between on-premises and Exchange Online organizations.
- Centralized control of inbound and outbound mail flow. You can configure all inbound and outbound Exchange Online messages to be routed through the on-premises Exchange organization.
- A single Outlook on the web URL for both the on-premises and Exchange Online organizations.
- The ability to move existing on-premises mailboxes to the Exchange Online organization. Exchange Online mailboxes can also be moved back to the on-premises organization if needed.
- Centralized mailbox management using the on-premises Exchange admin center (EAC).
- Message tracking, MailTips, and multi-mailbox search between on-premises and Exchange Online organizations.
- Cloud-based message archiving for on-premises Exchange mailboxes. Exchange Online Archiving can be used with a hybrid deployment.
- Exchange 2016 Servers- The Exchange 2016 Mailbox server role is required in your on-premises Exchange organization. All on-premises
Exchange 2016 servers need to have the latest release of Exchange 2016, or the release immediately prior to the current release, installed to support hybrid functionality with Office 365. - Office 365- Hybrid deployments are supported with Office 365 Enterprise, Government and Academic plans.
- Hybrid Configuration wizard- Exchange 2016 includes the Hybrid Configuration wizard which provides you with a streamlined process to
configure a hybrid deployment between on-premises Exchange and Exchange Online organizations. - Azure AD authentication system- The Azure Active Directory (AD) authentication system is a free cloud-based service that acts as the trust broker between your on-premises Exchange 2016 organization and the Exchange Online organization. On-premises organizations configuring a hybrid deployment must have a federation trust with the Azure AD authentication system.
- The Hybrid Configuration wizard as part of configuring a hybrid
deployment creates the federation trust. A federation trust with the Azure AD authentication system for your Office 365 tenant is automatically configured when you activate your Office 365 service account. - Azure Active Directory synchronization- Azure AD synchronization uses Azure AD Connect to replicate on-premises Active Directory information for mail-enabled objects to the Office 365 organization to support the unified global address list (GAL) and user authentication.
Organizations configuring a hybrid deployment need to deploy Azure AD Connect
on a separate, on-premises server to synchronize your on-premises Active Directory with Office 365. - Active Directory Federation Services- AD FS provides simplified, secured identity federation and Web single sign-on (SSO) capabilities for end users who want to access applications within an AD FS-secured enterprise, in federation partner organizations, or in the cloud.
- Web Application Proxy Server- The Web Application Proxy under the Remote Access role that allows administrators to securely publish applications for external access. This service acts as a reverse proxy and as an Active Directory Federation Services (AD FS) proxy.
Hybrid infrastructure
- Following
components are required to configure hybrid.
|
Exchange Server 2016
with Mailbox Role
|
EXCH2016
|
|
Exchange Server 2016
with Edge Transport Role
|
EXCH2016EDGE
|
|
Windows Server 2016
with Azure Active Directory Connect (AAD Connect) Installed
|
AADCONNECT
|
|
Active Directory
Federation Server(s)
|
ADFS2016
|
|
Web Application Proxy
Server in perimeter
|
EDGE2016
|
|
Domain Controller
running on minimum Windows Server 2008 R2
|
DC01
|
|
Office 365
Subscriptions with default domain configured i.e. Service tenant FQDN
|
A.
Domain.onmicrosoft.com
|
|
Accepted Domain in
Office 365 and On-premises
|
A.
Domain.com
|
|
On-premises domain type
|
Authoritative
|
|
Office 365 Domain Type
|
Internal Relay
|
|
User principal name
domain and Microsoft Online ID domain
|
@domain.com
|
|
External Azure AD
Connect with AD FS FQDN
|
a.
sts.domain.com
|
|
On-premises
Autodiscover FQDN
|
A.
Autodiscover.domain.com
|
|
Office 365 Autodiscover
|
A.
Autodiscover.outlook.com
|
- Configuring Hybrid Exchange Server
Step1: Add and validate primary Email domain to Office 365
Step2: Setup Primary SMTP Domain to Internal Relay
Step3: Configure Active Directory synchronization
Step4: Create Federation with Azure Active Directory
Step5: Verify tenant configuration
Step6: Install Edge Transport server
Step7: Configure Edge servers
Step8: Configure DNS
Step9: Firewall Configuration
Step10: Configure Exchange Web Services
Step11: Configure MRS Proxy
Step12: Configure Exchange certificates
Step13: Run Hybrid Configuration wizard
Step14: Send Connector and Receive Connector Configuration on the on-premises server
Step14: Create a test mailbox
Step15: Move or create mailboxes
Step16: Test hybrid deployment connectivity
