The course is part of this learning path
Plan for Office 365 Workload Deployment
Plan Office 365 Applications Deployment
This Planning Office 365 Workloads and Applications course will teach you how to plan for Office 365 workload deployments and hybrid solutions. You will learn how to identify hybrid requirements for Exchange and SharePoint hybrid solutions, and how to plan connectivity and data flow for Office 365 services, including Exchange Online, SharePoint Online, and Teams. You’ll learn how to plan migration strategies for Exchange, SharePoint, and Teams, and how to determine the best strategies.
Later in the course, you will learn how to plan Office 365 application deployments and how to plan application updates. You’ll also learn about the different update channels and when to use each.
- How to plan for Office 365 workload deployments
- How to plan for migrations and hybrid solutions
- How to plan for Office 365 application deployments
- IT professionals who are interested in obtaining an Microsoft 365 certification
- Those tasked with planning Office 365 deployments and migrations
- A decent understanding of Office 365 workloads, including Exchange Online, SharePoint Online, and Teams
A hybrid Exchange deployment provides an organization with the ability to extend the control that it has with its existing on-prem Exchange organization to the cloud. What a hybrid deployment does is provide a seamless look and feel that you would expect of a single Exchange organization between an on-prem Exchange org and Exchange Online. Moreover, a hybrid deployment can, and often does, serve as an intermediate step to migrating completely to Exchange Online.
When considering whether a hybrid deployment is required or not, it's important to note that a hybrid deployment enables quite a few important features that organizations often find necessary. The graphic that you see on your screen provides an overview of these features. The two that I have found that stand out the most are the unified global address list an the free busy calendar sharing.
For organizations that are moving to Exchange Online, the ability to move mailboxes back and forth from on-prem to Exchange Online and vice versa is also critical. That said, I know many admins that really find the centralized management of both Exchange Online and the on-prem Exchange org through one management console to be a huge benefit.
So, as you can see from this list, there really is something for everyone when it comes to Exchange hybrid. Keep these features and benefits in mind when determining if hybrid is the right solution for a given scenario.
Before deploying an Exchange hybrid solution, you need to ensure that the on-prem Exchange organization meets all of the prerequisites for a hybrid solution. If the on-prem environment doesn't meet these requirements you won't be able to run the Hybrid Configuration wizard successfully. As a result you won't be able to configure a hybrid deployment between the on-prem Exchange organization and Exchange Online.
When preparing for a hybrid Exchange deployment, you need to ensure that the on-prem Exchange organization is, at a minium, Exchange 2007. As we'd expect, the version of Exchange that's running in the on-prem org will determine the hybrid deployment version that you can install.
When deploying a hybrid, Microsoft recommends that you configure the newest hybrid deployment version that your organization will support. So, for example, if you're running Exchange 2013 in your organization on-prem, you should configure an Exchange 2019-based hybrid deployment.
The table that you see on your screen highlights the hybrid supportability matrix per Microsoft's recommendations. So, for example, if your on-prem environment is Exchange 2016, an Exchange 2019-based hybrid deployment is supported, as is an Exchange 2016-based hybrid deployment. Hybrid deployments based on Exchange 2013 and 2010 are not supported.
In addition to minium Exchange version requirements, hybrid deployments also require that the latest cumulative update or update rollup that's available for the installed version of Exchange be installed. That said, Microsoft will support the immediately previous cumulative update or rollup if necessary.
For example, if you are currently running Exchange Server 2013 Cumulative Update 17 in your on-prem organization, you'd need to upgrade the Exchange 2013 Servers to at least Cumulative Update 20 before deploying a hybrid solution, because CU 21, or Cumulative Update 21, is the latest and greatest cumulative update for Exchange 2013. If you don't, you'll be left with an unsupported hybrid configuration.
As far as sever roles go, the server roles that need to be installed in the on-prem organization depend on the version of Exchange that you have running. For Exchange 2010, you'll need at least one server with the Mailbox, Hub Transport, and Client Access Server roles installed. If you're running Exchange 2013 on-prem, there needs to be at least one server with the Mailbox and Client Access Server roles installed. In organizations running Exchange Server 2016 and later, there needs to be at least one server running the Mailbox Server role.
Although hybrid deployments offer support for Exchange servers that are running the Edge Transport server role, Edge Transport servers are not a requirement for hybrid.
All Office 365 plans that support Azure AD synchronizations also support hybrid Exchange deployments. These plans include Office 365 Business Premium, Business Essentials, Enterprise, Government, Academic, and Midsize plans. However, Office 365 Business and Home plans do not support hybrid deployments.
When deploying a hybrid, you need to register any custom domains you'll be using in the hybrid deployment with Office 365.
To sync the on-prem organization's users to 365, you'll need to deploy the Azure AD Connect tool in the on-prem environment.
Before deploying a hybrid solution, you need to ensure that the existing Autodiscover public DNS records for any existing SMTP domains are pointed to an on-prem Exchange 2010 or 2013 Client Access Server or to an Exchange 2016 or 2019 Mailbox Server.
In order to manage both the on-prem and Exchange Online organizations from the same pane of glass, you need to connect the on-prem Exchange Admin Center, or EAC, to the Office 365 organization. You'll need to do this using your Office 365 administrator credentials before running the Hybrid Configuration wizard.
When planning a hybrid solution, you can't overlook certificates. To prepare for a hybrid deployment, ensure that a valid third-party trusted certificate is installed on all Exchange servers and properly assigned to Exchange services. This is because self-signed certificates can't be used for Exchange services in a hybrid deployment.
Additionally, the IIS instance on Exchange servers that will be configured in the hybrid deployment will need a valid certificate purchased from a trusted CA. The Exchange Web Services external URL, or EWS external URL, as well as the Autodiscover endpoints that are specified in the public DNS for the on-prem environment must be listed in the Subject Alternative Name, or SAN, of the certificate.
If there's an Edge Transport Server deployed in the on-prem organization, and you plan to configure the Edge Transport server for hybrid secure mail transport, EdgeSync must be configured prior to running the Hybrid Configuration wizard. It's also important to note that you'll need to run EdgeSync each time a new cumulative update or update rollup is installed on the Edge Transport server.
In cases where there are unified messaging-enabled mailboxes on-prem, and you want to move them to Office 365, you'll need to meet the requirements that you see on your screen before you move any UM-enabled mailboxes to Office 365.
I should mention that you can map multiple on-prem UM mailbox policies to a single UM mailbox policy in Exchange Online. To do so, you'd need to use the Exchange Management Shell and manually map each on-prem UM mailbox policy to a matching Exchange Online policy.
Office 365 includes an Exchange Online organization as part of the subscription. If you're planning a hybrid Exchange deployment, you'll need to purchase a license for each mailbox that's migrated to, or created in, the Exchange Online organization.
Microsoft Exchange ships with a Hybrid Configuration wizard that streamlines the hybrid deployment process. It's used to configure a hybrid deployment between the on-prem Exchange organization and the Exchange Online organization.
In a hybrid configuration, a trust broker between the on-prem environment and the Exchange Online organization must exist. The Azure Active Directory authentication, or Azure AD, acts as this trust broker.
An on-prem organization that's configuring a hybrid deployment needs to have a federation trust with the Azure AD authentication system. This trust can be created manually as part of configuring federated sharing between the on-prem organization and the Exchange Online organization or as part of the hybrid deployment process, using the Hybrid Configuration wizard.
It's important to note that a federation trust with the Azure AD authentication system for the Office 365 tenant is automatically configured when the Office 365 service account is activated.
So, as you can probably tell, there is quite a bit of interoperability that goes into a hybrid deployment. Properly planning this interoperability and defining requirements is critical to a successful Exchange hybrid deployment.
About the Author
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.