Regulatory or technical barriers often prevent enterprises from a full move to Exchange Online, forcing them instead...
to set up an Exchange hybrid deployment. But this arrangement, in which a mailbox is located either on-premises or in Microsoft's cloud, introduces new features and presents management challenges.
The Hybrid Configuration Wizard (HCW) introduces a few unfamiliar features, including federation trusts and organization relationships. Understanding and properly configuring these features will help admins troubleshoot issues as they arise.
Organization relationships allow Office 365 and on-premises Exchange users to share calendar availability information. An organization with a hybrid deployment could experience cross-platform lookup issues. To troubleshoot this, Microsoft provides an online troubleshooting tool that also provides links to other tools, such as the Remote Connectivity Analyzer, to diagnose hybrid free/busy issues. The troubleshooting site also provides useful diagrams that cover the hybrid free/busy workflow for on-premises environments on Exchange 2003, Exchange 2007 or Exchange 2010.
To implement organization relationship features, Exchange hybrid deployments admins must configure a federation trust between the on-premises environment and Azure Active Directory authentication. Once configured via the HCW, this federation trust uses a self-signed certificate to sign and encrypt delegation tokens. Be aware of the certificate and its purpose to avoid accidental deletion. Ordinarily, the certificate is automatically propagated across on-premises Exchange servers. The administrator can check its status with the Test-FederationTrustCertificate cmdlet.
Importance of on premises in hybrid
To help troubleshoot Exchange hybrid issues quickly and accurately, admins must understand how the autodiscover service operates in a hybrid environment as well as the expected path that autodiscover requests will take. The Exchange Server autodiscover service plays a critical role by determining where mailboxes are located and redirecting requests for migrated users to Office 365. Autodiscover uses the target address attribute on each user account after the user mailbox has been migrated. The Remote Connectivity Analyzer and Outlook's Test Email AutoConfiguration tool can help administrators understand normal operating characteristics and assist with troubleshooting.
A key feature of an Exchange hybrid deployment is the ability to move mailboxes from Office 365 back to the data center. If an organization decides to put even a small number of mailboxes back on premises, it has to be sure the data center can handle the additional load. If the organization decommissioned some elements -- perhaps one or more mailbox servers from a Database Availability Group -- IT must gauge the capacity and performance of the on-premises environment before the migration.
To keep support for an Exchange hybrid deployment, Microsoft requires that the latest or immediately previous cumulative update or update rollup is installed on the on-premises Exchange servers. Review the cumulative update or update rollup release cadence to ensure it meets this requirement. This Microsoft site provides more information about Exchange hybrid deployment prerequisites.
Don't forget public folders
The subject of public folders often comes up in an Exchange hybrid deployment. The organization should decide if its public folders will migrate to Office 365 or remain on premises. For example, administrators who keep Exchange 2007 or Exchange 2010 public folders on the organization's infrastructure must perform several tasks, such as add the Client Access Server role to Exchange 2010 servers that host public folder databases, create public folder proxy mailboxes and run a script daily to synchronize mail-enabled public folders to Office 365.
Protect email servers on Exchange and Office 365