The easiest deployment of Exchange Online is simply performed by assigning Exchange Online mailbox licenses to users. The service already has all the necessary supporting infrastructure components in place—all that’s missing are users’ mailboxes.

That, however, is not how most organizations adopt Exchange Online. Many organizations have existing on-premises Exchange Server-based organizations. Fortunately, Microsoft provides a native mechanism to help organizations methodically onboard users to the Exchange Online environment. This process, commonly referred to as an Exchange hybrid migration, involves enabling either a new or existing Exchange server with configuration objects to allow data to flow between the on-premises and cloud environments. This hybrid functionality allows for cross-premises free/busy calendar lookups, distribution list membership, mail routing, and even mailbox migration.

Exchange hybrid deployments can range in complexity, depending on the on-premises versions of Exchange in use and what the goals of the deployment are—such as long-term coexistence, quick mailbox migrations, or a more methodical mailbox migration process.

Enabling a hybrid configuration involves selecting Exchange servers that will be used to participate in hybrid mail flow, as endpoints for mailbox migrations, or with both functions. Servers that will be used as hybrid mail flow will be configured to use new Send and Receive Connectors, while those selected for hybrid client access have the Mailbox Replication Service (MRS) proxy service configured.

Note

It’s important to note that hybrid is not actually an Exchange role. While many people refer to the servers that have been assigned roles in a hybrid topology as hybrid servers, they’re still technically just client access, mailbox, and transport servers.

Understanding the prerequisites

An Exchange hybrid configuration can be deployed to any on-premises organization with at least one server running Exchange Server 2010 Service Pack 3 (SP3). An Exchange hybrid configuration is deployed by running the Exchange HCW, entering your credentials, and selecting the appropriate servers, certificates, and other settings as part of the process.

Microsoft generally recommends using the latest Exchange versions that your environment will support and that all servers are running the latest Cumulative Update (CU) or Update Rollup (RU) available. Microsoft supports N-1 updates for all versions of Exchange hybrid.

In addition to the supported Exchange versions, a hybrid deployment has the following requirements:

• Azure Active Directory synchronization
• Domains verified in Microsoft 365 for any custom domains in the on-premises environment that you wish to use with Exchange Online
• Autodiscover records pointed to an on-premises Client Access Server endpoint (Exchange Server 2010/2013) or Exchange Mailbox Server (Exchange Server 2016/2019)
• Third-party trusted certificate configured with the EWS and Autodiscover external domain names as part of the Subject Alternative Name (SAN) name field
• EdgeSync (for organizations that wish to include Exchange Edge Transport servers as part of the Exchange hybrid configuration)
• Appropriate inbound and outbound networking (inbound on port 443, outbound on port 80, and inbound and outbound on port 25 between Exchange server(s) and Exchange Online Protection gateway address ranges)
• You can run the Exchange HCW on any server, as long as you can reach the servers that will be configured as part of the process