Before you create and configure a hybrid deployment using the Hybrid Configuration wizard, your existing on-premises Exchange organization needs to meet certain requirements. If you don't meet these requirements, you won't be able to complete the steps within the Hybrid Configuration wizard and you won't be able to configure a hybrid deployment between your on-premises Exchange organization and Exchange Online.
Prerequisites for hybrid deployment
The following prerequisites are required for configuring a hybrid deployment:
On-premises Exchange organization: The version of Exchange you have installed in your on-premises organization determines the hybrid deployment version you can install. You should typically configure the newest hybrid deployment version that's supported in your organization as described in the following table:
Exchange server releases: Hybrid deployments require the latest Cumulative Update (CU) or Update Rollup (RU) that's available for your version of Exchange. If you can't install the latest update, the immediately previous release is also supported. Exchange CUs are released quarterly, so keeping your Exchange servers up-to-date gives you some additional flexibility if you periodically need extra time to complete upgrades.
Exchange server roles: The server roles you need to install in your on-premises organization depend on the version of Exchange you have installed.
Exchange 2016 and newer: At least one Mailbox server.
Exchange 2013: At least one instance of Mailbox and Client Access server roles installed (separately or on one server; we strongly recommend on one server).
Exchange 2010: At least instance of Mailbox, Hub Transport, and Client Access server roles installed (separately or on one server; we strongly recommend on one server). Hybrid deployments also support Exchange servers running the Edge Transport server role. Edge Transport servers also need to be updated to the latest CU or RU. We strongly recommend that you deploy Edge Transport servers in a perimeter network. You can't deploy Mailbox or Client Access servers in a perimeter network.
Microsoft 365 or Office 365: Hybrid deployments are supported in all Microsoft 365 and Office 365 plans that support Azure Active Directory synchronization. All Microsoft 365 Business Standard, Business Basic, Enterprise, Government, Academic and Midsize plans support hybrid deployments. Microsoft 365 Apps for business and Home plans don't support hybrid deployments. Learn more at Microsoft 365.
Custom domains: Register any custom domains you want to use in your hybrid deployment with Microsoft 365 or Office 365. You can do this by using the Microsoft 365 portal, or by optionally configuring Active Directory Federation Services (AD FS) in your on-premises organization.
Active Directory synchronization: Deploy the Azure Active Directory Connect tool to enable Active Directory synchronization with your on-premises organization.
Autodiscover DNS records: Configure the Autodiscover record for your existing SMTP domains in your public DNS to point to your on-premises Exchange servers (an Exchange 2010/2013 Client Access server or an Exchange 2016/2019 Mailbox Server).
Microsoft 365 or Office 365 organization in the Exchange admin center (EAC): The Microsoft 365 or Office 365 organization node is available in your on-premises EAC, but you need to use your Microsoft 365 or Office 365 admin credentials to connect the EAC to your Microsoft 365 or Office 365 organization before you can use the Hybrid Configuration wizard. This also allows you to manage both the on-premises and Exchange Online organizations from a single management console.
Certificates: Assign Exchange services to a valid digital certificate that you purchased from a trusted public certificate authority (CA). Although you should use self-signed certificates for the on-premises federation trust with the Microsoft Federation Gateway, you can't use self-signed certificates for Exchange services in a hybrid deployment. The Internet Information Services (IIS) instance on the Exchange servers that are configured in the hybrid deployment require a valid digital certificate purchased from a trusted CA. The EWS external URL and the Autodiscover endpoint that you specified in your public DNS must be listed in the Subject Alternative Name (SAN) field of the certificate. The certificates that you install on the Exchange servers for mail flow in the hybrid deployment must all be issued by the same certificate authority and have the same subject.
EdgeSync: If you've deployed Edge Transport servers in your on-premises organization and want to configure the Edge Transport servers for hybrid secure mail transport, you need configure EdgeSync prior to using the Hybrid Configuration wizard. You also need to run EdgeSync each time you apply a new CU to an Edge Transport server. Important Although EdgeSync is a requirement in deployments with Edge Transport servers, additional configuration settings are required when you configure Edge Transport servers for hybrid secure mail transport. Learn more at Edge Transport servers with hybrid deployments.
Microsoft .NET Framework: 4.6.2 or later is required to install Hybrid Configuration Wizard.
Hybrid deployment protocols, ports, and endpoints
Comments