Configuring Exchange for hybrid configuration

Prerequisite:

• Exchange Server installed
• Active Directory associated with the server

Hoping we have the Exchange Server installed, we would check a few basic configurations. For my test environment, I have Exchange Server 2013 installed on my Windows Server 2019.

To access the EAC, we would go to http://localhost/ecp on a browser (http is used here explicitly as if it would try to fetch through https, it would give us certificate error):

Once signed in with Admin credentials navigate to Servers > Virtual Directories and note the ECP, OWA internal URLs; we can use them instead of localhost/ecp etc. from within your internal network. Notice, there’s no External URL in this case, but in a production environment, the External URL will be the one user use from the internet to log into their on-premise mailbox.

To setup Hybrid environment, go to the Hybrid section in Office365 tab and click Configure:

You’ll see the welcome screen once the Hybrid Configuration Wizard (HCW) is downloaded and opened:
If prompted, sign into Global Admin account in M365 and install the HCW.

Clicking next will detect the Exchange On-premise server and select the M365 Exchange Environment according to the organization. I’ll be selecting it as O365 Worldwide.

Sign in with the M365 Admin credentials on the next screen

If successfully logged in, you should see the following screen. Hit next:

You should be seeing the following screen if all goes well:

We would be doing a full hybrid configuration and hit next:

We might encounter that there were no shared domain names. If that happens, all we need to do is add the domain to the accepted domains in the EAC on-premise >  Mail Flow > Accepted Domains

Add the custom domain and set it to Internal Relay.

If the domain was already added, we should see the following screen where we would select the Modern Hybrid Topology:

We might see the next screen where it would mention that there are no External URL configured on the EWS. We can add the same internal URL as the external from EAC on-prem > Server > Virtual Directories > EWS

Provide an on-premises credential used for EWS migration functionality:

This will setup the Hybrid Agent and if prompted, provide Global Admin credentials, and hit next

We would select the 1^st option and configure Client Access and Mailbox servers (we’re not conifuring Edge Transport servers). We would also not enable centralized mail transport (we’d see if we clicked Advanced options):

Select the server from the drop down for send and receive connector:

The next step would be to choose a certificate for secure mail transport. We would be selecting a self-signed certificate, but an organization would have a certificate from a trusted CA (certificate authority) to authenticate the secure mail transport between the on-premises Microsoft Exchange and Exchange Online organizations.

Select a Fully Qualified Domain Name (FQDN) for the on-premises organization:

Next screen would confirm that everything went well and is ready to finish setting up the hybrid configuration settings. There would be several PS cmdlets being executed in the background to create connectors and setup the transport.

You might see a warning for the certificate and would show the end screen that the configuration finished successfully.

To cross-check, we can run the Get-HybridConifguration command on the EMS:

We would see 2 new connectors in M365 EXO as follows:

And in on-premises Exchange, we will have send connector to Office 365:

The HCW will also add the domain.mail.onmicrosoft.com domain in On-premises Exchange as well as O365. This is the common address space between these two organizations and is referred to as the Remote Routing Address.

The setup is complete and the mail flow should be good, however, as we do not have any static public IP address for our server (or 3^rd part certificates), we would not be able to send emails to the internet. We still would be able to send emails internal to the network, meaning, mailboxes within the server which does not require to leave to the internet. For tests, we can send emails from one mailbox to another.

Next, try creating mailboxes and check the mail flow. 😊