exchange hybrid deployment€¦ · from an existing exchange 2007 or 2010 environment—no edge...

Exchange Hybrid Deployment Scott Schnoll Senior PM Microsoft Corp

Agenda

Office 365 Hybrid Scenarios

Exchange Hybrid Fundamentals

Exchange Hybrid Deployment

Managing Exchange Hybrid

Mailbox Migration

Hybrid Configuration Diagnostic

Why Exchange Hybrid

Office 365

Exchange

on-premises

MRS

Calendaring

amp FreeBusy

Messaging

Address

Book

On Prem Office 365


Exchange Online

SharePoint Online

Skype for Business

Exchange Hybrid

SharePoint Hybrid

SfB Hybrid

OAuth

OAuth

Exchange Hybrid Scenario

On-premises Exchange organization

Existing Exchange environment

(Exchange 2007 or later)

Office 365 Active

Directory synchronization

Exchange 2013

client access amp

mailbox server

Office 365 User contacts amp groups via Azure AD Sync

Secure mail flow

Mailbox data via Mailbox Replication Service (MRS)

Sharing (freebusy Mail Tips archive etc)

Begin with the Exchange Deployment Assistant httpakamsexdeploy

Validate existing environment is in a standard and supported configuration

Primary namespace(s) MUST point to the latest installed version of Exchange

Planning

You should use standard sizing guidance

Migration Traffic is more taxing than the rest

Planning

From an existing Exchange 2007 or 2010 environmentmdashno Edge Transport server

Exchange 2013 hybrid deployment

autodiscovercontosocom

mailcontosocom

Exchange

20102007

Exchange

20102007

Exchange 20102007

Exchange 2013

Exchange 2013

Exchange 20102007

Intranet site

SP3UR8 or SP3UR15 SP3UR8 or SP3UR15

Internet-facing site

1 Prepare Install Exchange updates on all legacy servers

Prepare Active Directory with Exchange 2013 schema

2 Deploy Exchange 2013 Install both roles

Configure and enable the Mailbox Replication Service

3 Obtain and deploy Certificates Obtain and deploy certificates on Exchange 2013 CAS

4 Publish protocols externally Create public DNS A records for the EWS and SMTP

endpoints

Validate using Remote Connectivity Analyzer

5 Switch Autodiscover namespace to

Exchange 2013

6 Run the Hybrid Configuration Wizard

7 Move mailboxes

EWS SMTP

Exchange Hybrid Wizard History

Exchange 2013

SP1

Multiple exchange

organizations now

supported

Supports Exchange

2013 Edge

Thousands of tenants and millions of mailboxes in

Office 365 using Exchange Hybrid

Hybrid Configuration Wizard

Exchange Online

Org

On-Premises Exchange Organization

Hybrid

Configuration

Engine

Desired state

Inte

rn

et

Exchange

Management

Tools

Organization Level

Configuration Objects

(Exchange Federation Trust

Organization Relationship

Forefront Inbound Connector amp

Forefront Outbound Connector)

Domain Level


(Accepted Domains amp Remote

Domains)

Hybrid

Configuration

Object

Exchange Server Level

Configuration

(Mailbox Replication Service

Proxy Certificate Validation

Exchange Web Service

Virtual Directory Validation amp

Receive Connector)

Domain Level

Configuration

Objects

(Accepted Domains Remote

Domains amp

E-mail Address Policies)

Organization Level




Availability Address Space amp

Send Connector)

1

2 4 5

5

4

Remote

Powershell

Remote

Powershell3

3

The Update-HybridConfiguration cmdlet

triggers the Hybrid Configuration Engine

to start

1

The Hybrid Configuration Engine reads

the ldquodesired staterdquo stored on the

HybridConfiguration Active Directory

object

2

The Hybrid Configuration Engine

connects via Remote PowerShell to both

the on-premises and Exchange Online

organizations

3


discovers topology data and current

configuration from the on-premises

Exchange organization and the Exchange

Online organization

4

Based on the desired state topology data

and current configuration across both the

on-premises Exchange and Exchange

Online organizations the Hybrid

Configuration Engine establishes the

ldquodifferencerdquo and then executes

configuration tasks to establish the

ldquodesired staterdquo

5

Desired state configuration engine

Applies configuration to on-prem and online orgs

Supported Exchange Topologies Exchange 2013 Exchange 2010

Single Forest Model Accounts and Mailboxes in single forest

Resource Forest Model Multiple Account Forests Single Resource Forest

11 relationship between Exchange Organization and single O365 tenant

Exchange 2013 Service Pack 1

Supports multiple Exchange Organizations configured against a single O365 tenant

Multiple forests each containing accounts and Exchange organizations

N1 relationship between Exchange Organization and single O365 tenant

Office

365 Hybrid

Office

365 Hybrid Hybrid

contosocom fabrikamcom contosocom

R R R

Exchange 2013 multi-org hybrid deployment

Office 365 1 Prepare Update each Exchange organization to Service Pack 1

Validate Autodiscover is properly configured and published in

each Exchange organization

Validate public certificates for Exchange org are unique

Create two-way forest trust

2 Configure Mail Flow on-premises Configure SMTP domain sharing as required

Configure mail flow between on-premises organizations

3 Configure Directory Synchronization Configure AAD Sync (FIM) to synchronize mail recipients in each

forest and the Office 365 tenant

4 Run Hybrid Configuration Wizard Prepare Office 365 Tenant

Run the HCW in contosocom and fabrikamcom

Validate mail flow between all entities

5 Configure ADFS or use AAD with password sync Configure ADFS in contosocom

Configure ADFS in fabrikamcom

6 Configure Organization Relationships Configure an Org Relationship between each Org

fabrikamcom

E2013

contosocom

ADFS

AD

fabrikamonmicrosoftcom

fabrikamcom contosocom

E2013

ADFS

AD AAD Sync

(FIM)

Azure AD

Azure AD Auth

O365 Directory

ADFS

Proxy

ADFS

Proxy 1 1

2 2

3 3

3

4 4

5 5

6 6

SMTP

AAD Conn

Two-way Forest Trust

FIM Management Agent

Federated Trust Relationship

SMTPTLS Mail Flow

Federated Authentication


4

DAuth vs OAuth

DAuth OAuth

Uses Microsoft Federation Gateway for Token generation

Organization Relationships

Controls what companies you share information with

Allows for granular control of what features are available (free busy mailtips)

Uses Auth Server in Azure AD (better resiliency and faster in forest communications)

IntraOrgConnectors Configuration

Controls what companies you can share information with

No granular control of feature-set (all or nothing)

Organization

Relationships

Intraorg

Connectors

HCW now includes automated configuration for OAuth

Enables cross-premises discovery searches and cross-premises archive moves

Can be used for much more like freebusy and is used by 21Vianet customers (Greater China region)

Long term authentication approach for future capabilities

Configure OAuth for Hybrid


Configure Button is not available if you are not running at least Exchange 2013 SP1 on all of your Exchange servers

Exchange 2013 pre-SP1 (and 20102007)

Do you really need OAuth


eDiscovery Scenarios and OAuth

eDiscovery scenario Requires

OAuth

Search on-premises and Exchange Online mailboxes in the same eDiscovery search initiated from the Exchange on-premises organization

Yes

Search Exchange on-premises mailboxes that use Exchange Online Archiving for cloud-based archive mailboxes

Yes

Search Exchange Online mailboxes from an eDiscovery search initiated from the Exchange on-premises organization by an administrator or compliance officer

Yes

Search on-premises mailboxes using an eDiscovery search initiated from the Exchange on-premises organization by an administrator or compliance officer

No

Search Exchange Online mailboxes from an eDiscovery search initiated from Exchange Online or the eDiscovery Center in SharePoint Online by an Office 365 tenant administrator or a compliance officer signed in to an Office 365 user account

No

FreeBusy works with OAuth

Not all features work with OAuth

HCW configures both Org Relationship and IntraOrgConnectors

FreeBusy and OAuth

On Premises

On Premises User ldquoBenrdquo

Client Access Server

Microsoft Federation Gateway

Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe

FreeBusy using DAuth

On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe

FreeBusy works through a series of checks

1st we check to see if we can find freebusy locally

2nd (if the mailbox is not local) we check for an IOC

3rd (if there is no IOC) we check for an Organization Relationship

4th we check for an availability address space

FreeBusy using OAuth

1 Office 365 mailbox can access legacy PFs on-premises

2 Office 365 mailbox can access Modern PFs on-premises

3 Exchange 2013 on-premises mailbox can access Modern PFs in Office 365

Hybrid Public Folder Options

Mailbox Version PF Location

2007 On-Premises 2010 On-Premises 2013 On-Premises Exchange Online

Exchange 2007 Yes Yes No No


Exchange 2013 Yes Yes Yes Yes

Exchange Online Yes Yes Yes Yes

Outlook connects to Cloud Mailbox starts by querying autodiscovercontosocom

Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access

Autodiscover responds with the target address for the cloud mailbox Outlook does Autodiscover for target address of Contosomailonmicrosoftcom EXO responds with PFMailbox information obtained by org config or set explicitly on the mailbox ltPublicFolderInformationgt ltSmtpAddressgtPFmailbox1Contosocom ltSmtpAddressgt Outlook performs Autodiscover against PFmailbox1Contosocom Outlook settings are returned including the server name of the PFCAS

When PF access is initiated you then make a connection

DirSync currently does not sync mail-enabled public folder objects in either direction

We recommend customers run the following scripts periodically to sync these objects from on-premises to the cloud directory

Syncing Public Folders

Maintain Exchange Hybrid servers post migration for

Can I Retire Hybrid Servers

All mailbox migration paths are now supported from the Exchange Admin Center through a unified mailbox move wizard

Moves are ldquopulledrdquo from on-premises to the cloud

All move types now support the new ldquobatchrdquo architecture which allows for easier creation and management of multiple moves

As with Exchange 2010 hybrid mailbox moves support off-boarding from the cloud to on-premises

Mailbox Migration

35

Max default Concurrent moves 100 (exceptions can

be made)

Item count is a factor with migration performance

Firewall configuration on the on-premises organization

Network Latency is a Factor

Migration are not considered ldquoUser Expectedrdquo (WLM)

Multiple concurrent moves allows for optimized

migrations

03ndash10 GBhour range per mailbox

Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting

bull We will be collecting HCW logs

bull We will try to determine the issue with a parser to prevent the call

bull We will upload the log to make it available to Support

bull We will be adding more checks

bull We will be using this data to do some extra analytics in the service side to

better warn customers of configuration issue

If Failed Solution

There are certificates installed in your Exchange Hybrid environment which are missing the subject

name

httpgomicrosoftcomlinkid=9846727

You need to fix your obsolete Active Directory Domain Services Federation Objects httpgomicrosoftcomlinkid=9846726

Your existing Exchange 2007 servers are not part of the Exchange Trusted Subsystems group httpgomicrosoftcomlinkid=9846728

You need to install Exchange 2010 sp3 RU3 or later httpgomicrosoftcomlinkid=9846729

In order to upgrade your Hybrid environment from Exchange 2010 to Exchange 2013 you need to

rename your existing Organization Relationship


Your Exchange Server 2013 needs to be running a version of CU6 or later we recommend the latest

version available


Some manual configurations are needed to allow Legacy Free Busy to work as expected httpgomicrosoftcomlinkid=9846732

Microsoft Exchange Service Host is not running httpgomicrosoftcomlinkid=9846733

Please run the Exchange Hybrid Configuration Wizard on a server which has the CAS role installed httpgomicrosoftcomlinkid=9846734

You need to upgrade your legacy email address policy httpgomicrosoftcomlinkid=9846735

You need to address the issues found with the TLS certificate If running Exchange Server 2010 youll

need to acquire a certificate with a name that has less than 256 characters If running Exchange Server

2013 please install the latest cumulative update


httpakamshcwcheck

Your feedback is important

Scan the QR Code and let us know via the TechDays App

Laat ons weten wat u van de sessie vindt via de TechDays App

Scan de QR Code

Bent u al lid van de Microsoft Virtual Academy Op MVA kunt u altijd iets nieuws leren over de laatste technologie van Microsoft Meld u vandaag aan op de MVA Stand MVA biedt 724 gratis online training on-demand voor IT-Professionals en Ontwikkelaars

Agenda


Exchange Hybrid Fundamentals

Exchange Hybrid Deployment

Managing Exchange Hybrid

Mailbox Migration

Hybrid Configuration Diagnostic

Why Exchange Hybrid

Office 365

Exchange

on-premises

MRS

Calendaring

amp FreeBusy

Messaging

Address

Book

On Prem Office 365


Exchange Online

SharePoint Online

Skype for Business

Exchange Hybrid

SharePoint Hybrid

SfB Hybrid

OAuth

OAuth





Office 365 Active


Exchange 2013

client access amp

mailbox server


Secure mail flow






Planning



Planning




mailcontosocom

Exchange

20102007

Exchange

20102007

Exchange 20102007

Exchange 2013

Exchange 2013

Exchange 20102007

Intranet site









endpoints



Exchange 2013


7 Move mailboxes

EWS SMTP


Exchange 2013

SP1

Multiple exchange

organizations now

supported

Supports Exchange

2013 Edge




Exchange Online

Org


Hybrid

Configuration

Engine

Desired state

Inte

rn

et

Exchange

Management

Tools

Organization Level






Domain Level



Domains)

Hybrid

Configuration

Object


Configuration





Receive Connector)

Domain Level

Configuration

Objects


Domains amp


Organization Level





Send Connector)

1

2 4 5

5

4

Remote

Powershell

Remote

Powershell3

3



to start

1




object

2




organizations

3





Online organization

4









5











Office

365 Hybrid

Office

365 Hybrid Hybrid


R R R

















fabrikamcom

E2013

contosocom

ADFS

AD



E2013

ADFS

AD AAD Sync

(FIM)

Azure AD

Azure AD Auth

O365 Directory

ADFS

Proxy

ADFS

Proxy 1 1

2 2

3 3

3

4 4

5 5

6 6

SMTP

AAD Conn




SMTPTLS Mail Flow



4

DAuth vs OAuth

DAuth OAuth









Organization

Relationships

Intraorg

Connectors













OAuth


Yes


Yes


Yes


No


No




FreeBusy and OAuth

On Premises




Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code


Why Exchange Hybrid

Office 365

Exchange

on-premises

MRS

Calendaring

amp FreeBusy

Messaging

Address

Book

On Prem Office 365


Exchange Online

SharePoint Online

Skype for Business

Exchange Hybrid

SharePoint Hybrid

SfB Hybrid

OAuth

OAuth





Office 365 Active


Exchange 2013

client access amp

mailbox server


Secure mail flow






Planning



Planning




mailcontosocom

Exchange

20102007

Exchange

20102007

Exchange 20102007

Exchange 2013

Exchange 2013

Exchange 20102007

Intranet site









endpoints



Exchange 2013


7 Move mailboxes

EWS SMTP


Exchange 2013

SP1

Multiple exchange

organizations now

supported

Supports Exchange

2013 Edge




Exchange Online

Org


Hybrid

Configuration

Engine

Desired state

Inte

rn

et

Exchange

Management

Tools

Organization Level






Domain Level



Domains)

Hybrid

Configuration

Object


Configuration





Receive Connector)

Domain Level

Configuration

Objects


Domains amp


Organization Level





Send Connector)

1

2 4 5

5

4

Remote

Powershell

Remote

Powershell3

3



to start

1




object

2




organizations

3





Online organization

4









5











Office

365 Hybrid

Office

365 Hybrid Hybrid


R R R

















fabrikamcom

E2013

contosocom

ADFS

AD



E2013

ADFS

AD AAD Sync

(FIM)

Azure AD

Azure AD Auth

O365 Directory

ADFS

Proxy

ADFS

Proxy 1 1

2 2

3 3

3

4 4

5 5

6 6

SMTP

AAD Conn




SMTPTLS Mail Flow



4

DAuth vs OAuth

DAuth OAuth









Organization

Relationships

Intraorg

Connectors













OAuth


Yes


Yes


Yes


No


No




FreeBusy and OAuth

On Premises




Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code


On Prem Office 365


Exchange Online

SharePoint Online

Skype for Business

Exchange Hybrid

SharePoint Hybrid

SfB Hybrid

OAuth

OAuth





Office 365 Active


Exchange 2013

client access amp

mailbox server


Secure mail flow






Planning



Planning




mailcontosocom

Exchange

20102007

Exchange

20102007

Exchange 20102007

Exchange 2013

Exchange 2013

Exchange 20102007

Intranet site









endpoints



Exchange 2013


7 Move mailboxes

EWS SMTP


Exchange 2013

SP1

Multiple exchange

organizations now

supported

Supports Exchange

2013 Edge




Exchange Online

Org


Hybrid

Configuration

Engine

Desired state

Inte

rn

et

Exchange

Management

Tools

Organization Level






Domain Level



Domains)

Hybrid

Configuration

Object


Configuration





Receive Connector)

Domain Level

Configuration

Objects


Domains amp


Organization Level





Send Connector)

1

2 4 5

5

4

Remote

Powershell

Remote

Powershell3

3



to start

1




object

2




organizations

3





Online organization

4









5











Office

365 Hybrid

Office

365 Hybrid Hybrid


R R R

















fabrikamcom

E2013

contosocom

ADFS

AD



E2013

ADFS

AD AAD Sync

(FIM)

Azure AD

Azure AD Auth

O365 Directory

ADFS

Proxy

ADFS

Proxy 1 1

2 2

3 3

3

4 4

5 5

6 6

SMTP

AAD Conn




SMTPTLS Mail Flow



4

DAuth vs OAuth

DAuth OAuth









Organization

Relationships

Intraorg

Connectors













OAuth


Yes


Yes


Yes


No


No




FreeBusy and OAuth

On Premises




Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code






Office 365 Active


Exchange 2013

client access amp

mailbox server


Secure mail flow






Planning



Planning




mailcontosocom

Exchange

20102007

Exchange

20102007

Exchange 20102007

Exchange 2013

Exchange 2013

Exchange 20102007

Intranet site









endpoints



Exchange 2013


7 Move mailboxes

EWS SMTP


Exchange 2013

SP1

Multiple exchange

organizations now

supported

Supports Exchange

2013 Edge




Exchange Online

Org


Hybrid

Configuration

Engine

Desired state

Inte

rn

et

Exchange

Management

Tools

Organization Level






Domain Level



Domains)

Hybrid

Configuration

Object


Configuration





Receive Connector)

Domain Level

Configuration

Objects


Domains amp


Organization Level





Send Connector)

1

2 4 5

5

4

Remote

Powershell

Remote

Powershell3

3



to start

1




object

2




organizations

3





Online organization

4









5











Office

365 Hybrid

Office

365 Hybrid Hybrid


R R R

















fabrikamcom

E2013

contosocom

ADFS

AD



E2013

ADFS

AD AAD Sync

(FIM)

Azure AD

Azure AD Auth

O365 Directory

ADFS

Proxy

ADFS

Proxy 1 1

2 2

3 3

3

4 4

5 5

6 6

SMTP

AAD Conn




SMTPTLS Mail Flow



4

DAuth vs OAuth

DAuth OAuth









Organization

Relationships

Intraorg

Connectors













OAuth


Yes


Yes


Yes


No


No




FreeBusy and OAuth

On Premises




Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code





Planning



Planning




mailcontosocom

Exchange

20102007

Exchange

20102007

Exchange 20102007

Exchange 2013

Exchange 2013

Exchange 20102007

Intranet site









endpoints



Exchange 2013


7 Move mailboxes

EWS SMTP


Exchange 2013

SP1

Multiple exchange

organizations now

supported

Supports Exchange

2013 Edge




Exchange Online

Org


Hybrid

Configuration

Engine

Desired state

Inte

rn

et

Exchange

Management

Tools

Organization Level






Domain Level



Domains)

Hybrid

Configuration

Object


Configuration





Receive Connector)

Domain Level

Configuration

Objects


Domains amp


Organization Level





Send Connector)

1

2 4 5

5

4

Remote

Powershell

Remote

Powershell3

3



to start

1




object

2




organizations

3





Online organization

4









5











Office

365 Hybrid

Office

365 Hybrid Hybrid


R R R

















fabrikamcom

E2013

contosocom

ADFS

AD



E2013

ADFS

AD AAD Sync

(FIM)

Azure AD

Azure AD Auth

O365 Directory

ADFS

Proxy

ADFS

Proxy 1 1

2 2

3 3

3

4 4

5 5

6 6

SMTP

AAD Conn




SMTPTLS Mail Flow



4

DAuth vs OAuth

DAuth OAuth









Organization

Relationships

Intraorg

Connectors













OAuth


Yes


Yes


Yes


No


No




FreeBusy and OAuth

On Premises




Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code




Planning




mailcontosocom

Exchange

20102007

Exchange

20102007

Exchange 20102007

Exchange 2013

Exchange 2013

Exchange 20102007

Intranet site









endpoints



Exchange 2013


7 Move mailboxes

EWS SMTP


Exchange 2013

SP1

Multiple exchange

organizations now

supported

Supports Exchange

2013 Edge




Exchange Online

Org


Hybrid

Configuration

Engine

Desired state

Inte

rn

et

Exchange

Management

Tools

Organization Level






Domain Level



Domains)

Hybrid

Configuration

Object


Configuration





Receive Connector)

Domain Level

Configuration

Objects


Domains amp


Organization Level





Send Connector)

1

2 4 5

5

4

Remote

Powershell

Remote

Powershell3

3



to start

1




object

2




organizations

3





Online organization

4









5











Office

365 Hybrid

Office

365 Hybrid Hybrid


R R R

















fabrikamcom

E2013

contosocom

ADFS

AD



E2013

ADFS

AD AAD Sync

(FIM)

Azure AD

Azure AD Auth

O365 Directory

ADFS

Proxy

ADFS

Proxy 1 1

2 2

3 3

3

4 4

5 5

6 6

SMTP

AAD Conn




SMTPTLS Mail Flow



4

DAuth vs OAuth

DAuth OAuth









Organization

Relationships

Intraorg

Connectors













OAuth


Yes


Yes


Yes


No


No




FreeBusy and OAuth

On Premises




Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code





mailcontosocom

Exchange

20102007

Exchange

20102007

Exchange 20102007

Exchange 2013

Exchange 2013

Exchange 20102007

Intranet site









endpoints



Exchange 2013


7 Move mailboxes

EWS SMTP


Exchange 2013

SP1

Multiple exchange

organizations now

supported

Supports Exchange

2013 Edge




Exchange Online

Org


Hybrid

Configuration

Engine

Desired state

Inte

rn

et

Exchange

Management

Tools

Organization Level






Domain Level



Domains)

Hybrid

Configuration

Object


Configuration





Receive Connector)

Domain Level

Configuration

Objects


Domains amp


Organization Level





Send Connector)

1

2 4 5

5

4

Remote

Powershell

Remote

Powershell3

3



to start

1




object

2




organizations

3





Online organization

4









5











Office

365 Hybrid

Office

365 Hybrid Hybrid


R R R

















fabrikamcom

E2013

contosocom

ADFS

AD



E2013

ADFS

AD AAD Sync

(FIM)

Azure AD

Azure AD Auth

O365 Directory

ADFS

Proxy

ADFS

Proxy 1 1

2 2

3 3

3

4 4

5 5

6 6

SMTP

AAD Conn




SMTPTLS Mail Flow



4

DAuth vs OAuth

DAuth OAuth









Organization

Relationships

Intraorg

Connectors













OAuth


Yes


Yes


Yes


No


No




FreeBusy and OAuth

On Premises




Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code



Exchange 2013

SP1

Multiple exchange

organizations now

supported

Supports Exchange

2013 Edge




Exchange Online

Org


Hybrid

Configuration

Engine

Desired state

Inte

rn

et

Exchange

Management

Tools

Organization Level






Domain Level



Domains)

Hybrid

Configuration

Object


Configuration





Receive Connector)

Domain Level

Configuration

Objects


Domains amp


Organization Level





Send Connector)

1

2 4 5

5

4

Remote

Powershell

Remote

Powershell3

3



to start

1




object

2




organizations

3





Online organization

4









5











Office

365 Hybrid

Office

365 Hybrid Hybrid


R R R

















fabrikamcom

E2013

contosocom

ADFS

AD



E2013

ADFS

AD AAD Sync

(FIM)

Azure AD

Azure AD Auth

O365 Directory

ADFS

Proxy

ADFS

Proxy 1 1

2 2

3 3

3

4 4

5 5

6 6

SMTP

AAD Conn




SMTPTLS Mail Flow



4

DAuth vs OAuth

DAuth OAuth









Organization

Relationships

Intraorg

Connectors













OAuth


Yes


Yes


Yes


No


No




FreeBusy and OAuth

On Premises




Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code



Exchange Online

Org


Hybrid

Configuration

Engine

Desired state

Inte

rn

et

Exchange

Management

Tools

Organization Level






Domain Level



Domains)

Hybrid

Configuration

Object


Configuration





Receive Connector)

Domain Level

Configuration

Objects


Domains amp


Organization Level





Send Connector)

1

2 4 5

5

4

Remote

Powershell

Remote

Powershell3

3



to start

1




object

2




organizations

3





Online organization

4









5











Office

365 Hybrid

Office

365 Hybrid Hybrid


R R R

















fabrikamcom

E2013

contosocom

ADFS

AD



E2013

ADFS

AD AAD Sync

(FIM)

Azure AD

Azure AD Auth

O365 Directory

ADFS

Proxy

ADFS

Proxy 1 1

2 2

3 3

3

4 4

5 5

6 6

SMTP

AAD Conn




SMTPTLS Mail Flow



4

DAuth vs OAuth

DAuth OAuth









Organization

Relationships

Intraorg

Connectors













OAuth


Yes


Yes


Yes


No


No




FreeBusy and OAuth

On Premises




Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code










Office

365 Hybrid

Office

365 Hybrid Hybrid


R R R

















fabrikamcom

E2013

contosocom

ADFS

AD



E2013

ADFS

AD AAD Sync

(FIM)

Azure AD

Azure AD Auth

O365 Directory

ADFS

Proxy

ADFS

Proxy 1 1

2 2

3 3

3

4 4

5 5

6 6

SMTP

AAD Conn




SMTPTLS Mail Flow



4

DAuth vs OAuth

DAuth OAuth









Organization

Relationships

Intraorg

Connectors













OAuth


Yes


Yes


Yes


No


No




FreeBusy and OAuth

On Premises




Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code


















fabrikamcom

E2013

contosocom

ADFS

AD



E2013

ADFS

AD AAD Sync

(FIM)

Azure AD

Azure AD Auth

O365 Directory

ADFS

Proxy

ADFS

Proxy 1 1

2 2

3 3

3

4 4

5 5

6 6

SMTP

AAD Conn




SMTPTLS Mail Flow



4

DAuth vs OAuth

DAuth OAuth









Organization

Relationships

Intraorg

Connectors













OAuth


Yes


Yes


Yes


No


No




FreeBusy and OAuth

On Premises




Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code


DAuth vs OAuth

DAuth OAuth









Organization

Relationships

Intraorg

Connectors













OAuth


Yes


Yes


Yes


No


No




FreeBusy and OAuth

On Premises




Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code














OAuth


Yes


Yes


Yes


No


No




FreeBusy and OAuth

On Premises




Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code





FreeBusy and OAuth

On Premises




Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code


On Premises




Exchange Online

Mailbox Server

Ben requests

freebusy info for

Joe

Joe

Ben

CAS Server passes

the MFG token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code


On Premises




Exchange Online

Mailbox Server

Joe

Ben

Exchange

connects to

the Azure

OAUTH

endpoint

Exchange

Server passes

the token and

requests Joersquos

freebusy on

behalf of Ben

Free

Busy Requ

est From

Ben To

Joe


















Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code













Exchange Online

On-premises

Proxy to PF

server

(running CAS

role)

Auth as user

over Public

MBX auth

Hybrid PF access












Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code











Mailbox Migration

35


be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code



be made)






migrations


Source Side

performance is a

COMMON factor

Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code


Hybrid Automation

New Tool for

Troubleshooting







If Failed Solution


name









version available










httpakamshcwcheck




Scan de QR Code





Scan de QR Code


exchange hybrid deployment€¦ · from an existing exchange 2007 or 2010 environment—no edge...

Documents