Presentation is loading. Please wait.

Presentation is loading. Please wait.

MEC 2014 4/5/2017 7:36 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Similar presentations


Presentation on theme: "MEC 2014 4/5/2017 7:36 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks."— Presentation transcript:

1 MEC 2014 4/5/2017 7:36 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 Exchange hybrid: architecture and deployment
4/5/2017 7:36 PM Exchange hybrid: architecture and deployment Andrew Ehrensing (Architect) Ronil Dhruva (Program Manager) Timothy Heeney (Program Manager) Microsoft Corporation © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Office 365 Migrations Hybrid Fundamentals

4 Migration options Migration Not just migration IMAP migration
Microsoft Exchange 4/5/2017 Migration options Migration IMAP migration Supports wide range of platforms only (no calendar, contacts, or tasks) Cutover Exchange migration Good for fast, cutover migrations No Exchange upgrade required on-premises Staged Exchange migration Optional Identity federation with on-premises directory Not just migration Hybrid deployment Manage users on-premises and online Enables cross-premises calendaring, smooth migration, and easy off-boarding IMAP migration Cutover migration Staged migration Hybrid Exchange 5.5 X Exchange 2000 Exchange 2003 X* Exchange 2007 Exchange 2010 Exchange 2013 Notes/Domino GroupWise Other * Must have Exchange 2010 hybrid server on-premises, cannot use Exchange 2013 Additional options available with tools from migration partners © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 Hybrid overview Federation trust Integrated admin experience
Microsoft Exchange 4/5/2017 Hybrid overview Federation trust Integrated admin experience Native mailbox move Secure mail flow Delegated authentication for on-premises/Office web services Enables free/busy, calendar sharing, message tracking & online archive Online mailbox moves Preserve the Outlook profile and offline folders Leverages the Mailbox Replication Service (MRS) Manage all of your Exchange functions, whether Exchange Online or on-premises from the same place: Exchange Admin Center Authenticated and encrypted mail flow between on-premises and Exchange Online Preserves the internal Exchange messages headers, allowing a seamless end user experience Support for compliance mail flow scenarios (centralized transport) © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6 Hybrid server roles On-premises Exchange organization Office 365
Microsoft Exchange 4/5/2017 Hybrid server roles On-premises Exchange organization Existing Exchange environment (Exchange 2007 or later) Office 365 Active Directory synchronization Exchange 2013 client access & mailbox server Office 365 User, contacts, & groups via dirsync Secure mail flow Mailbox data via Mailbox Replication Service (MRS) Sharing (free/busy, Mail Tips, archive, etc.) © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 Hybrid Deployment

8 Hybrid deployment process
Microsoft Exchange 4/5/2017 Hybrid deployment process Sign up for Office 365 Register your domain s with Office 365 Deploy Windo ws Azure AD Sync with Office 365 Install Exchan ge CAS & MBX Servers (Edge opt) (Assign SSL certificate, firewall rules) Publish the CAS Server Run the Hybrid Wizard General Office 365 deployment tasks Exchange specific deployment tasks (deep dive on next slide) © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Exchange 2013 hybrid deployment
Microsoft Exchange 4/5/2017 Exchange 2013 hybrid deployment From an existing Exchange 2007 or 2010 environment—Edge Transport server Clients autodiscover.contoso.com Office 365 Prepare Install Exchange SP and/or updates across the ORG Prepare AD with E2013 schema Deploy Exchange 2013 servers Install both E2013 MBX and CAS servers Configure Legacy namespace for 2007 (2007/2013) Install E2010 or E2013 SP1 EDGE servers Set an ExternalUrl & enable MRSProxy on the Exchange Web Services vDir Obtain and deploy certificates Obtain and deploy certificates on E2013 CAS servers & E2010 EDGE servers Publish protocols externally Create public DNS A records for the EWS and SMTP endpoints Validate using Remote Connectivity Analyzer Switch Autodiscover namespace to E2013 CAS Change the public Autodiscover DNS record to resolve to E2013 CAS Run the Hybrid Configuration Wizard Move mailboxes mail.contoso.com 5 5 EWS SMTP 1 1 4 4 E2013 CAS E2013 MBX E2010 or E2013 EDGE 2 2 E2010 or 2007 Hub E2010 or 2007 CAS Exchange 2010 or 2007 Servers 3 3 SP3/RU10 SP3/RU10 6 6 7 E2010 or 2007 MBX Intranet site Internet-facing site © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Exchange 2013 hybrid support
Microsoft Exchange 4/5/2017 Exchange 2013 hybrid support Exchange Server 2010 SP3-based hybrid will be compatible with all Office 365 tenants Exchange Server 2010 SP3-based hybrid deployments will continue to support Exchange 2003 coexistence with all Office 365 tenants Exchange Server 2013-based hybrid is recommended for all new deployments (unless you are migrating from Exchange 2003) Exchange 2013 SP1 introduces new hybrid functionality not available in Exchange 2010 SP3 hybrid © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 Hybrid Fundamentals

12 4/5/2017 Hybrid wizard history 1 2 3 4 1 Exchange 2010 SP1 60+ pages of documentation Exchange 2010 SP2 HCW introduced Exchange 2013 HCW with web-based UI Exchange 2013 SP1 2 Extremely complex and low adoption Removed confusing requirements for additional domains: exchangedelegation and service.contoso.com Greatly simplified transport configuration Multiple exchange organizations now supported Supports Exchange 2013 Edge 3 4 Thousands of tenants and millions of mailboxes in Office 365 using Exchange Hybrid © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13 Hybrid Configuration Engine
Microsoft Exchange Hybrid Configuration Engine 4/5/2017 On-Premises Exchange Exchange Online Step 1 The Update-HybridConfiguration cmdlet triggers the Hybrid Configuration Engine to start. Exchange Server Level Configuration (Mailbox Replication Service Proxy, Certificate Validation, Exchange Web Service Virtual Directory Validation, & Receive Connector) Domain Level Configuration Objects (Accepted Domains, Remote Domains, & Address Policies) Organization Level Configuration Objects (Exchange Federation Trust, Organization Relationship, Availability Address Space, & Send Connector) Organization Level Configuration Objects (Exchange Federation Trust, Organization Relationship, Forefront Inbound Connector, & Forefront Outbound Connector) Domain Level Configuration Objects (Accepted Domains & Remote Domains) Step 2 The Hybrid Configuration Engine reads the “desired state” stored on the HybridConfiguration Active Directory object. Step 3 The Hybrid Configuration Engine connects via Remote PowerShell to both the on-premises and Exchange Online organizations. Internet Step 4 The Hybrid Configuration Engine discovers topology data and current configuration from the on-premises Exchange organization and the Exchange Online organization. 4 5 Remote Powershell 3 Hybrid Configuration Object 2 5 Hybrid Configuration Engine Desired state Topology & current configuration state Execute configuration tasks Remote Powershell 3 Step 5 Based on the desired state, topology data, and current configuration, across both the on-premises Exchange and Exchange Online organizations, the Hybrid Configuration Engine establishes the “difference” and then executes configuration tasks to establish the “desired state.” Exchange Management Tools 1 4 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 Hybrid Configuration Wizard Video
4/5/2017 7:36 PM Hybrid Configuration Wizard Video © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Microsoft Exchange 4/5/2017 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Feedback…Answered Get-Federation Information fallback logic
4/5/2017 Feedback…Answered Get-Federation Information fallback logic If the on-premises Autodiscover endpoint is not published properly when the wizard executes, it will warn not fail. Autodiscover domain You can now specify which domain is used for the federated Autodiscover query. Set-HybridConfiguration -Domains "contoso.com, fabrikam.com, autod:nwtraders.com" address policy protection measures New “UpdateSecondaryAddressesOnly” parameter added to Update- AddressPolicy. Protects customers that have manually edited their directory. Only missing proxies will be added. No addresses will be changed/removed. Note: This is still a very bad state to be in. Hybrid Product Key Availability You can now obtain a FREE Exchange 2013 or 2010 Hybrid Edition product key without the dreaded call to support. You can simply go to © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Hybrid logging improvements
4/5/2017 Hybrid logging improvements On-premises hybrid configuration object is logged PowerShell session for individual cmdlets calls is logged Log Location: <Install Path\Logging\Update-HybridConfiguration> © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Hybrid Product Key (http://aka.ms/hybridkey)
4/5/2017 Hybrid Product Key (http://aka.ms/hybridkey) You get a free Hybrid Edition key if… You have an existing, non-trial, Office 365 Enterprise subscription You currently do not have a licensed Exchange 2013 or Exchange 2010 SP3 server in your on-premises organization. You will not host any on-premises mailboxes on the Exchange 2013 or Exchange 2010 SP3 server on which you apply the Hybrid Edition product key. Short Link: KB Link: For IE 11 only: others will get the link to the KB © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19 Multiple Org Exchange Hybrid Support

20 Topologies Supported Office 365 Office 365 Exchange 2013 RTM
Microsoft Exchange 4/5/2017 Topologies Supported Exchange 2013 RTM Single Forest Model: Accounts and Mailboxes in single forest Resource Forest Model: Multiple Account Forests, Single Resource Forest 1:1 relationship between Exchange Organization and single O365 tenant Exchange 2013 Service Pack 1 Supports multiple Exchange Organizations configured against a single O365 tenant Multiple forests, each containing accounts and Exchange organizations Multi-Org Hybrid Support N:1 relationship between Exchange Organization and single O365 tenant Office 365 Office 365 Hybrid Hybrid Hybrid contoso.com contoso.com fabrikam.com © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21 End state FIM Tenant Name: contoso.onmicrosoft.com
Microsoft Exchange 4/5/2017 End state Tenant Name: contoso.onmicrosoft.com Coexistence Name: contoso.mail.onmicrosoft.com Not Configured by Hybrid Configuration Wizard FIM AD Connector AD Connector Org Relationship (F/B, Sharing) SMTP Mail Flow (TLS connectors) Forest: contoso.com Authoritative for contoso.com Forest: fabrikam.com Authoritative for fabrikam.com Shares: contoso.com © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Multi-org hybrid deployment requirements The golden rules
Microsoft Exchange 4/5/2017 Multi-org hybrid deployment requirements The golden rules Each Exchange Organization must be authoritative for at least one SMTP namespace and the corresponding Autodiscover namespace If there are shared domains across multiple Exchange organizations, then both mail routing and Autodiscover needs to be configured and working properly between the Exchange orgs before you start Office 365 must be able to query Autodiscover in each Exchange Organization Exchange 2013 Service Pack 1 Hybrid is required in each Exchange organization No code changes have been made since Exchange 2013 RTM CU3, but we are announcing publicly with SP1. Requires Exchange 2007 or later in the on-prem org Free/busy is NOT transitive. Org relationships between on-prem orgs is NOT configured via HCW A different public certificate must be used for TLS negotiation in each on-prem Exchange Organization © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 Autodiscover – Single Org
Microsoft Exchange 4/5/2017 Autodiscover – Single Org MX contoso.com = ForestA autodiscover.contoso.com = ForestA CAS 1 1.) What is the AutoD endpoint for 2.) Send AutoD request to DNS FQDN 3.) Client authenticates, CAS returns profile data in XML format 2 3 contoso.com © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Autodiscover – Two Orgs
Microsoft Exchange 4/5/2017 Autodiscover – Two Orgs MX contoso.com = ForestA autodiscover.contoso.com = ForestA CAS autodiscover.fabrikam.com = ForestB CAS Office 365 1 1.) What is the AutoD endpoint for 2.) Send AutoD request to DNS FQDN for contoso.com 3.) Redirect AutoD request to DNS FQDN for fabrikam.com 4.) What is the AutoD endpoint for 5.) Send AutoD request to DNS FQDN for fabrikam.com 6.) Client authenticates, CAS returns profile data in XML format 4 Public DNS 6 2 3 5 Share: contoso.com Owns: fabrikam.com Owns: contoso.com Yann Primary: TargetAddress: Yann Primary: Proxy: Forest A Forest B © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 Autodiscover Summary Office 365 associates each Hybrid Configuration (and corresponding SMTP/AutoD namespace with a single on-prem Exchange Org Each Exchange organization must have a unique DNS domain for mail flow and Autodiscover must be published properly The Autodiscover record for each domain must resolve to an Exchange CAS in the Exchange organization that is authoritative for that SMTP namespace For each mailbox in Forest A, a corresponding mailuser object must exist in each additional Exchange forest with the targetAddress property configured to the SMTP address in Forest A. Note – this can be done manually, however Microsoft strongly recommends that this be automated via a provisioning solution such as FIM

26 Exchange 2013 multi-org hybrid deployment
Microsoft Exchange 4/5/2017 Exchange 2013 multi-org hybrid deployment FIM Management Agent Federated Trust Relationship SMTP/TLS Mail Flow Federated Authentication Organization Relationship AAD Conn Office 365 Azure AD Prepare Update each Exchange organization to Service Pack 1 Validate AutoDiscover is properly configured and published in each Exchange organization Validate public certificates for Exchange org are unique Create 2 way forest trust Configure Mail Flow on-prem Configure SMTP domain sharing as required Configure mail flow between on-prem organizations Configure Directory Synchronization Configure FIM + AAD Connector to synchronize mail recipients in each forest and the Office 365 tenant Run Hybrid Configuration Wizard Prepare Office 365 Tenant Run the HCW in contoso.com and fabrikam.com Validate mail flow between all entities Configure ADFS Configure ADFS in contoso.com Configure ADFS in fabrikam.com Configure Organization Relationships Configure an Org Relationship between each Org Azure AD Auth O365 Directory contoso.onmicrosoft.com 3 fabrikam.onmicrosoft.com contoso.com fabrikam.com 3 3 AD FIM AD 5 5 ADFS ADFS Proxy ADFS Proxy ADFS 1 E2013 E2013 1 4 4 6 6 contoso.com 2 SMTP 2 fabrikam.com 2 way Forest Trust © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 Mail Routing Office 365 does not use MX for outbound mail routing
Microsoft Exchange 4/5/2017 Mail Routing Office 365 does not use MX for outbound mail routing HCW asks for FQDN to deliver mail Do not use DNS domain used for SMTP All mail flow between O365 and on-prem Exchange Org is secured via Exchange send/receive connectors Configured by Hybrid Wizard Must be an Exchange Edge or Exchange Hub endpoint On-prem Exchange mail flow must be configured between all respective Exchange organizations © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Mail Routing Office 365 tenants have two namespaces
Microsoft Exchange 4/5/2017 Mail Routing Office 365 tenants have two namespaces Signup Domain: contoso.onmicrosoft.com Coexistence Domain: contoso.mail.onmicrosoft.com There is a single Coexistence Domain per tenant and is established enabling Dirsync on the O365 portal HCW adds the Coexistence Domain as a proxyAddress Note – Exchange MUST be configured to manage the address policy for this to occur via HCW, if not, this must be stamped in on-prem provisioning logic © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 Common Issues Avoid, Mitigate, Resolve

30 Common Issues – “Ut-O”AUTH and MFG
Microsoft Exchange 4/5/2017 Common Issues – “Ut-O”AUTH and MFG I cannot perform a discovery search on my cloud archive Cause: XTC has been retire and (undocumented) OAuth was the replacement Documented: Resolution: Implement OAuth for hybrid Discovery Searches I cannot see cross-premises Free/Busy? Happy Retirement Consumer MFG!! Cause: Consumer MFG retired on February 25, 2014 Resolution: recreate federation trust and org relationships Documented: © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Common Issues - Prerequisites
Microsoft Exchange 4/5/2017 Common Issues - Prerequisites HCW fails with "Length of the property is too long" Cause: TLS Certificate Name is greater than 256 characters Documented: Resolution: coming soon, for now you need to get a different certificate How do I configure my firewall to allow HCW and migrations to complete? Often, customers need guidance on how to configure their perimeter devices Here is a Wiki on how to configure TMG for hybrid: © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Microsoft Exchange 4/5/2017 Common Issues - IDS “My mailbox moves fail intermittently” “My mailbox move keep starting over” Error: “Mailbox move to the cloud fail with error: Transient error CommunicationErrorTransientException has occurred. The system will retry” Cause: Intrusion Detection Systems can often see migration traffic as an attack Flood mitigation in TMG can cause this as well This Wiki explains how to address the issue: © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 Microsoft Exchange 4/5/2017 Common Issues – HCW “The HCW failed to complete” Cause: Timeout issues are not handles well by the HCW (we are getting better) Running the HCW a second time is often all that is needed… HCW fails with "InvalidUri: Passed URI is not valid“ Cause: There are certain words such as “bank”, profanity, and large org names that are blocked from federating Calling Support is the only option to resolve issue Documented: © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 Common Issues – HCW cont…
Microsoft Exchange 4/5/2017 Common Issues – HCW cont… HCW fails to create Organization Relationship "FederationInformation could not be received" Cause: IIS is missing a handler mapping which causes connection to EWS and AUTOD to fail Errors: Get-Federation Information returns “405 Method Not Allowed” Resolution: from a cmd prompt run “ServiceModelReg.exe –r” Documented: The Hybrid server cannot access the MFG My client cannot connect with Outlook Cause: If you have an outbound proxy, you may be blocking required traffic Resolution: ensure that your server have access to the proper IP and URL Recommendation: If you require an outbound proxy try to use URL filtering instead of IP, it is easier to maintain Documented: There is an EHLO blog on this here © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 Set 2010 externalURL to: `mail.contoso.com
Common Issues – Runtime Exchange Online users cannot see free/busy for on-premises Exchange 2010 user mailboxes (this effects org-to-org as well) Cloud FB request mail.contoso.com Set externalURL to: `mail.contoso.com Layer 4 LB HTTP PROXY Cross site proxy request E2013 CAS E2010 CAS E2013 MBX E2010 MBX Internet facing site Intranet site Resolution:

36 Common Issues – Migration Errors
Microsoft Exchange 4/5/2017 Common Issues – Migration Errors My migration did not complete or disappeared? Cause: Bad password for admin, publishing issues, MRS disabled, etc…. Errors: NONE The error in Wave 14 was the following, but in Wave 15 there isn’t an indication of failure: Resolution: Use the EAC in EXO © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 Common Issues – Migration Errors
Microsoft Exchange 4/5/2017 Common Issues – Migration Errors "Free/Busy information couldn’t be retrieved because the attendee's Mailbox server is busy" Cause: TargetSharingEPR is configured More Information: SOAP request will include the following element: <ext:RequestServerVersion Version="Exchange2012" xmlns:ext="http://schemas.microsoft.com/exchange/services/2006/types" /> When an Exchange 2010 CAS server receives the EWS call, it will throw an HTTP 500 response Autodiscover response will have the following element: <h:ServerVersionInfo MajorVersion="14" MinorVersion="3" MajorBuildNumber="123" MinorBuildNumber="3"   2010 soap: <ext:RequestServerVersion Version="Exchange2009" xmlns:ext="http://schemas.microsoft.com/exchange/services/2006/types" /> Resolution: Fix Autodiscover! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 Common Issues – Runtime
OWA Redirection not working! Issue: Hybrid OWA redirection does not work as expected, this was addressed in CU3 This is not an issue on 2010 hybrid environments

39 Common Issues – Runtime
Missing steps in the HCW From Exchange 2010 sp3 ru2 you will see the domain proof missing Workaround: use Shell Get-FederatedDomainProof This is addressed in Exchange 2010 SP3 RU3 Odd error when adding additional domains From Exchange 2010 SP3 RU2 you will not be able to add additional domains to a federation trust from the UI, you have to use the Shell as a workaround. This has been addressed in Exchange 2010 SP3 RU3

40 Common Issues – Runtime
I cannot see the organization settings in EMC? Cause: Exchange cannot manage “newer version” objects This means 2010 EMC cannot manage org settings for an Exchange 2013-based tenant. Resolution: Use EAC instead for org management Before: After:

41 Summary

42 4/5/2017 Summary Many options to connect or migrate to Office 365 using hybrid deployments Exchange 2013-based hybrid offers many benefits over Exchange 2010-based hybrid – Simplified mail flow, multi-organization support Automated hybrid product key availability – Avoid Issues - Use Exchange Deployment Assistant - © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

43 Related Sessions Session Name Session Type Date Time Speaker
4/5/2017 Related Sessions Session Name Session Type Date Time Speaker MVP Follow up Q & A Today 12:10 PM Us MNG-IN 301 Breakout Wednesday 2:45 PM Vincent Yim DMI 301 8:30 AM Michael Van Horenbeeck PAR 003 Hands on lab 12:00 PM Federic Bourget MNG 301 10:15 AM Warren Johnson © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

44 Questions?

45 Pre-Release Programs Team Be first in line!
Go to the Pre-Release Programs Booth Tell us about your Office 365 environment/or on premises plans Get selected to be in a program Try new features first and give us feedback! Start now at:

46

47 4/5/2017 7:36 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Download ppt "MEC 2014 4/5/2017 7:36 PM © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks."

Similar presentations


Ads by Google