Microsoft 365
Discover Cloudaeris
Exchange Hybrid Configuration Guide: Seamless Coexistence
Enable seamless integration between your on-premises Exchange environment and Exchange Online with our comprehensive hybrid configuration guide. Designed for IT professionals managing complex email infrastructures in transition.
Last Updated:
July 2025
What Is Exchange Hybrid?
An Exchange Hybrid deployment creates a unified messaging environment that spans both on-premises Exchange servers and Exchange Online in Microsoft 365. This configuration enables organizations to maintain mailboxes in both environments while providing users with a seamless experience.
Rather than forcing an abrupt cutover to the cloud, hybrid deployments support gradual transitions while maintaining full functionality. This approach is ideal for organizations with complex email requirements or regulatory needs that necessitate keeping some mailboxes on-premises.
Key Hybrid Benefits
  • Seamless mail flow between environments
  • Shared Global Address List (GAL)
  • Free/busy calendar sharing across platforms
  • Centralized mail routing (optional)
  • Support for staged mailbox migration
Prerequisites Checklist
Before configuring your hybrid environment, ensure you've met all requirements. Missing prerequisites often lead to failed deployments and troubleshooting headaches.
1
Infrastructure Requirements
  • Supported Exchange Server version (2016 or later recommended)
  • Active Microsoft 365 tenant with Exchange Online licenses
  • Public SSL certificate from a trusted provider
  • Properly configured public DNS records (MX, Autodiscover)
  • External IP address and FQDN for hybrid server
2
Account & Permissions
  • Global Administrator access in Microsoft 365
  • Enterprise Administrator and Exchange Organization Administrator on-premises
  • Dedicated hybrid service account with appropriate permissions
3
Networking
  • Port 443 (HTTPS) open inbound from Exchange Online
  • Firewall configured to allow Exchange traffic
  • External access to Autodiscover and Exchange Web Services (EWS)
Step 1: Directory Synchronization
Directory synchronization is the foundation of your hybrid environment. It ensures user accounts, groups, and attributes are consistent across both environments.
Install Entra ID Connect
Deploy Entra ID Connect on a domain-joined server with connectivity to both your on-premises Active Directory and Microsoft 365. This dedicated server should meet Microsoft's minimum hardware requirements.
Configure Hybrid Identity
Choose your authentication method: Password Hash Synchronization (PHS), Pass-through Authentication (PTA), or Federated Identity with ADFS. PHS is recommended for most organizations for its simplicity and security.
Sync AD Objects
Configure synchronization scope and initiate your first directory sync. Verify that user accounts, groups, and contacts appear correctly in Entra ID.
Verify Mail Attributes
Ensure critical attributes like proxyAddresses, mail, and targetAddress are populated correctly for all user objects to prevent mail flow issues.
Step 2: Prepare Exchange Environment
Before running the Hybrid Configuration Wizard, your on-premises Exchange environment needs specific preparation to ensure compatibility with Exchange Online.
01
Update Exchange Servers
Install the latest cumulative updates (CUs) for your Exchange Server version. Older CUs may contain bugs that affect hybrid functionality.
02
Install SSL Certificate
Deploy a valid third-party SSL certificate that includes your mail domain (mail.contoso.com) and Autodiscover domain (autodiscover.contoso.com).
03
Configure DNS Records
Ensure your Autodiscover DNS record points to your on-premises Exchange server. This is critical for client connectivity during and after migration.
04
Test Mail Flow
Verify that internal mail flow functions correctly before introducing hybrid components. Resolve any existing issues with your Exchange organization.
Step 3: Run the Hybrid Configuration Wizard
The Hybrid Configuration Wizard (HCW) automates most of the complex configuration required to establish hybrid functionality between environments.
1
Download and Launch
Access the latest version of the HCW from https://aka.ms/hybridwizard. This ensures you're using the most current version with all bug fixes.
2
Authenticate
Sign in with Microsoft 365 Global Admin credentials when prompted, then connect to your on-premises Exchange organization with appropriate permissions.
3
Select Configuration Options
Choose between Full Hybrid (long-term coexistence) or Minimal Hybrid (migration-focused) based on your organization's needs. Select your preferred mail flow topology.
4
Complete Configuration
Allow the wizard to configure connectors, organization relationships, and mail flow settings. This process typically takes 15-30 minutes to complete.
Full Hybrid vs. Minimal Hybrid
Understanding the differences between hybrid configuration types is crucial for selecting the right approach for your organization's needs and timeline.
Full Hybrid is recommended for organizations planning a gradual migration or permanent coexistence. Minimal Hybrid is best for organizations planning to complete migration within 3-6 months with minimal hybrid functionality needed during transition.
Step 4: Migrate Mailboxes
Once your hybrid configuration is established, you can begin migrating mailboxes between environments. This process can be performed gradually in batches to minimize disruption.
Create Migration Batch
Use Exchange Admin Center (EAC) or PowerShell to create migration batches for moving mailboxes. PowerShell offers more granular control for complex scenarios.
Select Users
Choose which users to migrate in each batch. Consider department, location, or interdependencies when grouping users for migration.
Choose Migration Endpoint
Select the migration endpoint automatically created by the HCW. This endpoint establishes the connection path for mailbox data transfer.
Start and Monitor
Initiate the batch and monitor migration progress through the EAC or with PowerShell commands like Get-MigrationBatch and Get-MigrationUser.
Communicate to Users
Notify users about the migration timing, potential downtime, and any required client reconfiguration. Clear communication reduces support tickets.
Step 5: Validate Hybrid Functionality
After completing the configuration, thorough validation ensures all hybrid features are functioning correctly before relying on the environment for production use.
Critical Test Points
  • Mail flow between cloud and on-premises users in both directions
  • Free/busy calendar lookups across environments
  • Shared Global Address List (GAL) completeness and accuracy
  • Mailbox move functionality with test accounts
  • Autodiscover resolution for clients in both environments
Validation Tools
Use these specialized tools to verify your configuration:
  • Test-HybridConnectivity PowerShell cmdlet
  • Test-Mailflow for mail routing verification
  • Microsoft 365 Admin Center > Hybrid Health dashboard
  • Get-HybridConfiguration to review settings
Best Practices & Common Pitfalls
Post-Deployment Best Practices
Regular Monitoring
Implement proactive monitoring of mail connectors and hybrid health. Regular checks prevent service interruptions.
Keep Exchange Updated
Maintain on-premises Exchange servers with current security updates, even after migrating all mailboxes to support management of cloud objects.
Enable Modern Auth
Configure modern authentication for all Outlook clients to enhance security and prevent authentication issues after migration.
Common Pitfalls to Avoid

Critical Mistakes
  • Skipping directory synchronization before running the HCW
  • Using incorrect or self-signed SSL certificates
  • Misconfigured Autodiscover DNS records
  • Running outdated Exchange Server versions
  • Failing to test mail flow prior to user migrations
  • Modifying connectors manually after HCW configuration
Partner with Cloudaeris for Optimal Microsoft Cloud Management
Successful navigation of the modern IT landscape requires deep expertise across the entire Microsoft Cloud ecosystem. Cloudaeris specializes in empowering organizations to maximize their investment in Microsoft technologies, from comprehensive Intune and device management to robust Azure infrastructure and Microsoft 365 productivity solutions.
With our specialized knowledge, we help you streamline operations, enhance security, and ensure a seamless user experience. We tailor solutions to your unique business needs, providing guidance and implementation support every step of the way. Let us help you unlock the full potential of your Microsoft Cloud environment.
Comprehensive Cloud Solutions
Leverage our expertise across Intune, Azure, Microsoft 365, and more for a unified cloud strategy.
Tailored Strategies
Receive customized guidance and solutions designed to meet your specific business objectives and challenges.
Expert Support
Benefit from our experienced team's continuous support and proactive management for peace of mind.