What are your Exchange Hybrid-options?
"There are none. Just go Full Monty."
- undisclosed Exchange consultant
ENow Software's Microsoft Exchange Online blog built by Microsoft MVPs for IT/Sys Admins.
October 13, 2020, is an important date for Microsoft for a variety of reasons. On this date, Microsoft will stop support for their 2010 suite of products like Exchange 2010, SharePoint 2010, Office 2010, etc. In addition, Microsoft will stop basic authentication in Office 365 as outlined in their post Upcoming changes to Exchange Web Services (EWS) API for Office 365 and their follow-up post Basic Auth and Exchange Online – February 2020 Update.
Azure Active Directory Conditional Access has been around since 2016. Conditional Access governs access to cloud resources by evaluating the conditions associated with the sign-in of a user or application accessing a resource. Conditional Access policies allow an admin to stipulate under what conditions certain actions are enabled. I like to think of them as If-then statements. For example: If: “Sign in comes from an untrusted network, accessing any cloud app”, then: “Require another form of authentication (MFA) before granting access to the cloud app”
When it comes to collaboration, Outlook is still the most in common tool. It’s not only an e-mail client, it allows you also managing your appointments, tasks etc.
Especially the manager-delegate scenario, Outlook is THE tool to be used. But even we have great features, supporting our daily work and many scenarios, there are always limits. And these limits can cause a lot of trouble.
In almost all cases you can avoid these issues, when you follow some principals. But therefore, you might need some background, which I’m covering in this post.
This limit is by far the most seen issue in the fields (this is at least true for me and my teammates!). In the past the limit was 500 and was increased to 5000 for the C2R version of Outlook. This is mentioned first in the resolution section of the KB article:
Performance and synchronization problems when you work with folders in a secondary mailbox in Outlook
In their blog article, "Improving Security - Together," the Exchange product group announced that the insecure Basic Authentication authentication method switches off on October 13, 2020, not just for Exchange Web Services (EWS), but also for Exchange ActiveSync (EAS), POP, IMAP, and Remote PowerShell.
With the use of the Office 365 platform, application monitoring requirements have changed. In your on-premises IT infrastructure, you normally monitor the availability of applications by solely checking server reachability. In some cases, you might choose to implement enhanced application monitoring by accessing dedicated protocol endpoints.
There are several ways outlined by Microsoft that can be found here. This blogpost goes over migrating from an integrated Exchange server infrastructure to Exchange Online with a hybrid deployment. I will not cover third-party migrations, as this is not relevant for the topics mentioned in this post.
In February, Microsoft released the initial public preview version of the Hybrid Agent, about which was written here. The purpose of the Hybrid Agent, also branded as the “Exchange Modern Hybrid Topology”, is to simplify the process of setting up and deploying Microsoft Exchange Hybrid for Exchange 2010 and later deployments, where full “classic” Exchange Hybrid is not an option.
So, the cloud, am I right? While it always nice to get away from having to worry about failed hard drives, or backups, or patches, or a million other things, the real upside to using cloud services is that the good folks at Microsoft are able to put so much more into developing new features. Even for services like Exchange that seem mature, there are always new and unexpected ways for them to evolve as part of a huge infrastructure like Office 365 and Azure.