The question "why should I implement Exchange Modern Hybrid" is justified. Exchange Modern Hybrid is specially designed to simplify implementing Exchange Hybrid Mode by eliminating the requirement for inbound HTTPS connections to an on-premises Exchange organization. The technical specifications for Classic Exchange Hybrid are sometimes unsuitable for enterprises.
The following simplified diagram illustrates the configuration of Exchange Modern Hybrid. The base for a hybrid configuration is an Azure AD synchronization (grey line) with Exchange Hybrid mode enabled.
Note: Enabling Exchange Hybrid in Azure AD Connect does not configure a hybrid configuration in your on-premises Exchange organization. With Exchange Hybrid mode enabled, Azure AD Connect synchronizes Exchange attributes of AD objects that are relevant for hybrid operation.
The two green arrows are outgoing HTTPS connections from on-premises Exchange Server to Exchange Online. The left arrow is the connection used by on-premises Exchange Server for connecting to Exchange Online querying information for the local Exchange organization, e.g., free/busy information or mail-tips for mailboxes hosting in Exchange Online.
The right arrow is the outbound connection of the two Exchange Hybrid agents installed on the Exchange servers. This connection provides inbound communication for hybrid features from Exchange Online to the local Exchange organization, e.g., moving mailboxes to Exchange Online or querying free/busy information for mailboxes hosted on-premises.
Exchange Modern Hybrid simplifies hybrid communication for the HTTPS protocol. Mail flow between on-premises Exchange and Exchange Online requires an additional bidirectional connection. You can choose between two core variants. Variant A uses a direct two-way SMTP-connection between the local Exchange organization and Exchange Online. If you want to avoid a direct SMTP-connection traversing the perimeter network, you can route the mail flow through Exchange Edge Transport Server, located in the perimeter network, shown as Variant B.
There are two main use-cases for using Exchange Modern Hybrid.
You want to migrate your local Exchange organization to Exchange Online as quickly as possible. In this case, Exchange Hybrid is used to migrate mailboxes to Exchange Online securely.
You need a permanent Exchange Hybrid operation for your enterprise, but you have special network security requirements prohibiting incoming HTTPS connections from the internet to the local Exchange Server systems.
With Exchange Modern Hybrid, you have a robust and proven solution that allows you to set up and configure a hybrid configuration between your On-Premises Exchange organization and Exchange Online quickly and easily. However, this hybrid mode does not support all the hybrid features provided by Exchange Online. For an up-to-date overview of the Modern Hybrid limitations, see the Exchange Hybrid Online Documentation.
Before setting up an Exchange Server Hybrid configuration, you must have a clear understanding and a roadmap not only for setting up the hybrid configuration but also for continuous operation.
Hybrid is a Process
The implementation of a hybrid configuration does not only consist of adopting the technical requirements that enable Exchange Hybrid operation. Before you start the journey to Exchange Hybrid, you must find answers to the following questions:
Do you want to establish long-term hybrid operation providing mailboxes in the on-premises Exchange organization and Exchange Online?
Do users need to be able to access a user's free/busy times with a mailbox in the other Exchange environment?
Do you need a centralized and trusted mail flow between the on-premises Exchange organization and Exchange Online?
Are on-premises Exchange Servers accessible from the internet using HTTPS-protocol?
Does an existing Identity Management (IDM) software support the use of Microsoft 365 and thus Exchange Online?
This list is just a short selection of the questions you need to find answers to before starting with Exchange Hybrid.
The implementation of Exchange Hybrid differs in two process phases:
Transition Phase: Transitioning of the existing operating model from pure Exchange On-Premises to Exchange Hybrid
Operation Phase: Daily operation of the Exchange Hybrid organization
In the transition phase, you adapt existing business processes to the new requirements, .e.g., joiner/leaver process. The scope of the work required varies from company to company. The overall scope depends mainly on the degree of existing processes, business software requirements, and the technical requirements of the local IT infrastructure. The transition phase helps you to correct the considerations for Exchange Hybrid operation that you made during planning.
After adjusting the processes and configurations, you move on to the operational phase for the Exchange Hybrid. The continuous development of Exchange Online and other Microsoft 365 workloads requires regular evaluation and configuration of the cloud services.
If you need to integrate another company into your Exchange Hybrid operation as part of a takeover, you start with a new transition phase. Integration or migration of an existing Exchange Organization affects not only the other company's Exchange environment but also your Exchange Hybrid configuration.
Exchange Hybrid and Office 365 Monitoring and Reporting
On-premises components, such as AD FS, PTA, and Exchange Hybrid are critical for Office 365 end user experience. In addition, something as trivial as expiring Exchange or AD FS certificates can certainly lead to unexpected outages. By proactively monitoring hybrid components, ENow gives you early warnings where hybrid components are reaching a critical state, or even for an upcoming expiring certificate. Knowing immediately when a problem happens, where the fault lies, and why the issue has occurred, ensures that any outages are detected and solved as quickly as possible.