Microsoft Teams and Exchange Server – The Pitfalls

An integral part of Microsoft Teams is the ability to attend meetings and live events. The appointments for these event types are usually planned directly via the personal calendar in a Microsoft Teams client. The calendar also enables quick and easy participation in meetings.

Microsoft Teams is an app platform for very different application scenarios. As part of this app platform, Microsoft provides us with the calendar app. This calendar app has access to the personal calendar in the Exchange mailbox and is responsible for displaying the calendar information. The app also provides the functions for planning new Teams meetings or live events.

You will not encounter functional problems with a mailbox in Exchange Online. Microsoft Teams and Exchange Online are native Microsoft 365 components. It just works. If you use on-premises, the situation is entirely different. The use of Microsoft Teams with on-premises Exchange mailboxes has some stumbling blocks for a functional implementation.

The Requirements

There are a few requirements for using on-premises mailboxes with Microsoft Teams. These requirements automatically define the stumbling blocks you can expect when you implement this architecture. The same is true for the expected troubleshooting steps in case of errors.

A Teams client does not access a user mailbox directly. The calendar app receives the necessary calendar information from the Teams backend services, a core component of the Microsoft 365 cloud services. The backend services communicate with the user mailbox to read the data from the calendar folder, process it, and make it available to the Teams client. The services rely on the AutoDiscover functionality of Exchange and find the required endpoints via an AutoDiscover V2 query. In contrast to version 1, AutoDiscover V2 is an anonymous query that is only supported by Exchange Online and newer Exchange Server versions.

Stumbling Block 1

• Your on-premises Exchange Server organization uses Exchange Server 2016 CU3 or newer. Ideally, you have already installed the March 2021 cumulative updates.

As already mentioned, Microsoft Teams and Exchange Online's interaction is an integral part of Microsoft 365. As a result of this interaction, the Teams backend services always first send an AutoDiscover V2 query to Exchange Online, as this endpoint is reliably available. The backend services use this query to find the Exchange Web Services endpoint for calendar access based on the user's email address.

Exchange Online replies to the Teams Backend Services with the EWS address of Exchange Online, provided the mailbox is in Exchange Online. Or, more precisely, if the requested email address is a mailbox user.

Suppose the requested email address is assigned to a mail user. In that case, the Teams backend services receive an HTTP 302 redirect response to the local AutoDiscover endpoint and query the endpoint for the on-premises Exchange Web Services endpoint address.

Stumbling Block 2

• Exchange Online identifies on-premises mailboxes using the Mail User object information. Azure AD Connect transfers this information with the Exchange Hybrid option enabled.

Stumbling Block 3

• The Teams backend services cannot connect to the on-premises AutoDiscover, EWS, and REST endpoints. These endpoints must be accessible from the Internet via a DNS resolution.

Tip

You can easily use your browser to test AutoDiscover V2 for any email address. This is one of the more straightforward steps when troubleshooting the calendar app.

Two examples for finding the EWS or REST endpoints:

https://outlook.office365.com/autodiscover/autodiscover.json?Email=john.doe@varunagroup.de&Protocol=EWS

https://outlook.office365.com/autodiscover/autodiscover.json?Email=john.doe@varunagroup.de&Protocol=REST

After receiving the Exchange Web Services endpoint address, the Teams backend services establish an OAuth authenticated connection to the user's mailbox. For this, the OAuth setup between the on-premises Exchange organization and Exchange Online as trusted partner applications requires proper configuration.

Stumbling Block 4

• The AutoDiscover response from your Exchange Server is based on the settings for the requested protocols' external URL addresses. If these settings are not configured correctly on all servers, the Teams backend services cannot connect to your on-premises Exchange servers.

Stumbling Block 5

• Without a correct OAuth configuration between the on-premises Exchange organization and Exchange Online, the backend services' authentication to your Exchange servers will fail. If authentication is not possible, calendar data will not be available in the Teams client.

OAuth authentication is only the first step in accessing a user mailbox. The architecture of modern Exchange Server versions poses additional challenges in DAG and multi-server environments. Every incoming connection passes through four components and can include a switch to another server. The four components are:

1. IIS-Frontend web site
2. Exchange Server Frontend-Proxy component
3. IIS-Backend web site
4. Exchange Server Mailbox component

The proxy connection from step 2 to step 3 can lead to another server if the target mailbox's active database copy is mounted on that server. You can see that the on-premises Exchange organization's configuration plays the most critical role for Teams backend services accessing an on-premises mailbox.

Tip

Ensure your local Exchange organization's correct configuration and secure publication on the Internet before you plan to use Microsoft Teams with local mailboxes. The Remote Connectivity Analyzer supports you in checking the connections to your Exchange organization.

However, the complexity of accessing the personal calendar in Microsoft Teams is not the end of the discussion. Planning Teams meetings in a delegate scenario are just as tricky. In this situation, the Teams backend services connect to the manager mailbox and check the delegates calendar permissions. In addition to the protocol access described above, Outlook permissions play an essential role. Meeting planning as a delegate is only possible if the manager granted the permission via the Outlook delegate assistant. Assigning direct folder permissions is not sufficient.

Stumbling Block 6

• A delegate's meeting scheduling is only possible if you used the correct method for assigning permissions.

Follow Microsoft's recommendations for a standard implementation of Exchange Server and connectivity with Microsoft 365 services. If this proves too difficult for your on-premises IT infrastructure, consider migrating your on-premises Exchange mailboxes to Exchange Online.

Troubleshooting the Teams backend services connectivity is a complex matter. You can read more about detailed troubleshooting steps in my three-part mini-series on the Teams Community Blog:

• Microsoft Teams and on-premises mailboxes: Part 1 – How do Teams and Exchange Server interact?
  
  
• Microsoft Teams and on-premises mailboxes: Part 2 - Teams Calendar App Troubleshooting
  
  
• Microsoft Teams and on-premises mailboxes: Part 3 – Calendar-Based Presence and Delegates

What does not work

The use of on-premises mailboxes with Microsoft Teams is limited to the personal calendar. Personal contacts are not available in Microsoft Teams.

In addition to Microsoft Teams, using other Microsoft 365 services is only possible to some extent when using a local Exchange mailbox, i.e., Microsoft To-Do does not work with local Exchange mailboxes.

Summary

Using Microsoft Teams with on-premises Exchange mailboxes is a complex scenario. Without a correct configuration of your Exchange organization, the use of the personal calendar will fail. You have to plan and test the technical implementation before your users can use this function reliably. It is also helpful to know the connection paths between Teams backend services and on-premises Exchange Server to master error situations successfully.

Do not underestimate end-user training either. Providing clear and easy-to-understand instructions to your users can reduce the number of helpdesk tickets. Educated end-users play a vital role in democratizing and simplifying IT operations.

Links

• Requirements to create and view meetings for mailboxes hosted on-premises
  
  
• Configure OAuth authentication between Exchange and Exchange Online organizations
  
  
• Troubleshoot Microsoft Teams and Exchange Server interaction issues
  
  
• Allow someone else to manage your mail and calendar

Office 365 End User Experience Monitoring and Reporting

To ensure your Office 365 collaboration goals are met, monitoring usage and adoption is just the start. Put your users at the heart of your monitoring strategy by measuring their ability to perform essential tasks within key Office 365 applications.

ENow’s Office 365 End User Experience Monitoring and Reporting:

• Mimics end-user behavior with synthetic transactions by proactively testing common actions
• Visually maps service status for a specific user in a specific remote location
• Pinpoints issues down to the root cause, decreasing MTTR

Gain true end-to-end visibility into how users experience Office 365 applications with ENow’s Office 365 End User Experience Monitoring and Reporting solution. Access your free 14-day trial today!