Exchange hybrid license

Exchange hybrid license DEFAULT

In classic scenarios organizations need a software license for each Microsoft Exchange Server they deploy, accomplished with access licenses for users or devices. With the modern cloud scenario’s using Office 365 or Exchange Online Services, each user for the service needs a User Subscription License. But what in hybrid scenario’s? Do you need a software license for your Exchange Server in hybrid mode?

Read time: 5 minutes

The answer to the question is ‘No, you do not need a license for your Exchange Server Hybrid’, but off course there are some restrictions.

Exchange Server Coexistence
Using Software Asset Management services or tooling, organizations might detect an Exchange Server edition called ‘coexistence’.

This is the Exchange Server Edition you will get for free when you deploy a hybrid Exchange environment through the Exchange Hybrid Configuration Wizard. You do not need a separate payed software license for this on premises Exchange Server. Even better, when you want multiple Exchange Hybrid Servers – and you want for availability reasons – you can use the same software license key for those multiple servers.

Using an existing server
If you are migrating your on premises e-mail and calendar functionality from Exchange to Exchange online, you can use your existing Exchange Server as your coexistence server. Hence, when you currently use Exchange Server 2010, you might even upgrade to Exchange Server 2016 Standard without buying a new software license.

Hybrid licensing deployment restrictions
When Microsoft gives you something for free, they either want something back or set restrictions. The last one is the case for Exchange Server licenses for Office 365, Microsoft 365 and Exchange Online hybrid deployments:

  • The Exchange Server software can only fulfil the CAS / cabinet and Hub role
  • The Exchange Server cannot host any mailboxes (they should be in the cloud)
  • Exchange Server 2016 is the highest available version (current to-date)
  • You must be a paying cloud customer with an Enterprise subscription (Office 365 E1/E3/E5, Microsoft 365 E3/E5, Exchange Online Plan 1 or Plan 2)

When you comply with the restrictions, additional Exchange Servers for a hybrid scenario deployment do not need additional Exchange Server licenses.

Be sure
Are you not sure if your Exchange hybrid deployment meets Microsoft licensing rules? Don’t take the risk, be sure. Ask one of our cloud licensing experts to help you.


Hybrid Configuration Wizard and licensing of your on-premises server used for hybrid

A few years ago, we created a web site that would allow our hybrid customers to obtain what’s generally known as the “hybrid key”. This self-service site would validate your O365 tenant and after a few clicks, give you the key to license your on-premises server used for hybrid purposes. This site is no longer available for use, and we’ve come up with a better way for you to get the key. We are excited to inform you we have added a feature that will allow the Hybrid Configuration Wizard (HCW) to detect and license your designated on-premises “hybrid server”, without having to go to a separate web site or call our support team. This change is now available. You can access the HCW here.

Please note that HCW does not provide a 'hybrid key' for Exchange Server 2019. If you need a hybrid key, the latest version that it is available for is Exchange Server 2016.

What does the new experience look like?

When you choose the “Detect the optimal Exchange server” option, HCW will perform the license check on the server and give you a new “license this server now” option, if the server is currently not licensed. Note: HCW will not let you continue from this point on if this server is not licensed, unless you specify an alternate Exchange server to run Hybrid against (second radio button below): HCWkey1 Selecting the “license this server now” link will prompt you for your online administrator credentials. We realize this is an extra credential prompt at this time, but it is needed to validate and obtain the key (the old key distribution site also required authentication). HCW will then indicate the progress of applying the server license to your on-premises server: HCWkey2 Next up, you will get a confirmation that the server has been licensed. You will also have an option to copy the product key (and the CMDlet needed to use it) if you wish to do so: HCWkey3 At this time, unless you want to complete the setup of Hybrid in the HCW, you can exit / cancel the wizard. Full completion of the HCW workflow is not needed for this process to be executed; your on-premises server will remain licensed, and you can re-run HCW at a later date / time. Let us know what you think!

Update 7/24/2018: Updated this post to reflect that the feature has now been released.

The Exchange Hybrid Team

  1. Family law new braunfels tx
  2. Software testing fresher job
  3. Tier exception form bcbs

Many are still confused about the licensing around the Exchange hybrid server required for co-existing with Office 365.

Hybrid server is not a “special” version of Exchange, but one with CAS and Hub roles in the case of Exchange 2010 and CAS and Mailbox role in the case of 2013. You are not allowed to host any mailboxes on this server. It’s only job is to be the middle man in a hybrid deployment of Office 365.

Now the main confusion is around licensing and obtaining license keys. If you have an Exchange deployment on-premise already and want to move/co-exist with O365, you need one or more Exchange 2010 SP3 or 2013 “hybrid” servers.

If the on-premise deployment is Exchange 2003, you can only use Exchange 2010 SP3 servers as hybrid (no 2013). Any deployment with Exchange 2007+ can and should (for the updated feature set) use Exchange 2013 SP1 as the hybrid server. Of course, the 2010 SP3 hybrid servers support all on-premise deployments with Exchange 2003 SP2 or higher.

If the on-premise deployment is Exchange, you can obtain the hybrid server keys for free by contacting the O365 support team. Microsoft has made it easy and you can request and obtain the hybrid key, all online – from here.

Login to the portal and request for the key.

Obtain hybrid key office 365

You need to be a paying Office 365 customer though (Enterprise & no trials).

Verifying hybrid key eligibility

You will be notified if you are not eligible for the free hybrid keys – either because you don’t have an enterprise plan or you are a trial user.

Hybrid keys Office 365

If you need more than one hybrid servers (which you should for redundancy), you can use the same key on multiple servers.

Hope this clears the confusing around licensing hybrid servers. In short, it’s free if you are a paying enterprise customer! ;)

Choosing between Minimal and Full Exchange Hybrid

Free Exchange Server License for Hybrid Deployments Discontinued for Exchange Server 2019

In previous versions of Exchange, Microsoft would provide a license key during the process of running the Microsoft 365 Hybrid Configuration Wizard (HCW). This license was provided at no additional charge providing that no mailboxes were hosted on the Exchange Hybrid server. With the release of Microsoft Exchange Server 2019, Microsoft has deprecated the free Exchange Server license–even if no mailboxes are hosted on the Exchange 2019 Hybrid server.

When running the Microsoft 365 Hybrid Configuration Wizard (HCW), we see behavior to support Microsoft’s new policy.

 Exchange Hybrid Server 2019 Licensing Changes

Notice that when the link to “license this server now” is clicked, the option to verify the tenant credentials is presented, but no change occurs in the options. The second hint to this is evident in the second option where The Microsoft 365 Hybrid Configuration Wizard (HCW) specifically only references Exchange versions 2010, 2013, and 2016–as has been the case since Exchange 2016.

This licensing information can be confirmed in Microsoft Exchange licensing FAQs.

If my organization is Hybrid with Microsoft 365 and I do not host mailboxes on-premises, do I still need to license Exchange Server?

“If you do not host any mailboxes on the servers used to connect to Microsoft 365 you can license them using the Microsoft 365 Hybrid Configuration Wizard (HCW). The HCW validates your Microsoft 365 subscription and installs the appropriate licenses on your servers. Note that the free Exchange Server license is not available for Exchange 2019 hybrid servers.”

Exchange 2019 can of course still function as a Hybrid, but it must be licensed with a Standard Edition Key or an Enterprise Edition key.

Lucas Guth, PEI


Hybrid license exchange

Exchange Hybrid Licensing

I have mentioned previously on this site that hybrid Exchange is the best way to migrate to Office 365.

Hybrid enables rich co-existence between your on-premises Exchange server and Office 365 / Exchange Online in the cloud.


Hybrid is emphatically NOT a “special” version of Exchange Server, nor does it require special licensing. You can enable a hybrid connection using the hybrid wizard on Exchange 2010, 2013 or 2016. After that, the migration process looks a lot more like an on-prem migration (except it’s not).

If you are stuck all the way back on Exchange 2007, no worries! You can install Microsoft Exchange 2013 (mailbox & CAS role) and activate it using a free product key from Microsoft, specifically made for executing hybrid migrations. Very often, we end up installing Exchange 2013 as a “bridge” to Office 365, for example.

Note: if you plan to host some of the mailboxes on-premises yourself, or if decide in the future to change your product key from “hybrid only” to a full Standard or Enterprise version of Exchange in order to work with on-premises mailboxes, then you will need to obtain the proper licensing before doing so. Use the following PowerShell command to set your new product key:

Set-ExchangeServer -Identity <HybridServerName> -ProductKey <ProductKeyHere>

Go here and follow the directions to obtain your free hybrid Exchange product key. Happy migrating!

Update: The hybrid wizard can now find the hybrid server and license it for you automatically.


Like this:



Choosing between Minimal and Full Exchange Hybrid


Hi, I just installed Exchange 2016 server, and used the setup key from our VLSC to register the new Exchange server in the EAC as a Standard server from a trial server.

What I should have done was install the Exchange 2016 server, then run the Hybrid Configuration Wizard which then provides you a link where you can get they Hybrid License from and register the server as Hybrid rather than Standard.

Now that the server is registered as Standard, will I be able to re-run the Hybrid Configuration Wizard and get a hybrid key? Or do I need to rebuild the server? Or is there a PowerShell command I can run to clear the license on the server and set it back to trial? Or am I OK to use this setup key as we have no on-prem mailboxes? We have an older Exchange server I am trying to migrate from that we are already running in hybrid mode with.

Related, is if you phone MS Volume Licensing support, and waste several painful hours going through each phone-tree option and multiple agents, they will do one of the following: A) Demand you pay for professional support; B) Will be completely unable to find any licensing management documentation; C) They will quietly hang up on you.


Now discussing:

Exchange Server hybrid deployments

Summary: What you need to know to plan an Exchange hybrid deployment.

A hybrid deployment offers organizations the ability to extend the feature-rich experience and administrative control they have with their existing on-premises Microsoft Exchange organization to the cloud. A hybrid deployment provides the seamless look and feel of a single Exchange organization between an on-premises Exchange organization and Exchange Online. In addition, a hybrid deployment can serve as an intermediate step to moving completely to an Exchange Online organization.

Exchange hybrid deployment features

A hybrid deployment enables the following features:

  • Secure mail routing between on-premises and Exchange Online organizations.

  • Mail routing with a shared domain namespace. For example, both on-premises and Exchange Online organizations use the SMTP domain.

  • A unified global address list (GAL), also called a "shared address book."

  • Free/busy and calendar sharing between on-premises and Exchange Online organizations.

  • Centralized control of inbound and outbound mail flow. You can configure all inbound and outbound Exchange Online messages to be routed through the on-premises Exchange organization.

  • A single Outlook on the web URL for both the on-premises and Exchange Online organizations.

  • The ability to move existing on-premises mailboxes to the Exchange Online organization. Exchange Online mailboxes can also be moved back to the on-premises organization if needed.

  • Centralized mailbox management using the on-premises Exchange admin center (EAC).

  • Message tracking, MailTips, and multi-mailbox search between on-premises and Exchange Online organizations.

  • Cloud-based message archiving for on-premises Exchange mailboxes. Exchange Online Archiving can be used with a hybrid deployment. Learn more about Exchange Online Archiving at Archive Features in Exchange Online Archiving.

Consider the following before you implement an Exchange hybrid deployment:

  • Hybrid deployment requirements: Before you configure a hybrid deployment, you need to make sure your on-premises organization meets all of the prerequisites required for a successful deployment. For more information, see Hybrid deployment prerequisites.

  • Exchange ActiveSync clients: When you move a mailbox from your on-premises Exchange organization to Exchange Online, all of the clients that access the mailbox need to be updated to use Exchange Online; this includes Exchange ActiveSync devices. Most Exchange ActiveSync clients will now be automatically reconfigured when the mailbox is moved to Exchange Online, however some older devices might not update correctly. For more information, see Exchange ActiveSync device settings with Exchange hybrid deployments.

  • Mailbox permissions migration: On-premises mailbox permissions such as Send As, Full Access, Send on Behalf, and folder permissions, that are explicitly applied on the mailbox are migrated to Exchange Online. Inherited (non-explicit) mailbox permissions and permissions granted to objects that aren't mail enabled in Exchange Online are not migrated. You should ensure all permissions are explicitly granted and all objects are mail enabled prior to migration. Therefore, you have to plan for configuring these permissions in Exchange Online if applicable for your organization. In the case of Send As permissions, if the user and the resource attempting to be sent as aren't moved at the same time, you'll need to explicitly add the Send As permission in Exchange Online using the Add-RecipientPermission cmdlet.

  • Support for cross-premises mailbox permissions: Exchange hybrid deployments support the use of the Full Access and Send on Behalf Of permissions between mailboxes located in an on-premises Exchange organization and mailboxes located in Exchange Online. Additional steps are required for Send As permissions. Also, some additional configuration may be required to support cross-premises mailbox permissions depending on the version of Exchange installed in your on-premises organization. For more information, see Delegate mailbox permissions in Permissions in Exchange hybrid deployments and Configure Exchange to support delegated mailbox permissions in a hybrid deployment.

  • Offboarding: As part of ongoing recipient management, you might have to move Exchange Online mailboxes back to your on-premises environment.

For more information about how to move mailboxes in an Exchange 2010-based hybrid deployment, see Move an Exchange Online mailbox to the on-premises organization.

For more information about how to move mailboxes in hybrid deployments based on Exchange 2013 or newer, see Move mailboxes between on-premises and Exchange Online organizations in hybrid deployments.

  • Mailbox forwarding settings: Mailboxes can be set up to automatically forward mail sent to them to another mailbox. While mailbox forwarding is supported in Exchange Online, the forwarding configuration isn't copied to Exchange Online when the mailbox is migrated there. Before you migrate a mailbox to Exchange Online, make sure you export the forwarding configuration for each mailbox. The forwarding configuration is stored in the , , and properties on each mailbox.

Exchange hybrid deployment components

A hybrid deployment involves several different services and components:

  • Exchange servers: At least one Exchange server needs to be configured in your on-premises organization if you want to configure a hybrid deployment. If you're running Exchange 2013 or older, you need to install at least one server running the Mailbox and Client Access roles. If you're running Exchange 2016 or newer, at least one server running the Mailbox role needs to be installed. If needed, Exchange Edge Transport servers can also be installed in a perimeter network and support secure mail flow with Microsoft 365 or Office 365.


    We don't support the installation of Exchange servers running the Mailbox or Client Access server roles in a perimeter network.


    We recommend using the Exchange Server with the latest CU and SU for configuring Hybrid.

  • Office 365 or Microsoft 365: Several Office 365 and Microsoft 365 service subscriptions include an Exchange Online organization. Organizations configuring a hybrid deployment need to purchase a license for each mailbox that's migrated to or created in the Exchange Online organization.

  • Hybrid Configuration wizard: Exchange includes the Hybrid Configuration wizard which provides you with a streamlined process to configure a hybrid deployment between on-premises Exchange and Exchange Online organizations.

    Learn more at Hybrid Configuration wizard.

  • Azure AD authentication system: The Azure Active Directory (AD) authentication system is a free cloud-based service that acts as the trust broker between your on-premises Exchange 2016 organization and the Exchange Online organization. On-premises organizations configuring a hybrid deployment must have a federation trust with the Azure AD authentication system. The federation trust can either be created manually as part of configuring federated sharing features between an on-premises Exchange organization and other federated Exchange organizations or as part of configuring a hybrid deployment with the Hybrid Configuration wizard. A federation trust with the Azure AD authentication system for your Exchange Online tenant is automatically configured when you activate your Microsoft 365 or Office 365 service account.

    Learn more at: What is Azure AD Connect?.

  • Azure Active Directory synchronization: Azure AD synchronization uses Azure AD Connect to replicate on-premises Active Directory information for mail-enabled objects to the cloud to support the unified global address list (GAL) and user authentication. Organizations configuring a hybrid deployment need to deploy Azure AD Connect on a separate, on-premises server to synchronize your on-premises Active Directory with Microsoft 365 or Office 365.

    Learn more at: Prerequisites for Azure AD Connect.


Azure AD Connect cloud sync does not support hybrid migrations due to its inability to handle Exchange hybrid writeback.

Hybrid deployment example

Take a look at the following scenario. It's an example topology that provides an overview of a typical Exchange 2016 deployment. Contoso, Ltd. is a single-forest, single-domain organization with two domain controllers and one Exchange 2016 server installed. Remote Contoso users use Outlook on the web to connect to Exchange 2016 over the Internet to check their mailboxes and access their Outlook calendar.

On-premises Exchange deployment before hybrid deployment with Microsoft 365 or Office 365 is configured.

Let's say that you're the network administrator for Contoso, and you're interested in configuring a hybrid deployment. You deploy and configure a required Azure AD Connect server and you also decide to use the Azure AD Connect password synchronization feature to let users use the same credentials for both their on-premises network account and their Microsoft 365 or Office 365 account. After you complete the hybrid deployment prerequisites and use the Hybrid Configuration wizard to select options for the hybrid deployment, your new topology has the following configuration:

  • Users will use the same username and password for logging on to the on-premises and Exchange Online organizations ("single sign-on").

  • User mailboxes located on-premises and in the Exchange Online organization will use the same email address domain. For example, mailboxes located on-premises and mailboxes located in the Exchange Online organization will both use in user email addresses.

  • All outbound mail is delivered to the Internet by the on-premises organization. The on-premises organization controls all messaging transport and serves as a relay for the Exchange Online organization ("centralized mail transport").

  • On-premises and Exchange Online organization users can share calendar free/busy information with each other. Organization relationships configured for both organizations also enable cross-premises message tracking, MailTips, and message search.

  • On-premises and Exchange Online users use the same URL to connect to their mailboxes over the Internet.

On-premises Exchange deployment after hybrid deployment with Microsoft 365 or Office 365 is configured.

If you compare Contoso's existing organization configuration and the hybrid deployment configuration, you'll see that configuring a hybrid deployment has added servers and services that support additional communication and features that are shared between the on-premises and Exchange Online organizations. Here's an overview of the changes that a hybrid deployment has made from the initial on-premises Exchange organization.

ConfigurationBefore hybrid deploymentAfter hybrid deployment
Mailbox locationMailboxes on-premises only.Mailboxes on-premises and in Exchange Online.
Message transportOn-premises Mailbox servers handle all inbound and outbound message routing.On-premises Mailbox servers handle internal message routing between the on-premises and Exchange Online organization.
Outlook on the webOn-premises Mailbox servers receive all Outlook on the web requests and displays mailbox information.On-premises Mailbox servers redirect Outlook on the web requests to either on-premises Exchange 2016 Mailbox servers or provides a link to log on to Exchange Online.
Unified GAL for both organizationsNot applicable; single organization only.On-premises Active Directory synchronization server replicates Active Directory information for mail-enabled objects to Exchange Online.
Single-sign on used for both organizationsNot applicable; single organization only.On-premises Active Directory and Exchange Online use the same username and password for mailboxes located either on-premises or in Exchange Online.
Organization relationship established and a federation trust with Azure AD authentication systemTrust relationship with the Azure AD authentication system and organization relationships with other federated Exchange organizations may be configured.Trust relationship with the Azure AD authentication system is required. Organization relationships are established between the on-premises environment and the cloud.
Free/busy sharingFree/busy sharing between on-premises users only.Free/busy sharing between both on-premises and Exchange Online users.

Now that you're a little more familiar with what a hybrid deployment is, you need to carefully consider some important issues. Configuring a hybrid deployment could affect multiple areas in your current network and Exchange organization.

Directory synchronization and single sign-on

Active Directory synchronization between the on-premises organization and the cloud, which is performed every 30 minutes by a server running Azure Active Directory Connect, is a requirement for configuring a hybrid deployment. Directory synchronization enables recipients in either organization to see each other in the global address list. It also synchronizes usernames and passwords which enables users to log in with the same credentials in both your on-premises organization and in Microsoft 365 or Office 365.


If you choose to configure Azure AD Connect with AD FS, usernames and passwords of on-premises users will still be synchronized to the cloud by default. However, users will authenticate with your on-premises Active Directory via AD FS as their primary method of authentication. If you wish to configure AD FS to fall back and authenticate against usernames and passwords that you have synchronized to the cloud in the event AD FS can't connect to your on-premises Active Directory, see Setting up PHS as backup for AD FS in Azure AD Connect.

All customers of Azure Active Directory and Microsoft 365 or Office 365 have a default limit of 50,000 objects (users, mail-enabled contacts, and groups) that determines how many objects you can create in your Microsoft 365 or Office 365 organization. After you verify your first domain, this limit is automatically increased to 500,000 objects for Azure Active Directory Free, or an unlimited number of objects for Azure Active Directory Basic or Premium. For more information, see Azure Active Directory pricing.

In addition to a server running Azure AD Connect, you'll also need to deploy a web application proxy server if you choose to configure AD FS. This server should be placed in your perimeter network and will act as an intermediary between your internal ADFS servers and the Internet. The web application proxy server needs to accept connections from clients and servers on the Internet using TCP port 443.

Hybrid deployment management

You manage a hybrid deployment in Exchange 2016 via a single unified management console that allows for managing both your on-premises and Exchange Online organizations. The Exchange admin center (EAC), which replaces the Exchange Management Console and the Exchange Control Panel, allows you to connect and configure features for both organizations. When you run the Hybrid Configuration wizard for the first time, you will be prompted to connect to your Exchange Online organization. You need to use an account that is a member of the Organization Management role group to connect the EAC to your Exchange Online organization.


Secure Sockets Layer (SSL) digital certificates play a significant role in configuring a hybrid deployment. They help to secure communications between the on-premises hybrid server and the Exchange Online organization. Certificates are a requirement to configure several types of services. If you're already using digital certificates in your Exchange organization, you may have to modify the certificates to include additional domains or purchase additional certificates from a trusted certificate authority (CA). If you aren't already using certificates, you will need to purchase one or more certificates from a trusted CA.

Learn more at: Certificate requirements for hybrid deployments


Your network connection to the Internet will directly impact the communication performance between your on-premises organization and the Microsoft 365 or Office 365 organization. This is particularly true when moving mailboxes from your on-premises Exchange 2016 server to the Microsoft 365 or Office 365 organization. The amount of available network bandwidth, in combination with mailbox size and the number of mailboxes moved in parallel, will result in varied times to complete mailbox moves. Additionally, other services, such as SharePoint Server 2016 and Skype for Business, may also affect the available bandwidth for messaging services.

Before moving mailboxes to the cloud, you should:

  • Determine the average mailbox size for mailboxes that will be moved.

  • Determine the average connection and throughput speed for your connection to the Internet from your on-premises organization.

  • Calculate the average expected transfer speed, and plan your mailbox moves accordingly.

Learn more at: Networking.

Unified Messaging


Unified Messaging is not available in Exchange 2019.

Unified Messaging (UM) is supported in a hybrid deployment between your on-premises and Microsoft 365 or Office 365 organizations. Your on-premises telephony solution must be able to communicate with the cloud. This may require that you purchase additional hardware and software.

If you want to move mailboxes from your on-premises organization to the cloud, and those mailboxes are configured for UM, you should configure UM in your hybrid deployment prior to moving those mailboxes. If you move mailboxes before you configure UM in your hybrid deployment, those mailboxes will no longer have access to UM functionality.

Information Rights Management

Information Rights Management (IRM) enables users to apply Active Directory Rights Management Services (AD RMS) templates to messages that they send. AD RMS templates can help prevent information leakage by allowing users to control who can open a rights-protected message, and what they can do with that message after it's been opened.

IRM in a hybrid deployment requires planning, manual configuration of the Microsoft 365 or Office 365 organization, and an understanding of how clients use AD RMS servers depending on whether their mailbox is in the on-premises or Exchange Online organization.

Learn more at: IRM in Exchange hybrid deployments

Mobile devices

Mobile devices are supported in a hybrid deployment. If Exchange ActiveSync is already enabled on your existing servers, they'll continue to redirect requests from mobile devices to mailboxes located on the on-premises Mailbox server. For mobile devices connecting to existing mailboxes that are moved from the on-premises organization to the cloud, Exchange ActiveSync profiles will automatically be updated to connect to the cloud on most phones. All mobile devices that support Exchange ActiveSync should be compatible with a hybrid deployment.

Learn more at: Exchange ActiveSync.

Client requirements

We recommend that your clients use Outlook 2016 or Outlook 2013 for the best experience and performance in the hybrid deployment. Pre-Outlook 2010 clients aren't supported in hybrid deployments or with Microsoft 365 or Office 365.

Licensing for Microsoft 365 and Office 365

To create mailboxes in, or move mailboxes to, Microsoft 365 or Office 365, you need to sign up for an appropriate subscription plan you must have licenses available. When you sign up, you'll receive a specific number of licenses that you can assign to new mailboxes or mailboxes moved from the on-premises organization. Each mailbox in the cloud must have a license.

Antivirus and anti-spam services

Mailboxes moved to the cloud are automatically provided with antivirus and anti-spam protection by Exchange Online Protection (EOP), a service provided by Microsoft 365 and Office 365. You may need to purchase additional EOP licenses for your on-premises users if you chose to route all incoming Internet mail through the EOP service. We recommend that you carefully evaluate whether the EOP protection in your Microsoft 365 or Office 365 is also appropriate to meet the antivirus and anti-spam needs of your on-premises organization. If you have protection in place for your on-premises organization, you may need to upgrade or configure your on-premises antivirus and anti-spam solutions for maximum protection across your organization.

Learn more at: Anti-spam and anti-malware protection in EOP.

Public folders

Public folders are supported in the cloud and on-premises public folders can be migrated to the cloud. Additionally, public folders in the cloud can be moved to the on-premises Exchange organization. Both on-premises and cloud users can access public folders located in either organization using Outlook on the web, Outlook 2016, Outlook 2013, or Outlook 2010 SP2 or newer. Existing on-premises public folder configuration and access for on-premises mailboxes doesn't change when you configure a hybrid deployment.

Learn more at: Public folders.


For information about keyboard shortcuts that may apply to the procedures in this checklist, see Keyboard shortcuts for the Exchange admin center.

Key terminology

The following list provides you with definitions of the core components associated with hybrid deployments in Exchange 2013.

centralized mail transport

The hybrid configuration option in which all Exchange Online inbound and outbound Internet messages are routed via the on-premises Exchange organization. This routing option is configured in the Hybrid Configuration wizard. For more information, see Transport options in Exchange hybrid deployments.

coexistence domain

An accepted domain added to the on-premises organization for hybrid mail flow and Autodiscover requests for the Microsoft 365 or Office 365 service. This domain is added as a secondary proxy domain to any email address policies which have PrimarySmtpAddress templates for domains selected in the Hybrid Configuration wizard. By default, this domain is <domain>

HybridConfiguration Active Directory object

The Active Directory object in the on-premises organization that contains the desired hybrid deployment configuration parameters defined by the selections chosen in the Hybrid Configuration wizard. The Hybrid Configuration Engine uses these parameters when configuring on-premises and Exchange Online settings to enable hybrid features. The contents of the HybridConfiguration object are reset each time the Hybrid Configuration wizard is run.

hybrid configuration engine

The Hybrid Configuration Engine (HCE) runs the core actions necessary for configuring and updating a hybrid deployment. The HCE compares the state of the HybridConfiguration Active Directory object with current on-premises Exchange and Exchange Online configuration settings and then executes tasks to match the deployment configuration settings to the parameters defined in the HybridConfiguration Active Directory object. For more information, see Hybrid Configuration Engine.

hybrid configuration wizard (HCW)

An adaptive tool offered in Exchange that guides administrators through configuring a hybrid deployment between their on-premises and Exchange Online organizations. The wizard defines the hybrid deployment configuration parameters in the HybridConfiguration object and instructs the Hybrid Configuration Engine to run the necessary configuration tasks to enable the defined hybrid features. For more information, see Hybrid Configuration wizard.

Exchange 2010-based hybrid deployment

A hybrid deployment configured using Service Pack 3 (SP3) for Exchange Server 2010 on-premises servers as the connecting endpoint for the Microsoft 365 or Office 365 and Exchange Online services. A hybrid deployment option for on-premises Exchange 2010, Exchange Server 2007, and Exchange Server 2003 organizations.

Exchange 2013-based hybrid deployment

A hybrid deployment configured using Exchange 2013 on-premises servers as the connecting endpoint for the Microsoft 365, Office 365, and Exchange Online services. A hybrid deployment option for on-premises Exchange 2013, Exchange 2010, and Exchange 2007 organizations.

Exchange 2016-based hybrid deployment

A hybrid deployment configured using Exchange 2016 on-premises servers as the connecting endpoint for the Microsoft 365 or Office 365 and Exchange Online services. A hybrid deployment option for on-premises Exchange 2016, Exchange 2013, and Exchange 2010 organizations.

secure mail transport

An automatically configured feature of a hybrid deployment that enables secure messaging between the on-premises and Exchange Online organizations. Messages are encrypted and authenticated using transport layer security (TLS) with a certificate selected in the Hybrid Configuration wizard. Microsoft 365 or Office 365 organization is the endpoint for hybrid transport connections originating from the on-premises organization and the source for hybrid transport connections to the on-premises organization from Exchange Online.

Exchange hybrid deployment documentation

The following table contains links to topics that will help you learn about and manage hybrid deployments in Microsoft Exchange.


197 198 199 200 201