Configuring an Exchange 2013 Hybrid Deployment and Migrating to Office 365 (Exchange Online) (Part 1)

If you would like to read the other parts in this article series please go to:


Back on February, 27th, Microsoft released a major new update (third generation also known as wave 15) of the Office 365 service now simply referred to as the New Office 365.

Not surprisingly, this is Microsofts most complete Office cloud service to date. Microsoft Lync, SharePoint and Exchange has all been updated to the respective 2013 versions and the rich Office Pro Plus client applications (of course also 2013 versions) are now provided as streamed applications that a user can install up to five devices of their choice on. In addition, the New Office 365 now includes Yammer and SkyDrive Pro as part of the service. Lastly, the Forefront Online Protection Service (FOPE) spam filtering service has been rebranded and is now known as Exchange Online Protection or simply EOP.

It’s no secret that since the launch in mid-2011, Office 365 has been one of the fastest growing businesses in Microsofts history. After only 18 months, one in five of Microsofts enterprise customers were using the service. And the success is continuing. It should be said though, that some countries are moving faster than others. Fortunately, I’m living in the leading European country when it comes to enterprises moving to Office 365, so I have the pleasure of dealing with multiple Office 365 projects on a daily basis at Microsoft Services Denmark and none of them are boring!

Okay, so my previous article series focused on deploying ADFS-based identity federation, Directory Synchronization (DirSync) and an Exchange 2010 based hybrid deployment into an on-premises infrastructure containing an Exchange 2007 organization. With tenants moved to or created in the new Office 365, we are encouraged to replace our Exchange 2010 hybrid servers with hybrid servers running Exchange 2013 Customer Update 1 (CU1).

Existing Office 365 customers that have deployed Exchange 2010 based hybrid servers and are upgraded to the New Office 365 can still use these hybrid servers for coexistence, but will not get all the advantages that customers running Exchange 2013 hybrid server will get. Also, bear in mind that you must apply Exchange 2010 Service Pack 3 in order to be able to manage Exchange Online objects using the Exchange Management Console (EMC).

The intention with this article series is to first provide you with an insight into the new Exchange Online version based on Exchange 2013. Then, I will go through all the required steps in order to configure ADFS-based identity federation, DirSync and Exchange 2013 based hybrid servers. When it comes to both Exchange 2013 based hybrid deployments, a lot of stuff has changed and several new coexistence features and improvements to existing ones have been introduced. When it comes to ADFS and DirSync, we now support Windows Server 2012. Specifically for DirSync, which now is known as the Windows Azure Active Directory Sync tool (WAAD Sync tool), we can also do password synchronization from the on-premises Active Directory to the Office 365 tenant. However, details around this new option will be included in another articles series.

Just like it’s the case with many of my previous articles series, you could call this one a lab deployment guide with a bit of extra information provided.

Alright, we have a lot to cover so let’s get started.

Available Migration Paths to the New Office 365

Just like was the case with migrations from an on-premises Exchange environment to Exchange Online (part of the previous Office 365 offering), the migration path from an on-premise messaging environment to the new Exchange Online (part of the New Office 365 offering) will differ based on criteria such as size of the on-premise environment, number of users, the messaging environment an organization is migrating from, as well as the expectations revolving around coexistence.

So if we leave third party migration solutions out of the picture, we have four different migration approaches at our disposal:

  • Exchange Cutover migrations
  • Staged Exchange migrations
  • Hybrid Exchange Deployment-based migrations
  • IMAP-based e-mail migrations

When migrating from an on-premises Domino/Notes environment, the approach is to use a third party tool such as CMT from Binary Tree or Notes migrator from Quest Software (Dell).

In this particular multi-part article series, I’ll go through the steps necessary to configure an Exchange 2013 hybrid configuration in a pure Exchange 2013 on-premises organization followed by migrating mailboxes to the new Exchange Online. I’ll also uncover the advantages you get by choosing a hybrid configuration based migration.

Ok so the primary targets for an Exchange hybrid deployment based migration to the new Exchange Online are large enterprises that wish to move mailboxes to Exchange Online over a longer period of time or only want to move a subset of the total mailboxes. An Exchange hybrid deployment based migration to the new Exchange Online usually involves the following deployment steps:

  • Configure ADFS based identity federation in order to provide users with a single sign-on (SSO) experience when accessing services part of the new Office 365 offering.
  • Configure directory synchronization (DirSync) so that on-premise users, groups and contacts are synchronized to Office 365. By doing so, there will only be one source of authority (the on-premise Active Directory forest), which means that users migrated to Office 365 will be managed from the on-premise environment. Changes made to a user in the on-premise environment will then be reflected in Office 365 via DirSync delta changes.
  • Deploy Exchange 2013 hybrid deployment servers into the on-premises Exchange organization so that rich coexistence can be set up between the on-premise Exchange organization and Exchange Online. A hybrid deployment provides functionality such as free/busy & calendar sharing, MailTips integration (between Exchange Online & Exchange on-premise), Exchange Online-based online archiving support, option to offboard mailboxes from Exchange Online (move mailbox back to Exchange on-prem) as well as the option to manage Exchange Online users using the Exchange Administration Center (EAC) on the on-premises Exchange 2013 servers.

As most of you know, the new Office 365 not only consists of Exchange Online but also Lync Online and SharePoint Online, SkyDrive Pro, Yammer, the rich Office application, Office Web Apps etc. However in this article series we only focus on the Exchange side of things. Said in another way, the steps required to configure and move from on-premise solutions to Lync Online and SharePoint Online are outside the scope of this article series.

The other above listed migration approaches will be covered in separate articles here on

Exchange Online Changes & Improvements

Since the Exchange Online version part of the New Office 365 offering is based on Exchange 2013, we have several new changes and improvements in the new Exchange Online version. I have listed the most significant one below.

  • Exchange Administration Center Just like the Exchange 2013 product for on-premises environments, the Exchange Control Panel (ECP) in Exchange Online has been replaced by the new Exchange Administration Center (EAC). The EAC can be used to do most of the configuration and management that the Exchange Management Console (EMC) could in Exchange 2010. EAC is browser-based and it gives us the option to add our Office 365 tenant, so that both Exchange Online and on-premises Exchange can be managed from within the same browser window. We even have transparent SSO, when switching between management of Exchange Online and Exchange on-premises. Yes pretty darn cool! Although the new Exchange Online has support for Exchange 2010 SP3 based hybrid servers and therefore also the EMC, let’s face it, the EMC is becoming history as it has been discontinued with Exchange 2013. We’ll look much more at what’s possible in the EAC later on in this article series.

Figure 1:
Exchange Online Administration Center

  • Exchange Online Protection (EOP) EOP replaces Forefront Online Protection (FOPE) and is just like with FOPE and EOP instance is automatically associated with a tenant. EOP is used to protect your organization from viruses, spam, phishing scams, and policy violations. In addition, EOP is used to control routing between the Internet, Exchange Online and your on-premises mail environment.
  • Outlook Web App (OWA) Once again OWA has been getting a serious facelift and has now been developed with touch in mind. OWA 2013 also provides users with so called OWA apps and connects much better with your social networks.

Figure 2:
Outlook Web App (OWA)

  • Reporting The reporting feature in Office 365 have been heavily improved. We can now view information mailboxes and groups in your organization, spam and malware sent to and from your organization, and the total volume of mail sent to and from your organization, rules that affected mail sent to and from your organization, and Data Loss Prevention (DLP) policies and rules that affected mail sent to and from your organization.

Figure 3: Improved reporting

  • New Migration Features With Exchange 2013, we can now create so called batch moves and migration endpoints. Migration endpoints are management objects, that describes the remote server as well as connections that can be associated with one or multiple batch moves. By using the new batch move architecture, we improve the Mailbox Replication Service (MRS) moves by enhancing the management capability. More specifically, we can move multiple mailboxes in large batches, we get email notifications with reporting during the moves, have automatic retry and prioritization of the moves, the primary and personal archive mailboxes can be moved together or separately and finally, we get periodic incremental syncs that update the migration changes. All of this of course occurs form within the Exchange Administrator Center (EAC) no matter if you’re dealing with on-premises moves or online moves.
  • Public Folders Just like for on-premises Exchange organizations, organizations that move to Exchange Online can take advantage of public folder functionality. Organizations with on-premises public folders can even migrate their on-premises public folder data to public folders in Exchange Online. Public folders in Exchange 2013 are based on mailboxes, so we now have the same high availability history for public folders as for “normal” mailboxes as both PF mailboxes also are stored in DAG protected mailbox databases.

Figure 4: Public Folders in Exchange Online

  • Message Trace The search functionality within the message trace tool has been improved. Every time a trace result is viewed for a message, the subject line text is provided for each message. Finally, a detailed view is provided that describes all the events that happened to the message.
  • Address Book Policies (ABPs) A feature that many enterprises missed in the previous Exchange Online version was the option to create custom address lists and do GAL segmentation. This is now possible, but must be configured via PowerShell.

This concludes part 1 of this multi-part article in which I explain how you configure Exchange 2013 hybrid environment and migrate to Office 365 (Exchange Online).

If you would like to read the other parts in this article series please go to:

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top