Exchange migration: Minimal hybrid vs. full hybrid — which is right for you?

Are you planning a migration from an on-premises Exchange email solution to Office 365? If so, you will soon find out that there are several migration options that are available to you. You will find that there are native tools to use, as well as many third-party tools that can help you get to Office 365. Will you be performing a cutover migration? Staged migration? Will you live in a hybrid configuration? Can you finally get rid of your on-premises Exchange server?

Lots of questions…

This article will answer a few of them — because we are going to talk about hybrid. More specifically, we are going to discuss the minimal hybrid approach vs. a full hybrid approach — and when to use each.

A little bit about hybrid

minimal hybrid
So, what does “hybrid” mean, exactly? A hybrid mail solution is a solution that allows an organization’s mailboxes to live both on-premises and in Exchange Online, either permanently or temporarily. Whether an organization remains in a hybrid configuration permanently or not depends on the long-term plans for email – and on what features are necessary.

Deploying a hybrid email solution as a means of migrating to Exchange Online / O365 allows you to move mailboxes to the cloud. This differs from most third-party products, which “copy” mailbox data to new mailboxes that are deployed in Office 365. The process for moving mailboxes to Office 365 in a hybrid configuration is essentially the same process that you would follow when upgrading Exchange on-prem to a new version. You simply go into the EAC, select mailboxes, and move them to O365. Easy peasy.

A hybrid solution, much like on-prem mailbox moves, also offers the ability to “seed” the cloud mailboxes in the background without impacting users. You can sync the mailboxes to the new destination, and then, when you are ready to cutover, complete the migrations and switch over to O365. The hybrid solution to mailbox migrations to Office 365 is quite elegant.

Is hybrid still scary?

There was a time when deploying a hybrid solution to migrate from on-prem Exchange to Office 365 was stressful and downright scary. There were so many moving parts and so many decisions, that even the most seasoned messaging engineers sometimes had trouble setting it up. With improvements to the process, along with the Hybrid Agent (more on this later), configuring a hybrid solution is not nearly as bad as it once was. However, to be completely honest, the setup of a hybrid solution — especially a full hybrid — is still best left to the experienced messaging engineer. With that said, it’s not as scary and cumbersome as it once was.

What is this ‘minimal hybrid’ that you speak of?

minimal hybrid
When you run the Hybrid Configuration Wizard, which is called the “HCW” by the cool kids, you’ll immediately notice that you have two main options: minimal hybrid and full hybrid. The easier-to-deploy minimal hybrid option is available for those organizations that are looking to just perform migration and administration in a hybrid deployment. However, a minimal hybrid configuration excludes several security and federation features that are available in a full hybrid configuration. For example, features such as cross-premises Free/Busy availability and TLS secured mail flow between the on-premises environment and Exchange Online are not available. As such, the minimal hybrid configuration is only useful in certain circumstances.

With that said, when should an organization use the minimal hybrid configuration?

The minimal hybrid option is best for small and medium-sized organizations that are looking for a seamless (and quick) migration experience and have no need for any significant term of coexistence. Minimal hybrid is not a good solution in cases where significant coexistence is necessary because enhanced features like cross-premises Free/Busy sharing is unavailable, as is cross-premises eDiscovery. There is no TLS secured mail flow between the on-prem org and Exchange online, nor is there automatic Outlook or ActiveSync redirection for migrated users. Another feature missing from minimal hybrid is automatic retention for Archive Mailboxes.

Only those organizations that are planning on moving to O365 quickly should consider minimal hybrid.

…and what about full hybrid?

The full hybrid option is a full-featured solution for organizations that require long-term coexistence between an on-prem Exchange platform and Office 365. Remember all those features that the minimal hybrid didn’t offer? Well, you get all of them — and more — with a full hybrid configuration.

Full hybrid, in the context of migrations, is intended for organizations with large numbers of users (think thousands) that need to be migrated to O365. In such environments, it can often take weeks or months to complete the migration to Office 365. As such, the security features and federation features that are lost in a hybrid configuration are often required.

Another, lesser understood reason to consider a full hybrid configuration is directory synchronization. While a quick migration from an on-prem Exchange organization to Office 365 often calls for a minimal hybrid solution, which typically includes the deployment of Azure AD Connect and a one-time sync of on-prem AD users to O365, an organization that plans on maintaining an ongoing sync of on-prem AD users to O365 via Azure AD Connect should be considering full hybrid. A full hybrid configuration should be deployed in these cases because, as part of a minimal hybrid solution, Azure AD Connect is actually disabled after the initial sync of on-prem users to O365. Full hybrid, on the other hand, leverages Azure AD Connect in a permanent fashion, ensuring new users created in the on-prem AD are always synced to O365.

…and what about that on-prem Exchange server?

Once you’ve moved all your mailboxes to O365, you might be tempted to decom your on-premises Exchange servers.

Not so fast! Doing so might be a bad idea.

Even if all mailboxes live in O365, you may be surprised to know that you still need to keep an on-prem Exchange server around. Yes, really.

Why? The answer is Synchronized AD Accounts.

Most organizations that leverage Exchange Online / O365 will also be using an on-prem Active Directory. In such cases, Azure AD Connect is probably humming along as well — syncing users from on-prem to O365 on an ongoing basis. This is a typical configuration because organizations want to ensure that all new users in AD are also created in O365 (and all users deleted from on-prem AD are deleted from O365). Such a configuration results in a requirement that Exchange remain in the mix because when an on-prem AD account is synced, the on-prem account is considered the authoritative source for all AD attributes. As such, if you try to modify an attribute such as a user’s name or proxy address in O365, you’ll be treated to an unpleasant surprise. Office 365 is going to tell you that you need to make the change to the on-prem account and then let the change sync to O365.

Bleh…

Back to the on-prem Exchange Admin Center (which is run from the Exchange server that needs to remain in place).

While many organizations work around this by decommissioning the on-prem Exchange server and then managing such attributes via Attribute Editor in Active Directory Users and Computers (or even via, shudder, ADSIEDIT), these types of workarounds are NOT supported by Microsoft. Sure, they work, but when you call Microsoft for help with an issue, they are going to turn you away.

So, the next time someone tells you that you can get rid of your on-prem Exchange server after your migration to O365 is complete, you’ll know better.

So which solution should I ultimately choose?

minimal hybrid

Choosing a solution, ultimately, isn’t difficult — especially if you are using Azure AD Connect to sync your on-prem users to O365. Your existing environment is going to largely dictate which solution you go with, taking much of the decision-making out of your hands.

If you are managing your users on-prem via local Active Directory, a full hybrid solution is going to be the required solution. Full hybrid is required in this case because Minimal hybrid disables Azure AD Connect synchronization once the initial sync of users to O365 is complete. Obviously, this would be a problem if users are provisioned on-prem AFTER the sync has been disabled.

Key reasons to choose a full hybrid solution include:

  • You need to ensure email sent between on-prem users and cloud users is secure.
  • You need to see free/busy for both on-prem and cloud mailboxes (this is usually a big one).
  • You require advanced sharing, like Full Access permissions across Exchange and Office 365 mailboxes.
  • You require certain integrations, including Skype for Business presence and Teams integration into Exchange 2016 mailboxes.
  • You require cross-premises eDiscovery functionality.

Key reasons to choose a minimal hybrid solution include:

  • You are migrating quickly to O365 and have fewer than 1000 mailboxes to migrate.
  • You wish to perform a “cutover migration” to Office 365.

Minimal hybrid vs. full hybrid: Final thoughts

If you look closely at the lists of key reasons for each solution above, you should quickly notice that the minimal hybrid approach is essentially built for speed, whereas the full hybrid is built for longer-term coexistence. So, as a general rule of thumb, the fewer users that need to migrate to O365, the more likely a minimal hybrid is the right approach — unless you are synchronizing users to O365 in an ongoing fashion via Azure AD Connect. Also, keep in mind that regardless of which solution you choose, you are going to need to keep that pesky on-prem Exchange server around if you are (you guessed it) synchronizing on-prem AD users to O365 in an ongoing fashion.

Surprising, isn’t it? All this information about which solution to choose and it almost always comes down to synchronization anyway.

5 thoughts on “Exchange migration: Minimal hybrid vs. full hybrid — which is right for you?”

  1. Dear Thomas
    Hi
    This is Mohammad
    I am IT manager In a company in Iran,i have MCSE 2003 and recently i need to learn office 365 administration.could you please do me a favor and recommend me an eBook for starting this course.
    thank you so much
    best regards

  2. The comment that if you want ongoing syncs to 365 you need full hybrid is wrong. True that as per this MS page it says by default it will only do a one-time sync:
    https://docs.microsoft.com/en-us/exchange/mailbox-migration/use-minimal-hybrid-to-quickly-migrate#step-3-run-directory-synchronization-to-create-users-in-office-365

    However you will see in Step 3 that it gives you the option to install ADConnect yourself to keep this going. So while one-time sync may be a more common scenario for minimal hybrid, its by no means wrong to use it as a migration method where you need to keep ADConnect running.

    Also heads up that modern agent now means some of the caveats no longer apply to minimal hybrid – ie free/busy now works.

    Cheers

  3. Greg, the key point being made in the article is that Minimal Hybrid isn’t designed for long-term coexistence. Can you do it? Sure. Should you? No.

    Remember, just because the tech lets you do something doesn’t mean it’s a good idea.

  4. Hi Thomas,
    Great article…It answered some of my questions.
    What do you think of Minimal Hybrid migration using the new Modern Hybrid Topology?
    What is your experience with on-prem to O365 transfer speed considering that Microsoft throttles inbound connections. To be more specific, how realistic is to expect to migrate about 100 mailboxes, 10GB avarage size over a (long) weekend?
    Thank you.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top