Exchange 2016: Hybrid mode with Office 365 (part 2)

Part 1 This series of articles initially only dealt with the test environment for an Exchange 2016 / Office 365 hybrid scenario. This part now deals with the preparation of Office 365 and the frankysweb.org domain.

What is hybrid mode

I still need a little explanation about hybrid mode: What is hybrid mode anyway?

In principle, it is explained quite simply, the hybrid mode connects a local Exchange organization with Office 365 / Exchange Online. Both worlds can therefore be used in parallel. One application scenario for hybrid mode would be, for example, to create all mailboxes for field staff and home office users as Office 365 users. All other users who have their desk in the company could continue to have mailboxes on the local Exchange server.

Another example of a use case is the migration from a local Exchange environment to Office 365. Both worlds can be operated in parallel for the duration of the migration until all data has been migrated to Office 365.

The first scenario is relevant for this article: a few mailboxes in the cloud, a few mailboxes locally.

Office 365 test account / test tenant

If Exchange is to be operated in hybrid mode, an Office 365 subscription is logically required. Fortunately, Microsoft provides Office 365 trial versions.

For these articles I use the trial versions of Office 365 Business Premium. You can create a test account under the following link:

• Office 365 Business Premium

Here is a brief description of the process for obtaining a test tenant. Only a little information is required and there are no costs involved. Licenses can also be purchased if required and used productively at a later date:

In the next step, the user account must be defined, which is also created as the Office 365 administrator:

Once a telephone number has been provided and the confirmation code entered, the test tenant is active. Click on "You can get started now" to go directly to the Office 365 portal:

The Office 365 portal now appears, click on the "9 dots" at the top left to open the menu:

In the portal, you must first switch to the administrator view:

Here you can already check the licenses, Microsoft assigns 25 licenses to a test tenant, one license is already used for the admin account:

The licenses are valid for 30 days and can be extended once. A credit card is then required. Extending the trial period is free of charge:

These steps were only for verification, now the Office 365 configuration can begin.

Office 365 basic configuration

First, the domain must be added. To do this, first click on "Show more" in the menu:

The "Setup" item is now visible and a new domain can be added:

All e-mail domains can now be added in the "New domain" wizard. I only use frankysweb.org here:

Important note: For a long time, it was common to have the local Active Directory name end with .local or .domain, for example. For example, I still use frankysweb.local for exclusively local test environments. A user name (UPN) from such an Active Directory would be frank@frankysweb.local, for example. However, these user names cannot be used in conjunction with Office 365. Reason: frank@frankysweb.local is not unique, anyone could call their local Active Directory by this name and there would possibly be many identical user names. Likewise, frankysweb.local cannot be verified as a domain by Office 365, but this is necessary to synchronize the user accounts later and to use uniform user names in the local environment as well as in Office 365. If someone runs into this problem: Alternative UPNs can be used for this, there will be a separate article on this, but here are the Procedure.

The domain is checked by Office 365. This can be done either by e-mail or TXT record in the public DNS. I use the verification email here:

After the domain has been checked, the wizard asks for the online services and DNS settings. "I manage my own DNS entries" is selected here:

In the selection of "online services" I only use "Exchange" for the time being, the other services are not relevant in this pure Exchange environment for the time being and can also be activated later. These articles initially refer to Exchange Hybrid and not to Skype etc.:

After clicking on "Save and close", the new domain is displayed and has the status "Setup is running":

Let's continue with the adjustment of the SPF entry for the domain frankysweb.org.

Adjustment of SPF entry

In order to be able to send mails via Office 365 later, the SPF entry for frankysweb.org must be adjusted and extended to include the Office 365 mail server. The following SPF settings currently apply for frankysweb.org:

Only the static IP is allowed as the sending mail server, so that Office 365 can also send mails with the domain frankysweb.org, the SPF must be extended. By clicking on the domain frankysweb-org in the Office 365 portal, you can display the SPF entry that should be set if it is a pure Office 365 installation (without hybrid scenario):

The important part is here:

• include:spf.protection.outlook.com

This string is now added to the existing SPF entry:

After the adjustment, the SPF entry therefore contains both worlds, your own mail server and the settings for Office 365:

The settings can be verified with MXToolbox, for example:

• https://mxtoolbox.com

So far for now, the next article will deal with the synchronization of user accounts.