HCW Improvement: The Minimal Hybrid Configuration option


Over the past several years, we have received feedback from all sorts of customers on how the Hybrid Configuration Wizard can be improved. One highly requested piece of feedback has been focused around providing an option to allow a customer to configure the bare essentials to support a hybrid configuration with Office 365.

One of the challenges we needed to overcome is that a Staged Exchange Migration is not supported for customers that are deployed on Exchange Server 2010 or later. That left customers with two options, either perform a cutover migration or a hybrid configuration. A cutover migration is designed for small customer deployments because all the users need to be migrated at the same time, and all Outlook profiles have to be recreated. The limitation of the cutover migration led many customers to deploy a Hybrid configuration. The Hybrid configuration has strict prerequisites around certificates and configuration scenarios that for some customers are confusing and unnecessary.

Today, we are pleased to announce that the Minimal Hybrid Configuration feature is available. When you launch the Hybrid Configuration Wizard (for the first time), you will be presented with a new dialog option, entitled Hybrid Features. This dialog allows you to choose between a Minimal Hybrid Configuration or a Full Hybrid Configuration.

hcw

What’s the difference? In a nutshell, the Minimal Hybrid Configuration allows you to just to perform migration and administration in a hybrid deployment. The Minimal Hybrid Configuration excludes configurations of secure email and any Exchange Federation related features, such as free/busy. This new configuration allows a customer to have the user experience benefits tied to a Hybrid migration: when a mailbox is moved you will not have to recreate the user’s Outlook profile; online mailbox moves are performed, unlike in a staged or cutover migration (users are for the most part not disconnected from the mailbox during the move); user account credentials are synchronized; and you get to enjoy uninterrupted mail flow.

What customers should use the Minimal Hybrid Configuration?

  • Small or medium sized customers that need a seamless migration experience for their users.
  • Customers that do not require enhanced features like:
    • Cross-premises Free/Busy
    • TLS secured mail flow between on-premises and Exchange Online
    • Cross-premises eDiscovery
    • Automatic Outlook on the web and ActiveSync redirection for migrated users
    • Automatic Retention for Archive Mailbox
  • Customers that plan on moving to the service quickly and, therefore, do not require the enhanced features previously mentioned.
  • Merger or acquisition scenarios may benefit from this configuration since you can move the mailboxes to a tenant without having to configure all of the Hybrid features.
  • Customers that need Exchange installed On-premises for recipient administration purposes

What conditions expose the Hybrid Features dialog?

Customers that are setting up hybrid by executing the Hybrid Configuration Wizard for the first time will see the Hybrid Features dialog and will be able to choose the type of hybrid deployment they want.

If you have already run the Office 365 Hybrid Configuration Wizard in the past, this new dialog option will not be exposed. In addition, once a customer chooses to deploy the Full Hybrid Configuration option, this new dialog option will no longer be available. This new feature is not intended to enable customers to remove a hybrid configuration and start over.

However, if a customer was to choose the Minimal Hybrid Configuration option, subsequent executions of the Hybrid Configuration Wizard will continue to expose the Hybrid Features dialog. This allows a customer to change and deploy a Full Hybrid Configuration in the event they find they need certain additional features, like cross-premises Free/Busy.

Will cross-premises mail flow function in a Minimal Hybrid Configuration?

Yes, mail flow will function between your on-premises environment and Office 365 as the routing domain (e.g., contoso.mail.onmicrosoft.com) is a target address for migrated users. However, the mail flow between your on-premises environment and Office 365 will not be TLS protected. If you require TLS protection, you have two options – you can manually create connectors or you could run the HCW and select the Full Hybrid Configuration option if there is a need for an enhanced feature, like TLS protected mail flow.

Will Exchange Online Archive mailbox access function in a Minimal Hybrid Configuration?

Yes, on-premises mailboxes will be able to access Exchange Online archive mailboxes in a Minimal Hybrid Configuration. However, if you want to have retention policies that move items to the Exchange Online archive mailboxes automatically, then you will need to select the Full Hybrid Configuration option.

How do I move mailboxes after I run the wizard?

We are working on a new MRS migration portal interface for MRS based moves, but you can still use the Exchange Administration Center to move your mailboxes. Even when the new portal experience for migrations is ready the EAC options will still be present.

Summary

We are working hard to take the entire on-boarding and hybrid experiences to the next level and this is an important step in that journey. This will allow us to improve the experience for customers that want to move to the service quickly or just want a less painful way to cutover to Exchange Online.

As always, please keep the feedback coming by using the feedback option in the Hybrid Configuration Wizard. We read it all…

Office 365 On-boarding Team

Comments (36)
  1. Andrew says:

    Will this mean that from a Multitenant/Hosted (on-prem) shared Exchange scenario (with ABPs) we now can setup multiple Hybrid Configurations? e.g. On-Prem TenantA O365 TenantA and On-Prem TenantB O365 TenantB? With multiple Azure AD Connect deployments and OU filtering we are able to handle the AD part, but Exchange Hybrid was limited to one O365 tenant.

    1. No, Andrew. Hybrid is only supported with a single Office 365 tenant. You can, however, have multiple on-premises organizations be in a hybrid configuration with that single tenant.

      1. Andrew says:

        Thanks Ross, Any other advice for an hosted environment to move/hybrid multiple customers to/with O365 Tenants?

  2. Rob says:

    How do the pre-requisites differ between full and minimal hybrid I.e Certificates and publishing of on-premises services?

    1. The prerequisites are pretty much the same… You need a third party certificate for the MRS Migration Endpoint, although the HCW will complete with a warning if that is not in place.

      You will not need to have a third party cert for SMTP and you will not need a TXT record for Federated domain proof. The rest of the prereq’s are pretty much the same (DirSync enabled, verified domain in tenant, but the HCW takes care of configuring most of them.

  3. AnthonyNZ says:

    Great news!
    Now any progress on making an Exchange “minimal configuration” option for those of us who just need a management-only presence on-premise?

    1. This is pretty much that solution, the only extra piece we are attempting to create is a migration endpoint, but you can simply remove that endpoint.

      1. Chris Clark says:

        To go along with this question. I have a lot of customers asking get rid of Exchange completely. What is the minimal Exchange 2016 configuration needed in order to manage all users after migrating to Exchange Online? They do not need hybrid in anyway – just for management of Exchange attributes.

  4. Ross, is there any change for digital certificate prerequisites with Minimal Hybrid? Same as full Hybrid?

    1. Same as full hybrid in that you need a third party certificate for MRS moves to succeed. you do not need the cert enabled for SMTP, but it needs to be in place if you intend on moving mailboxes on the IIS on the external facing Exchange servers.

  5. James Knoch says:

    So could you do minimal multi-hybrids with multiple On-Premise Exchange 2010 environments to a single tenant in this scenario?

    1. Yes, you can run the HCW with the minimal option from more than one resource forest to a tenant.

  6. Aleksey says:

    What specific functionality is added and what changes are made to the on-premise and cloud (Office 365) environments when you run the wizard with Minimal Hybrid Configuration (on Exchange 2010 SP3)? I looked for information on this, but couldn’t find much.

    I would like to get this setup for purposes of migrating on-prem mailboxes to Office 365, however I don’t want to affect the inbound and outbound mailflow for the Office 365, or the on-prem environments. I don’t care if internal email is routed between on-prem and cloud environments, but I want external mail destined for Office 365 to route to it and external mail destined to Exchange server to route to it. I want to make the least production-affecting changes as possible.

    Currently, Office 365 tenant has one domain name and Exchange 2010 has another domain name. My goal is to add the hybrid configuration, add the on-prem domain name to Office 365, migrate the mailboxes (about 50) and remove the hybrid configuration. Does this sound reasonable with the Minimal Hybrid Configuration, or is it a much more involved process and should not be used for simple migrations? What is the process to “uninstall” the hybrid configuration from both environments? Thanks!

    1. You will need to have at least one domain that is added to both EXO and Exchange on-premises, that is called a “Hybrid Domain” and that needs to be in place.

      Running the HCW in minimal configuration mode will not change the way your mail is routed since there are no connectors created.

      We do not publish all of the changes that we do with the HCW, but essentially we add/modify accepted domains, remote domains, Email Address Policies, Web Services Virtual Directories, and tenant settings like DirSync enablement and Tenant Hydration.

      We log all cmdlets we run in the HCW log so you can review the changes we have made there.

      Not knowing all the detail of the scenario I cannot say for sure, but it sounds like a good candidate for doing the minimal Hybrid configuration. If you want the steps to remove hybrid please consult this document: https://technet.microsoft.com/en-us/library/dn931280(v=exchg.150).aspx

  7. Joshua Bines says:

    Hey Ross, Is Exchange 2007 supported with Minimal Hybrid Configuration option?

    1. You can have Exchange 2003 or 2007 in the environment, but because MRS will be required you need at least one 2010 or greater Exchange server.

  8. wilson Jr says:

    My company approved Exchange Online Plan 1 and Exchange Online Kiosk total about 600 accounts in cloud and 150 on premises in Hybrid mode. What Hybrid Configuration i should run. What feature I’ll be missing having these two plans Exchange Online Plan 1 and Exchange Online Kiosk.

    1. the core features that will be missing are called out in the article… in the end if you want to move your mailboxes and do not require coexistence features like Free Busy and TLS authenticated mail flow, then the minimal hybrid is a good candidate.

      Customers that do not require enhanced features like: ◦Cross-premises Free/Busy
      ◦TLS secured mail flow between on-premises and Exchange Online
      ◦Cross-premises eDiscovery
      ◦Automatic Outlook on the web and ActiveSync redirection for migrated users
      ◦Automatic Retention for Archive Mailbox

  9. Tiwary says:

    What are the steps “minimal hybrid” is performing? Is it excluding only org relationship or something more as well from full hybrid?
    “The Hybrid configuration has strict prerequisites around certificates and configuration scenarios that for some customers are confusing and unnecessary.”

    But as we understand that prerequisite still remains same and certificate is required for minimal as well so what we are getting as advantage?

    1. As mentioned in the article this is a important step in the journey of offering a greatly simplified migration experience. This is NOT the end state but it was significant enough that we felt it was worth releasing.

      The main benefits are for customers that do not require secure mail or free busy, those customer now get no confusing questions to configure hybrid. This process also removes the need for creating the TXT records for Federation and greatly minimizes the surface area for failure. In addition, the wizard will complete without third party certificate when minimal hybrid is selected. Technically if you intend on moving mailboxes the certificate will be required, but for some that may be coming from lotus, they may just want Exchange setup for recipient management purposes.

  10. Mohd Imran Shaikh says:

    Hi Ross / Timothy,

    What about Legacy Public Folders syncing in hybrid as per the article below, will it still work with Minimal Hybrid Configuration?

    https://technet.microsoft.com/en-us/library/dn249373(v=exchg.150).aspx

    1. Running Minimal hybrid will not change the steps to configured Hybrid Public Folder and they will complete work just the same as they do with full hybrid.

  11. Hello,

    Will the Minimal Hybrid Configuration add the option on an Exchange 2013 server to create a “New Office 365 Mailbox” like when performing full hybrid?

    Thanks in advance.

    1. DDirk says:

      Yes, running thru the minimal HCW, I got the “New Office 365 Mailbox” mailbox type and it works as expected. However I still can’t switch between Enterprise and Office 365 as it takes me to the sign-up page. I did get the “CW8078 Migration Endpoint could not be created”. Also my CAS is not accessible thru external URLs (EWS, etc.) in case that’s related. I don’t need mailflow as all the migrations are done.

  12. Tyler says:

    Can a single third party cert work without the autodiscover domain name (I.e, mail.domain.com with the minimal hybrid configuration)? Is that enough to allow migration?

    1. DDirk says:

      I’m not sure about migration. For management I was able to get away with a single domain cert as long as my external host name was the same as my common (internal server) name in the CSR. But I got certificate trust errors doing the Outlook Connectivity test (specifying the server, not using autodiscover.) That was resolved after I assigned some services (SMTP, POP, IMAP, IIS) to the cert. Finally the minimal HCW completed without the MRS Proxy HCW8078 Migration Endpoint error.

  13. Adriaan Hu says:

    Hi, I didn’t get the option to do Minimal in the HCW. Is it restricted somehow?

  14. Tyler says:

    Are there a few screens before we get the option to choose a full or minimal hybrid configuration? I started the wizard from exchange online and so far it looks like the basic username and password prompts. I cancelled of it confused as to whether I needed to do anything else to expose the minimal hybrid prompt

    1. Tyler says:

      Tried it again. The screen is presented after the credentials check

  15. TGalentine says:

    I have a interesting issue and a question.

    I have a client that has moved to Exchange Online and uses AD Connect. They noticed that they are not able to manage the Exchange attributes from the Cloud. So the decision was made to install Exchange Server 2016 in Hybrid mode. After installing the server which took some doing, the client sees all of his users but no data. But they do get an error “The object CG/Domain/Group/Users/ has been corrupted or isn’t compatible with the Microsoft support requirements, and it’s in an inconsistent state. The following errors happened: Database is mandatory.”

    Any suggestions?

    Also, is there a supported way of supporting Exchange Online without a Hybrid install of Exchange Server?

  16. larry heier says:

    Hi there,

    I have a question. Can a company use the Exchange Hybrid license to host system shared mailboxes after the Office 365 migration. So basically keep the Exchange 2013/2016 hybrid server hosting a few shared mailboxes and retire their legacy Exchange 2007/2010 servers without purchasing an Exchange 2013/2016 standard license?

    thanks,
    Larry

  17. Nick says:

    This this have any impact or for migrating Unified Messaging-enabled mailboxes? Or are the migration steps the same as a traditional Hybrid UM-enabled mailbox migration?

  18. Ian says:

    With this minimal hybrid option, can users mobile devices be re-directed to their cloud mailbox once it has been moved?
    If not, could it be manually configured to do this after the hybrid wizard has been run.
    We want to migrate users over a period of time but need to make sure mobile devices stay connected.
    We do not want to setup federation services if possible.

  19. Dominik says:

    Hello
    I’ve run a minimal Hybrid configuration. Now when i try to run a remote move I need to select a target delivery domain but there I only have one domain to select (xxxx.mail.onmicrosoft.com and xxxx.onmicrosoft.com) but we’ve five domains on our on premise server and all domains are vaildated in O365.
    What should i do? I need to be able to move the different mailboxes to our different validated domains in our O365 tenant.

    Thanks and greetings
    Dominik

    1. Dominik says:

      hello?
      does someone from Microsoft read my post?
      I find out that I need to deploy full hybrid to see all our Domains but I’m still unable to move any Mailbox from on Premise to office 365. If I try to move nothing happens, no move, no error, no log
      Should i configure other Things than to execute HCW?

      Thanks for an Answer
      Greetings
      Dominik

  20. Petr Weiner says:

    Hello,
    How about Autodiscover. Is it a must to keep SCP for Autodiscover on-premises or should I move it to O365? Is a certificate still a must for Limited hybrid? I guess answer is NO, but please let me know. Thanks.

Comments are closed.

Skip to main content