When planning your migration of Exchange to Office 365, you’ll find there are several options available to you. Should you use a third-party tool to perform the migration? Should you use the cutover or staged migration technologies built into Office 365? Or, should you perform a Hybrid migration?
When you migrate mailboxes using Exchange Hybrid, you get the best end-user experience and the most straightforward experience as an IT admin.
A Hybrid migration allows you to move the mailbox, not just copy the emails, contacts and calendar items to Office 365. It uses the same underlying technology you might have used in the past when you’ve upgraded between Exchange versions, meaning that Outlook clients don’t need to be manually re-configured or re-download their cached mailbox data.
And, just like on-premises mailbox moves, you can perform an initial synchronization of the mailbox to Office 365 behind the scenes prior to completing the migration and switching them over – and even migrate the mailbox back to on-premises if you need to.
Hybrid has a reputation for being hard
A simple process for IT and a great experience for users mean that it should be an easy choice when it comes to Exchange Hybrid. For many organizations, it isn’t.
Hybrid has a reputation for being difficult to implement and get right. A traditional Exchange Hybrid implementation includes more than just the mailbox moves – it also includes planning for long-term co-existence.
One option in the Hybrid Configuration Wizard that’s been around for a couple of years now is the Minimal Hybrid Configuration option. If you’ve read up on Hybrid migrations in the past and haven’t heard much about minimal Hybrid, then you’ll be pleased to know that it’s one of the foundations for simplifying the Hybrid set-up process.
Figure 1: Choosing the Minimal Hybrid Configuration option.
When you run the Hybrid Configuration wizard today, you’ll see the option immediately to choose Minimal Hybrid – and it’s suggested as the recommended option. But how does it make a Hybrid migration easier?
Minimal Hybrid pairs well with new Hybrid capabilities
If you’ve read Dominik’s recent article Hybrid Exchange: Making it easier and faster to move to the cloud, then you’ll be aware that the Hybrid Agent will make one of the most complex aspects for enabling Exchange Hybrid much easier for most organizations.
By far and away the most complex aspect to Exchange Hybrid often is publishing Exchange Server to the internet in a way that works well for Hybrid migrations. The Hybrid agent takes away the requirement to do this. Install the Hybrid Agent, and (put simply) Office 365 can migrate mailboxes from on-premises without you needing to change any inbound firewall rules, reconfigure load balancers or reverse proxies or change Exchange URLs and SSL certificates.
What Minimal Hybrid and the new Hybrid Agent don’t do
Minimal Hybrid is focused on making the migration easier and simpler, not long-term co-existence. It doesn’t configure several Exchange Hybrid aspects that the full Hybrid configuration does, including:
- Free/Busy sharing – the ability to see people’s availability when some are on-premises and some are in Office 365.
- Secure Mail flow – a core aspect of Full Hybrid, secure mail ensures that “Exchange email” looks like “Exchange email”. Internal out of office auto-replies, voting messages, and the ability to use functionality like Centralized Transport (where all email in and out of Office 365 flows through your on-premises Exchange Servers).
- Lesser used functionality, like cross-premises eDiscovery and full integration into service like Skype for Business Online or Teams for on-premises mailboxes.
You’ll also expect not to configure some advanced functionality, like the ability to grant full access permissions to mailboxes, cross-premises, send-as or send on behalf of rights and granular delegated permissions on Calendars. After all, should you need that functionality for long-term Hybrid, capabilities such as secure mail flow and availability will also be key.
Full Hybrid with the Hybrid Agent
Therefore, whilst the Hybrid Agent is a crucial, useful new development, it doesn’t absolve organizations of all the tasks they’ll need to perform for a long-term Hybrid or full Hybrid implementation.
If you use the Hybrid Agent, although you won’t need to publish Exchange Server for your Hybrid migration, and free/busy sharing, you will still need to publish SMTP – both inbound to your Exchange Servers and outbound to Office 365. This is often a complex step for organizations who’ve traditionally used an on-premises (or cloud-based) spam and malware blocking appliance rather than publish their Exchange Servers.
Making the decision between Minimal and Full Hybrid
As you’ll see, migration-only scenarios pair well with the Hybrid Agent and Microsoft are clearly banking on Minimal Hybrid with the Hybrid Agent being key to making migrations much easier.
As the decision isn’t just about the migration itself, we’ve put together a simple table to help you make the decision between minimal and full Hybrid:
| I need…. | Use |
| To migrate all mailboxes to the cloud quickly | Minimal Hybrid |
| To avoid making any changes to my network and I want to use the Hybrid Agent as soon as it’s available | Minimal Hybrid |
| To perform a “cutover migration” to Office 365 | Minimal Hybrid |
| To manage Office 365 mailboxes and will be using Azure AD Connect to synchronize my Active Directory | Minimal Hybrid |
| A consistent Global Address List between on-premises and Office 365 | Minimal Hybrid |
| To transfer my organization configuration, like ActiveSync policies to Office 365 | Minimal Hybrid |
| To automatically redirect Outlook clients to Office 365 seamlessly once they migrate | Minimal Hybrid |
| To pre-sync all mailboxes behind the scenes, have automatic delta syncs occur in the background and complete migrations when my organization is ready | Minimal Hybrid |
| To route all mail in and out of the organization through my existing Exchange infrastructure | Full Hybrid |
| To ensure the email path between users on-premises and users in the cloud is secure | Full Hybrid |
| To maintain internal headers on emails, use features like mail-tips cross-premises, voting messages and out of office auto replies | Full Hybrid |
| To see people’s free/busy irrespective of where their mailbox is, on-premises or in Office 365 | Full Hybrid |
| To configure advanced sharing across Exchange and Office 365 mailboxes like Full Access permissions so I can move mailboxes one by one, without being limited by sharing boundaries | Full Hybrid |
| To use advanced integration, like Skype for Business presence, Teams integration into Exchange 2016 mailboxes or cross-premises eDiscovery | Full Hybrid |
Naturally for every scenario above that Minimal Hybrid can be used – full Hybrid will work well too. Hopefully though, you’ll see that the Minimal Hybrid option is worth considering as a go-to option.
Download Steve’s comprehensive 38-page guide, mapping out the entire O365 migration journey: How to Migrate Exchange to Office 365: Step by Step.
Hi,
as im new to this and have to do an O365 migration (from 2013 Exchange).
Can i use minimal Hybrid to:
Sync Local AD with Azure AD (and keep it – i do the AAD Connect manually bofore not at the hybrid wizard)
Use HCW and click “do it manually later”
Migrate Mailboxes from 2013 -> O365
Add licenses
Keep the 2013 for the attributes (later install the 2019 mgmt tools and schema extensions) and decommission the 2013 in the future.
Anything about local DAGs (2x 2013 with 2 DAG in 1 Domain (2 Sites)) i should consider?
Thank you!
I think i know the answer, but i just wanted to double check.
I am currently running Mcirsofot 365 Apps for Enterprise, using ADSync to sync the users that use RDS. I now need to migrate Windows SBS Exchange 2010 mailboxes to this tenent. Can i keep the ADSYNC running just as it is now into the future. I will migrate off this server completely
Yes, assuming you keep it up to date (e.g. updating to Azure AD Connect and keeping it up to date relatively regularly).
Great article… I have a quick question.
I’ve already configured ADConnect (before understanding the Minimal Hybrid option) and synch is running from my AD to O365. Can I still use the Minimal Hybrid option? I have no strong requirement for ADConnect to remain after the migration is complete..
Yes that’s fine. I’m doing that with a fellow consultant & customer as we speak..
Hello,
the minimal setup is greyed out.
Do you have any ideas about that ?
BR Greg
I have tge same issue!
hi,
thks for the video.
when i choose full i have an other screen asking for the federation.
is it mandatory ? why didn’t you have this screen on your video ?
cheers,
If you’ve already got Federated Sharing configured in your organisation you might not be asked for this. If you haven’t, then you will.
Steve
Just so I am understanding correctly from all the posts/responses. If I am running Minimal Hybrid after my O365 migration. I can’t get rid of the Hybrid setup if I still want to manage user’s via my AD?
I use AD to manage user profiles to log into their computers.
So how will this work if I need to reset profile passwords? Change the password on the Cloud portal as well?
In other words. If I remove Minimal Hybrid then Azure AD won’t work anymore, right?
So does this work for user accounts on their PCs?
Steve. We have full hybrid 2010 and are upgrading to Exchange Hybrid 2016. All mailboxes have been migrated to O365 and AutoDiscover and all mailflow is in the cloud. Do we run the minimal Hybrid configuration once we stand up the EX2016 server? We have many domains as well. Will running the minimal hybrid remove the remnants of the full hybrid configuration if not what would i need to do after?
Hello,
Thanks for the article. Do any of these allow you to uninstall exchange on prem after the migration but still leave adsync without issues require adsiedit to fix without exchange on prem?
At the moment – and Microsoft have said this will change in the future – you must keep an Exchange server for management.
Steve
Hey Steve, just had a quick question. Does the choice of minimal/full affect the ability to fully cutover to O365 later on (as in eliminate On Prem Exchange)?
Hi Keith,
No, it doesn’t. In either scenario you’ll be able to choose to remove Hybrid identity and Exchange, should you wish to do so in the future.
Steve
Hi Steve
We have now migrated all mailboxes to Office 365. We have decommissioned the On-prem mailboxes databases (bar the one retained for system mailboxes.) Autodiscover is now pointing directly to office 365.
Our previous Exchange guy said the last thing we need to do is fix the settings in Symantec Email Security.cloud (so it points directly to Office 365 and not our on-prem servers) and then rerun the Hybrid tool. How do we find out which configuration we are on now? At the moment the mail is first being routed through our on premises and then to Office 365. Is this easy to fix or should I wait for his response.
Hi Stuart,
Yes, you can keep the Minimal Hybrid for the long-term. Password hash sync and Seamless SSO do not depend on a full Exchange Hybrid.
Steve
Hi Steve
great article!!
if you have synchronised identity, we are planning to use password hash sync and seamless single sign on, do we then need to run the full hybrid as we are planning to keep on prem AD servers? or can you keep the minimal hybrid long term?
thank you
Yes, many have.
Obviously, you are signing up to ensuring your Hybrid environment stays patched and current – so you have to be as regular or better at Exchange patching than your are in the all on-premises world.
Long term Hybrid of course, can mean two different things:
– Running full Exchange Hybrid even though mailboxes have been moved, for Transport/Mail integration and running Autodiscover services
In that case, “Full Hybrid” once all mailboxes have departed, may become, gradually minimal Hybrid as you move DNS records for Autodiscover to Office 365, $null the SCP, and remove Federated Sharing (or unpublish it).
Effectively, it becomes minimal Hybrid with SMTP.
– Running full Exchange Hybrid because you have a balance of Mailboxes that will always remain on-premises, and/or Public Folders
In this case, then you will more than likely need more than “Full Hybrid” as defined by what the HCW creates, as you will be considering Public Folder co-existence , OAuth configuration potentially for Teams (and other) integration with on-premises Exchange, object changes/updates for better levels of Calendar Sharing, Hybrid Modern Authentication – and supporting clients where there are connections to both Office 365 and on-premises in day to day running.
Cont..
Cont..
Versus an on-premises only or a cloud-only deployment this leads back to the patching, and overall service management. Instead of managing Exchange like you did on-premises, you’ve moved to a mostly evergreen model and need to assess new features as they arrive and integrate them. This typically in organisations that run long-term Hybrid goes hand-in-hand with a transition to a new operating model; which of course is key and the most complex aspect to achieve.
Steve
We are trying to make the decision on whether or not to use Full Exchange Hybrid mode for an extended period of time (months or even years). While articles like this one would make one think that this is possible, we have heard war stories that say the opposite. Has anyone successfully ran Full Exchange Hybrid mode for an extended length of time? And, if so, would they be open to answering some basic questions as to lessons learned?
I would recommend against running a Full Exchange Hybrid for any extended period of time. For the on-premise server to be aware of all mailboxes until the Hybrid configuration is removed, you must make future Exchange mailboxes on-premise and then migrate them to Office 365. The Exchange server(s) still need maintained and patched also.
Lots and lots of organisations run Hybrid (full or minimal) post migration.
You must run either and neither change the way you must manage mailboxes. You create Remote Mailboxes locally and these sync via Azure AD Connect and create mailboxes in Office 365.
The only time Exchange Hybrid can be removed today (in a supported way) is if you remove Azure AD Connect.
If you don’t need any mail relay from on premises and have no need for on premises mailboxes after a migration, moving to a minimal Hybrid makes sense. However it changes nothing when it comes to creating mailboxes, and it’s incorrect to state you have to make a mailbox on premises and then migrate it.
Microsoft does not recommend minimal hybrid if you are managing your users in your on premises AD infrastructure. Your post seems to disagree with that. Not calling you out, I am curious about your reasoning.
We are starting our 365 migration soon, so I’m needing to make some decisions on how to proceed. I do expect to keep a small on prem Exchange VM for GUI management of Exchange attributes at first, though we may remove that later and go full powershell.
Minimal Hybrid still requires Azure AD Connect to be in place.
Steve
Hi Steve. I am in a middle of doing a Hybrid config. I’ve only found out about the minimal hybrid option just recently. When I run the hybrid configuration wizard, minimal hybrid is greyed out and only full hybrid option is available. Maybe it was because of running Azure AD connect previously. How do I undo the full hybrid setup? I have not migrated any mailbox yet. AD users have been synched to office 365 portal. I will be migrating aroung 50 mailboxes only.
Hi, very interested in this answer as well!
Has Hybrid been enabled in the past? Azure AD Connect should not affect whether the option is shown.
Hey Steve,
What if an organization were to change from running a Minimal to FULL ? What would the impact be in doing that change? minimal?
Thanks,
It could be significant, if you are currently using custom connectors for mail flow – these will be created by the wizard.
Hi Steve,
I have the same problem Minimal is greyed out. Running the HCW for the first time it was available until I got an error “HCW0 – PowerShell failed to invoke ‘Get-RemoteDomain’: Starting a command on the remote server failed with the following error message: The I/O operation has been aborted because of either a thread exit or an application request.” That is why I need to re-run the HCW only to find out Minimal is now greyed out.
Please help! Thanks.
Did you figure this out? I have the same problem?
Did you figure this out? I have the same problem?
Same problem at this time. Any help would be appreciated.
Hello Steve,
This is very beautiful article, awesome for newbies to understand Hybrid functionality and its uses.
Thanks! I’m glad you found it useful.