Microsoft has announced the public preview of the Hybrid Agent. The Hybrid Agent is part of Exchange Modern Hybrid, a new hybrid topology available to connect your Exchange on-premises servers to Exchange Online.
Microsoft announced the public preview of the Hybrid Agent. The Hybrid Agent is part of Exchange Modern Hybrid, a new hybrid topology available to connect your Exchange on-premises servers to Exchange Online.
For an overview of Modern Hybrid and Hybrid Agent, see Dominik Hoefling’s here.
Hybrid Agent public preview scenarios & limitations
If you plan to use the Hybrid Agent in your environment, you should understand that it does not provide the full functionality (yet) and currently supports the following scenarios:
- Free/busy requests from Exchange Online users to Exchange on-premises (free/busy requests to Exchange Online go direct and require an outbound connectivity of your Exchange servers)
- Mailbox migrations to/from Exchange Online
However, compared to a Classic Hybrid implementation you will be missing the following cross-premises functionalities:
- Message Tracking
- Multi-mailbox searches
Additionally, you should consider the following limitations:
- The hybrid agent will not handle any SMTP mail flow, so you still need a public certificate for mail flow between Exchange Online and your Exchange environment
- Don’t use the Hybrid Agent if you plan on enabling Hybrid Modern Auth as this requires you to publish AutoDiscover, EWS, MAPI and OAB. For example, Outlook mobile takes advantage of Hybrid Modern Auth.
It’s also important to mention that the public preview only supports a single Hybrid Agent install for the Exchange Organization. So, there is no failover redundancy available when the server fails where the Hybrid Agent is installed on.
How to install the Hybrid Agent
The Hybrid Agent public preview is available when you run the Office 365 Hybrid Configuration Wizard (HCW). You can run the HCW either from Exchange Admin Center or as a stand-alone version using this link.
After selecting your Minimal or Full Hybrid Configuration, you should see the following page that allows you to select Exchange Modern Hybrid Topology (Preview) to install the Hybrid Agent.
Note: If you don’t see the Hybrid Topology page in the HCW, you might have already established a successful hybrid configuration, meaning this option won’t be available.
Remember, it’s a public preview
If you decide to test the Hybrid Agent in your production environment, be mindful it is still a preview and has limited Microsoft support. Make sure you test this thoroughly over a longer period of time before you make it available to your users.
For more information about the Hybrid Agent click here.
after i choose full hybrid i have to configure federation is it mandatory ?
Thank you for this article. Although one thing is unclear to me, I do not understand how SMTP traffic is handled between o365 and on-prem.
“The hybrid agent will not handle any SMTP mail flow, so you still need a public certificate for mail flow between Exchange Online and your Exchange environment”. On the other hand “The Hybrid Agent is based on Azure AD Application Proxy technology and will take over the communication between Exchange Online and your Exchange environment.”
I configured Exchange Modern Hybrid recently but I cannot validate connector in Office 365. Should I open 25 port or not? Which IP addresses should be added to whitelist?
SMTP traffic is not handled by the Hybrid Agent but uses your “normal” SMTP mail routes. If you want a dedicated connector between your Exchange and Exchange Online, you need to open port 25 to your Exchange Server. The IP addresses you find here: https://docs.microsoft.com/en-US/office365/enterprise/urls-and-ip-address-ranges
Hope this helps…
Just don’t use it we had issues, spent time on call with MSFT premier team and they said SSL issues on agent. The problem is the SSL is coming from MSFT and we have no way to fix. Simple solution, use classic.. Microsoft should stop releasing underdeveloped software
I would be understanding your issue in more detail, can you Maybe send me additional details via e-mail? I gladly forward the information to my Microsoft contacts, to get an answer…
I heard if you do a hybrid migration and use ad sync – even after you move everyone over to the cloud if you continue to use AD Sync you have to keep the exchange server on prem or your users in the cloud with have mail issues with sharing, groups etc. Has that been fixed?
If you want to have any fallback methods at all if you want to take exchange on-prem again then at least 1 server is probably better than having to setup a new one.
And it isnt the azure ad sync that is the issue, it is that azure ad cannot change most of the msexchange attributes and are read only while in the cloud. To change them you have to use the on-prem ECP/exchange management console.
Besides – how do you handle all the email traffic from your internal servers without at least one on-prem exchange server?
You don’t necessarily need an Exchange Server on-prem…that is to say a mailbox/CAS server. You need only have a server set up that is running the Exchange Management Tools (ECP Console) to manage Exchange in the cloud with Azure AD Connect in the mix.
Last year I contacted MS for this issue. Advise: just run HCW on a non-Exchange server or workstation.
We’re in the midst of a Server 2008R2 Exchange 2010(UR 25) migration of a single server to Office 365 and are trying to leverage hybrid configuration, but are running into an issue because it’s now requiring .NET 4.6.2 to install the HCW. This version of .NET isn’t supported for Exchange 2010 according to the supportability matrix. We’ve contacted Office 365 support and they have not been able to provide any concrete answers…some are recommending we install 4.6.2 (or even 4.7.x) on the Exchange server. We’re hesitant to do so for obvious reasons. Can .NET 3.5 and 4.6.x operate side-by-side without impacting Exchange functionality? We’ve done 2010 hybrids before without issue, any suggestions on how we should proceed? Also, here is an article from MVP Jaap Wesselius on his workaround: https://jaapwesselius.com/2018/12/04/the-version-of-the-client-access-server-selected-is-not-supported/
I really could use some official answers on this one, because I want to ensure a safe transition to O365!
Don’t install an unsupported .NET framework on your Exchange 2010 servers. This might cause unpredictable issues.
I would recommend the way that Jaap is proposing: Contact Microsoft support and run (together with them) the HCW from a non-Exchange server using the /DV switch.
Once I hear about a solution to this issue, I will post it here as well!
“The hybrid agent will not handle any SMTP mail flow, so you still need a public certificate for mail flow between Exchange Online and your Exchange environment”
I was excited until I read this. Now, I don’t understand the need.
Setting up an Edge Server for SMTP is quite different than publishing all the different components of Exchange to the Internet from a Security Standpoint.