Manage a hybrid deployment

  • Article

This topic is in progress.  

Applies to: Exchange Online, Exchange Server 2013

This topic explains how to modify an existing hybrid deployment for a Microsoft Exchange Server 2013 organization and an Exchange Online organization in Office 365 for enterprises. Let's assume you as the Exchange administrator want to do the following:

  • Disable centralized mail transport   This will configure the Exchange Online organization to bypass the on-premises organization and deliver messages to external recipients directly using the recipient’s external DNS settings. You may want to disable centralized mail as part of your hybrid deployment if you don’t need to apply any transport rules, anti-virus policies, and anti-spam rules against the messages sent from Exchange Online accounts. This topic uses the Hybrid Configuration wizard to disable centralized mail transport for the hybrid deployment.

  • Disable secure mail transport   This will configure message delivery between the on-premises and Exchange Online organizations to bypass the Transport Layer Security (TLS) protocol requirements and appear as external messages. You may want to disable secure mail transport as part of your hybrid deployment if you don’t require authenticated message transport between your on-premises and Exchange Online organizations, or if you want messages sent between your on-premises and Exchange Online organizations to be processed in the same manner as messages received from other external recipients. This topic uses the Exchange Management Shell to disable secure mail transport for the hybrid deployment.

Note

You can use the Exchange Management Shell to disable both of these hybrid deployment features, but the only hybrid feature that the Hybrid Configuration wizard allows you to disable is centralized mail transport. If you need to enable or disable other individual hybrid deployment features, you must use the Exchange Management Shell.

For additional management tasks related to hybrid deployments, see Hybrid Deployment procedures.

Important

This feature of Exchange Server 2013 isn’t fully compatible with Office 365 operated by 21Vianet in China and some feature limitations may apply. For more information, see Learn about Office 365 operated by 21Vianet.

What do you need to know before you begin?

  • Estimated time to complete: 30 minutes

  • You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the “Hybrid deployments” entry in the Exchange and Shell infrastructure permissions topic.

  • You’ll need the credentials for an on-premises account that is a member of the Organization Management management role group. For example, the password for the account “domain\administrator”.

  • You’ll need the credentials for an Office 365 tenant account that is a member of the Organization Management management role group. For example, the password for the account “administrator@contoso.onmicrosoft.com”.

  • This topic assumes the following organization configuration of the hybrid deployment:

    • The hybrid deployment was created and configured with the Hybrid Configuration wizard.

    • The Enable centralized mail transport option was selected when the hybrid deployment was created and configured with the Hybrid Configuration wizard.

  • For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server, Exchange Online, or Exchange Online Protection.

How do you do this?

Step 1: Use the Hybrid Configuration wizard to disable centralized mail transport

Use the Exchange Administration Center (EAC) and the Hybrid Configuration wizard to disable the centralized mail transport feature in your hybrid deployment.

  1. Open the EAC and select the Hybrid node.

  2. Click Modify to start the Hybrid Configuration wizard.

  3. Click Next. You don’t need to update the domains configured for the hybrid deployment.

  4. Click Next. You don't need to configure DNS TXT records.

  5. Clear the Enable centralized mail transport check box to disable centralized mail transport for the hybrid deployment. Click Next.

  6. Click Next. You don't need to update the Client Access servers.

  7. Click Next. You don't need to update the Mailbox servers.

  8. Click Next. You don't need to select a different digital certificate.

  9. Click Next. You don't need to update the FQDN of the Client Access servers.

  10. Complete the following fields:

    • Domain\user name   Type the domain and user name for an account that is a member of the Organization Management role group in the on-premises organization. For example, “domain\administrator”.

    • Password   Type the password for the on-premises account you entered in the Domain\user name text box. Click Next.

  11. Complete the following fields:

    • User ID   Type the new domain and user name for an account that is a member of the Organization Management role group in the Office 365 organization. For example, “administrator@contoso.onmicrosoft.com”.

    • Password   Type the password for the Office 365 account you entered in the previous step. Click Next.

  12. Click Update to accept the new configuration selections and update the hybrid deployment.

  13. After the hybrid deployment configuration is complete, the wizard displays a completion message and the OK button is displayed. Click OK to complete the hybrid deployment configuration process and to close the wizard.

Step 2: Use the Exchange Management Shell to disable secure mail

Use the Exchange Management Shell to disable the secure mail feature in your hybrid deployment.

  1. Use the following command to specify your on-premises credentials. For example, run this command and then enter “admin@contoso.com” and the associated account password in the credentials dialog when prompted.

    $OnPremisesCreds = Get-Credential

  2. Use the following command to specify your Office 365 for enterprises tenant credentials. For example, run this command and then enter “admin@contoso.onmicrosoft.com” and the associated account password in the credentials dialog when prompted.

    $TenantCreds = Get-Credential

  3. This step disables the secure mail feature and keeps the centralized mail transport feature disabled that had been modified by the Hybrid Configuration wizard steps. Also, this step keeps the Exchange Online Archive, MailTips, Outlook Web App redirection, free/busy, and message tracking features that were already enabled between the on-premises and Exchange Online organizations.

    Set-HybridConfiguration -Features OnlineArchive,MailTips,OWARedirection,FreeBusy,MessageTracking

  4. Use the following command to update the HybridConfiguration object and to define the credentials that will be used when updating the HybridConfiguration object and connecting to the Office 365 for enterprises tenant.

    Update-HybridConfiguration -OnPremisesCredentials $OnPremisesCreds -TenantCredentials $TenantCreds

How do you know this worked?

To verify that you have successfully disabled centralized mail transport and secure mail, run the following command in the Exchange Management Shell for the on-premises organization. This command displays the hybrid configuration features that are enabled in the hybrid deployment. Verify that SecureMail and CentralizedMail are not listed in the results for the Feature parameter.

Get-HybridConfiguration