Moving FOPE-Protected Mailboxes from On Premises to the Cloud
Applies to: Office 365 Enterprise, Live@edu, Forefront Online Protection for Exchange
Topic Last Modified: 2012-03-15
You may currently use Microsoft Exchange as your on-premises email messaging solution and Forefront Online Protection for Exchange (FOPE) for your messaging protection. If this is the case, you can move some of your mailboxes to the cloud using Microsoft Exchange Online and configure FOPE so that it protects both your on-premises and cloud mailboxes.
This topic discusses how you can keep FOPE protection for both your on-premises and cloud mailboxes when you move mailboxes to the cloud. Specifically, it describes a scenario in which you can configure your FOPE domains to support moving a portion of your on-premises mailboxes to the cloud.
You may be using FOPE as your email protection solution for your on-premises email. However, if you would like to gradually move to a hosted email environment, you can begin the process by signing up for Office 365.
In order to use your first cloud mailbox, you must sign up for the Office 365 service and create a domain for your hosted services account. You can do this on the Office 365 website. For example, you may have an on-premises domain called lucernepublishing.com. When you sign-up for Office 365, you are required to create a domain for hosted messaging, for example, lucernepublishing.onmicrosoft.com. After you create your domain for hosted messaging and complete the sign-up process, a link will become available for you to view your mailbox and email messages, using the Office 365 web-based email client.
After you have signed up for the Office 365, the FOPE Administration Center will look slightly different when you log in. The Advanced tab appears. On the Advanced tab, two companies appear in a list:
__EXCHANGE__24244_lucernepublishing.onmicrosoft.com (this represents the company that you created when you signed up for the Office 365)
Lucerne Publishing (your existing company, in this example)
If you select __EXCHANGE__24244_lucernepublishing.onmicrosoft.com, you will see information for the company that has the lucernepublishing.onmicrosoft.com domain. If you select Lucerne Publishing, you will see information for the company with the lucernepublishing.com domain.
If you would like more information about the Advanced tab, see Understanding the Advanced Tab.
It is possible to move a mailbox from on-premises to the cloud and keep your original domain. This makes it possible for senders to continue to send email to your original email address. For example, you can move the mailbox for email@example.com to the cloud and continue to receive mail messages at that address. You can configure Exchange Online to send and receive email as lucernepublishing.com, even if you continue to host most of your mailboxes on-premises.
In order to facilitate coexistence, you can request to merge your two companies (the company you use to protect on-premises mail, and your new, hosted company) in FOPE before adding the lucernepublishing.com domain to Exchange Online. To merge your companies, request a merge from the FOPE Technical Support team. This will enable you to configure coexistence and host a subset of your mailboxes in the cloud. It will also allow you to combine the administration and reporting for both your on-premises and online domains. The contact numbers for the Support Team are located on the Resources sub-tab on the Welcome pane of the Information tab.
|The company merge can be completed only if you have management capabilities for both companies. If the on-premises FOPE company is managed by a partner or reseller, the merge may not be granted and each company must be managed separately in FOPE.|
Following the company merge, you will have a single company listed in the FOPE Administration Center, which in this example is __EXCHANGE__24244_lucernepublishing.onmicrosoft.com, and the Advanced tab will no longer appear. In the Domains section of the Administration tab, two domains are listed:
lucernepublishing.com (your on-premises domain)
After the companies are merged, add lucernepublishing.com to Exchange Online, following the steps outlined in the Redelegate your domain to Office 365 topic on the Office 365 website. The next time you log in to the FOPE Administration Center, you will see that your domains are listed under the Administration tab, and the Exchange Online domain, for example, duplicatedomain-17c14fcf-2dba-43bc-bd0e-17c4135bb2b9.lucernepublishing.com, has been added to the domains list on the Domains tab. The following domains are listed:
duplicatedomain-17c14fcf-2dba-43bc-bd0e-17c4135bb2b9.lucernepublishing.com (outbound cloud domain)
lucernepublishing.com (on-premises domain)
lucernepublishing.onmicrosoft.com (inbound cloud domain)
After the domain has been added by using the Office 365 administration console, you can associate the lucernepublishing.com domain with a hosted mailbox. For example, the firstname.lastname@example.org hosted mailbox can receive mail for messages addressed to email@example.com. In order to do this, you must follow the steps outlined in Shared Address Space with On-Premises Relay Scenario (MX Points to FOPE) to configure coexistence after you add your domain.
|When you configure coexistence, make sure that you set up a FOPE connector for the correct outbound domain, which in this example is duplicatedomain-17c14fcf-2dba-43bc-bd0e-17c4135bb2b9.lucernepublishing.com and an inbound FOPE connector for the inbound domain, which in this example is lucernepublishing.onmicrosoft.com.|
After you configure coexistence, the FROM address will reference your on-premises domain, for example, firstname.lastname@example.org, when mail is sent from a hosted mailbox to a recipient. When recipients reply to email messages, those inbound messages are sent through FOPE, where spam processing and scanning occurs, and forwarded to the on-premises server, where additional custom filtering may occur. Following this, the recipient address is updated to lucernepublishing.onmicrosoft.com by the on-premises mail server and the message is returned to FOPE, where it is finally directed to the cloud mailbox.
|Companywide outbound policy rules will be applied to messages from all domains. If you have configured domain-specific outbound policy rules for lucernepublishing.com, they would no longer be applied to mail sent from the Exchange Online account. To set them up for the lucernepublishing.onmicrosoft.com domain, you must log in to the FOPE Administration Center and configure rules on the Policy Rules sub-tab of the Administration tab. To configure policy rules for the lucernepublishing.onmicrosoft.com domain, they must be created and applied to the duplicatedomain-17c14fcf-2dba-43bc-bd0e-17c4135bb2b9.lucernepublishing.com with the same settings as the original policy rule applied to lucernepublishing.com.|