Office 365’s Exchange Online is a compelling product from Microsoft that can be integrated with your existing on-premises Exchange Server 2010 organization to extend your Exchange deployment to the cloud.
The first thing we need to check is connectivity to Auto Discover and Exchange Web Services from outside your organization. To test Auto Discover and Exchange Web Services, we’ll use Microsoft’s Remote Connectivity Analyzer to simulate Exchange Web Services connectivity, using Auto Discover as part of the process.
Reverse Proxy, ISA or TMG checks
If you are using reverse proxy that uses pre-authentication for your deployment, you’ll also need to examine its configuration. That’s because the federated components of Exchange use token-based authentication to connect from Office 365 to your Exchange On-Premises organization rather than traditional authentication against your Active Directory, and services such as the MRS Proxy don’t support SSL Offload for the EWS virtual directory.
Hub Transport checks
As part of the Hybrid Configuration Wizard, a new receive connector will be created, pre-populated with the correct IP address ranges to allow mail to be received from Office 365. We’ll also need to allow our Hybrid Server, or Exchange 2010 servers hosting the hub-transport role to send and receive mail to those IP address ranges at the network firewall level. The method to accomplish this varies based on your network design, but you will typically need to expose at least one Hub Transport server to the internet with a public IP address, with firewall restrictions to only allow Office 365 to communicate both to and from it on the SMTP port, TCP port 25.
Additionally, we’ll need to ensure the correct certificates are installed and in place for TLS-secured mail transport. This may mean you need to ensure the Fully Qualified Domain Name (FQDN) you use for your Hub Transport roles is present on the Subject Alternative Name (SAN) certificate.
Address Book Policy checks
Email Address Policies (or Recipient Policies in Exchange 2003 terminology. During the Hybrid Configuration Wizard, your Default Email Address Policy will be upgraded and then one of your Office 365 tenant domains will be added to the policy, before applying it to your Exchange organization. Therefore it’s important to make sure that the Email Address policies are in good order before you begin
Outbound HTTP connection and proxy checks
We need to consider any network infrastructure that might prevent our Exchange 2010 Hybrid servers from communicating with Office 365 via HTTPS. I’d recommend allowing the Exchange Servers to communicate with Office 365 directly via HTTPS and avoid proxy servers for this communication altogether, however if that’s not possible, ensure you do the following:
o Ensure all Exchange servers participating in the Hybrid Configuration, and installations of the Exchange Management Console you’ll use to manage the environment can by-pass proxy servers for the Office 365 and Exchange Online IP addresses and URLs.
o Configure the correct proxy settings using the netsh command. An easy way to do this is by configuring Internet Explorer on the server with the correct settings, testing the settings in IE and then using an elevated command prompt executing the following command:
netsh winhttp import proxy source=ie
netsh winhttp import proxy source=ie
o Configure the correct proxy server settings within the Exchange 2010 Hybrid servers, using the following Exchange Management Shell cmdlet:
Once making sure relevant proxy settings are configured correctly, you’ll need to make sure you can connect the Exchange Management Console to your Office 365 tenant. This will not only test proxy settings you’ve configured, but it’s also necessary later on when we use the Exchange Management Console to run the Hybrid Configuration Wizard.
To connect the Exchange Management Console to your Office 365 tenant:
- Right click on the “Microsoft Exchange” root node, and choose “Add Exchange Forest”
- Enter a friendly name, such as “Office 365”
- From the drop-down, select “Exchange Online”
After entering your tenant credentials, you should see your tenant alongside your on-premises Exchange organization.
Credit: Microsoft Msdn & exchange.org