Browse all topics
All guidesGlossary

Exchange hybrid deployment

How hybrid Exchange works — connecting on-prem Exchange Server with Exchange Online, and the path off it.

A hybrid Exchange deployment connects an on-premises Exchange Server organisation with Exchange Online so they appear as one mail system: shared address book, free/busy calendar sharing, secure mail flow between the two, and unified MailTips. It's the standard pattern for organisations migrating from on-prem to the cloud.

What hybrid provides

Once configured:

  • Single namespacemail.yourcompany.com works for both on-prem and cloud users.
  • Cross-premises free/busy — calendars appear correctly in either direction.
  • Cross-premises mail flow with TLS, no internet hop for internal mail.
  • Cross-premises message tracking for admins.
  • Mailbox moves — the core reason hybrid exists, allowing transparent migration.
  • OAuth between on-prem and Online for archive mailboxes and modern features.

What's required

  • An on-premises Exchange Server (a "hybrid server" or a "minimal hybrid" deployment).
  • Microsoft Entra Connect (or Cloud Sync) syncing accounts to Entra ID.
  • A public certificate trusted by both ends.
  • DNS records for Autodiscover, mail flow, and Hybrid Configuration Wizard.
  • The Hybrid Configuration Wizard (HCW) run against your tenant — this is what actually configures connectors, federation, and OAuth.

Hybrid configurations

There are two main flavours:

  • Full hybrid — rich coexistence (free/busy, MailTips, sharing policies, cross-premises moves), required for long-running hybrid coexistence.
  • Minimal hybrid — barebones, designed for fast migration: cross-premises mail flow and mailbox moves, but not free/busy or sharing.

Choose minimal if you'll be cloud-only within months; choose full if you'll coexist for a year or more.

Migration patterns

Hybrid enables several migration patterns:

  • Cutover migration for small orgs (under 150 mailboxes), one big bang.
  • Staged migration for larger Exchange 2003/2007 orgs (legacy).
  • Hybrid migration — the modern default. Move mailboxes in waves, with users continuing to work during the move.

Mailbox moves in hybrid happen via MRS Proxy through the hybrid server, with cutover happening when the move completes — the user's Outlook reconnects to Exchange Online with no data loss.

Decommissioning on-prem

After migration, an organisation typically keeps at least one Exchange server on-prem for managing mail-enabled objects that sync up via Entra Connect. Exchange Server 2019 Management Tools (and the future "Exchange Server SE") can now provide that admin role without keeping a full mailbox server, simplifying the long-tail.

For a long-term cloud-only future, the goal is no Exchange on-premises at all — managing recipient attributes in Entra ID directly or via a small Exchange Management Server.