In the year 2008, Microsoft started Microsoft Exchange as a Cloud-Service. It doesn’t mean that, Microsoft moved their infrastructure in a flying datacenter. Microsoft simply developed Microsoft-Exchange to a service which can host your mailbox and you can simply synchronize your e-mails to any device using Outlook.
The greatest benefit of Exchange-Online is, that you don’t need to take care about very complex infrastructure requirements and any kind of Exchange-Licenses. You can just use Outlook on any device and synchronize your e-mails/calendar and contacts.
The greatest problem of Exchange-Online is, that your data is hosted in Microsoft Datacenter and many customers are not allowed to host their data outside your country/region.
Microsoft has invested a lot to satisfy these customers and make them possible to use Outlook and Synchronize their E-Mail, contacts and calendar to any device and use all Microsoft Cloud-Service without having Mailboxes in the Cloud. All big companies started to deploy Exchange-Hybrid with hybrid-modern authentication.
What are key features/benefits of Exchange-Hybrid (HMA)?
Mailbox migration
You can move mailbox between Exchange-OnPrem and Exchange-Online for any reasons, without any user impact and service interruption.
Cloud Archive
Many Microsoft Exchange customers, using Cloud-Archive in case that you have no infrastructure for mailbox archive and/or you are running out of space and need to archive old e-amils using Exchange-InPlace Archive function.
Outlook calender / Teams calender availability
The most important feature of HMA is this button in Teams
The second most important feature is calendar scheduling
So if you have the situation that this two functions are not available in your deployment/infrastructure, you can be sure that more things are not working proper.
How Outlook / Teams calender availability works?
I will explain step by step every important key functionality so you can compare everything and fix your issue(if you have one).
Connection flow
Exchange-Mailbox-Servers are trying to reach EWS virtual directory of Exchange-Online using HTTPS protocol.
https://mail.office365.com/EWS/Exchange.asmx
https://you.mailboxserver.com/EWS/Exchange.asmxMake sure that your Exchange-Mailbox-Servers can talk to following Exchange-Online IP address ranges using port 443.
· 52.96.0.0/14
· 52.100.0.0/14
You can find exact documentation here
Make sure that you have no SSL inspection in any direction enabled, this will brake HTTPS connectivity!
Availability look up from Exchange Online to Exchange Onprem looks pretty the same
Exchange-Online-Servers are trying to reach EWS virtual directory of you Exchange-Mailbox-Servers using HTTPS protocol.
You can validate configuration of your EWS virtual directory using powershell
Get-WebServicesVirtualDirectoryOr by clicking through Exchange Management Concole (ECP).
Server > Virtual directories > EWS
OAuth should be enabled on EWS directory.
Autodiscover
Outlook/Teams client is using AUTODISCOVER endpoint to get availability information for each mailbox. Make sure that inbound connection over port 443 from Exchange online is configured on your firewall.
Make sure that your Exchange-Certificate is installed on your Web-Application proxy and your load-balancer.
Make sure that you have no SSL inspection in any direction enabled, this will brake HTTPS connectivity!
IntraOrganizationConnector
After you have successfully completed Exchange Hybrid-Configuration-Wizard and Calendar-Availability in Outlook is grayed out, do not panic!
Most of my Exchange-Colleagues are starting with checking relationship between Exchange-Onprem and ExO.
By running following commands:
Get-OrganizationRelationship
Get-FederationTrustPlease do not do this!
If you want to check connectivity between ExO and your Exchange run this command:
Output of this command should looks like this one
If its not enabled just run Exchange Hybrid-Configuration-Wizard (HCW) until it is complete successfully.
If you don’t have it just run
How to troubleshoot calendar availability in Outlook/Teams?
1. Make sure that all your Exchange-Mailboxdb servers have access to Exchange-Online IP range and to https://login.microsoftonline.com
a. Outbound connection port 443
b. DNS connection to resolve Microsoft Online environment via port 53
c. Disable any kind SSL inspection or SSL filtering
2. Use Test-HMAEAS Script from Microsoft
3. Follow particular this Guide from Microsoft (IntraOrganizationconnector is not documented here)
4. After you have validated step 1 successfully run Exchange Hybrid-Configuration-Wizard (HCW) until it is complete successfully.
I hope you have enjoyed this demystification article.
If you have any questions just leave me a feedback.