Key aspects of setting up Microsoft Teams with Exchange hybrid

Busy times in the IT land with everybody working from home, but I tried to squeeze this one in because I wanted to share some experiences with everyone about the limitations and requirements for setting up Teams in a hybrid Exchange setup.

First up, some background info.

Teams is a cloud product… Exchange Online is a cloud product…. Exchange 2016 and 2019 are…. on-premises products.
So that’s why you will need to make sure Office365 is aware of you’re current on-prem environment and is able to reach the on-prem resources of your users.

For this to happen you will need AD Connect, which is required to sync your users to the cloud, and you will need to run the Hybrid Config. Wizard on your Exchange server. Now let’s have a look at what each component does:

AD Connect

The role of AD Connect in the Hybrid setup is to make Office 365 aware of the user objects from your local AD. It uses a source anchor which is, by default, the ms-DS-ConsistencyGuid. This object is a base64 encoded version from the object GUID of the local account.

The synced properties also include User Prinicipal Name as well as department, city etc. and some custom properties.
By the way, that being said, the User Principal Name and the source anchor don’t have to be the local AD UPN and objectGUID of the user, it’s possible to use any AD user attribute like for instance the mail attribute of the user. I’ve used that one a couple of times lately because users are more familiar with their email address then their UPN.
Also in some cases changing the UPN of the local account wasn’t an option.

Exchange Hybrid Config. Wizard

The config. wizard will allow Office 365 to identify the mailboxes of the users based on the source anchor and uses the Exchange GUID for the Exchange part of the account. Because Exchange holds it’s own global unique identifiers (GUID’s) these also need to be known for all accounts.

Also hybrid mail flow will be configured, which isn’t necessary for Teams but is part of the configuration process.

What’s more important is OAuth, because that component makes it possible for Teams to “passthrough” the account credentials to Exchange so the calendar functionality of Teams can be used in a Hybrid environment.

Now let’s look at what the reqs. and limits are for a Hybrid setup with Teams.

Known requirements and limitations

Requirements

– Exchange 2016 and 2019 are the only Exchange versions at this time to support the calendar capabilities in a Hybrid setup, older versions aren’t supported.

Why is that you’re asking me? Because Exchange 2016, as of CU3, and later releases got the Autodiscover V2 update which is required for Teams to communicate with your on-prem Exchange.

– So my Exchange 2016 server has been updated to CU3 which means I’m good to go right?, well… YES you will need 2016 CU3 (or higher) for Autodiscover V2 BUT a Hybrid setup always needs the latest CU (or the one right below it) installed to run the latest Hybrid Config. Wizard.
So be sure to always update your Exchange server to the latest CU before you start the Hybrid Config. Wizard.

– The enablement of OAuth 2.0 for authentication on the Exchange server, because Teams will use OAuth as a sort of passthrough to get to the users Exchange/Outlook calendar when you’re using the calendar functionality in Teams.

– Proper licensing is of course required to use all of Teams functionalities, so make sure your users have a license with the proper SharePoint, Skype for Business (yes, that’s right..) and OneDrive plans.
Also see: https://docs.microsoft.com/en-us/microsoftteams/office-365-licensing

– Only Classic Hybrid Topology is supported because Modern Hybrid uses Azure Application Proxy for all traffic that normally needs an inbound connection.
Because the OAuth authentication and Autodiscover can’t be tunneled over App Proxy only Classic Hybrid is allowed.
Refferal: https://docs.microsoft.com/en-us/exchange/hybrid-deployment/hybrid-agent#constraints

– When you wan’t to give users the ability to change their profile pictures, Exchange 2016 CU3 and up is required:

https://support.microsoft.com/en-us/office/change-your-picture-in-teams-7a711943-9248-420e-b814-c071aa8d9b9c?ui=en-us&rs=en-us&ad=us

Limitations

– When you’re not in the position to upgrade your old Exchange server or willing to move to Exchange Online then using the Teams Outlook add-in is a good alternative.
Installing Teams next to Office (2010 or later) will automatically install this add-in.
This will allow you to schedule the meeting and attend it from the created appointment.
Creating the meeting in a channel will not be possible.

– Using Outlook contacts in Teams is only supported when the mailbox is homed in Exchange Online. This is because Teams will then be able to open the contacts folder from the mailbox.

– Another workaround applies to making appointments, you can use the add-in mentioned above to schedule a meeting with a contact and promote that meeting to a Teams meeting before sending it.

– Voicemail functionality is available but voicemails won’t be visible in Teams while the mailbox of the user is homed on-premises. This is because the mail item isn’t the correct item type when delivered in the Exchange mailbox and is therefore deleted by Exchange.
I don’t have experience with below article but this should solve the problem:

https://docs.microsoft.com/en-us/skypeforbusiness/troubleshoot/hybrid-phone-system/voicemails-not-delivered#symptom-2

Should I do Hybrid?

Well, if you look at the reqs and limits then going Hybrid isn’t a bad option to start with. Especially when you want to deploy Teams fast with most of it’s functionalities, taking into account that you won’t be using Business Voice/Phone System because of the lack of the visibility to view voicemails.

Of course, eventually going “full cloud” will give you even more functionality apart from Teams calendars.

I hope you liked reading this blog.
If you have any questions please post a comment below.

Dit vind je misschien ook leuk...

1 reactie

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *

%d bloggers liken dit: