Page 1 of 7 | Hybrid deployment in Office 365 | Checklist and pre requirements | Part 3/3

Hybrid deployment in Office 365 |

Checklist and pre requirements | Part
3/3

The last article serves a recap and summary for all the Exchange hybrid
environment Pre-requirements.
To simplify the process of managing and implementing all of the required
configuration settings and infrastructures, I have prepared a Hybrid deployment in
Office 365 -Checklist document that will help to get a clear view of all the required
tasks, what task has already completed, etc.
Hybrid deployment in Office 365 | Checklist and pre -requirements |
The article series
The article series includes the following articles:

Hybrid deployment in Office 365 | Checklist and pre requirements | Part 1/3
Hybrid deployment in Office 365 | Checklist and pre requirements | Part 2/3
Hybrid deployment in Office 365 | Checklist and pre requirements | Part 3/3

Written by Eyal Doron | o365info.com | Copyright 2012-2015

Page 2 of 7 | Hybrid deployment in Office 365 | Checklist and pre requirements | Part 3/3

Hybrid deployment in Office 365 | Checklist

1. Exchange Hybrid server version
Exchange 2010
In case that the Exchange Hybrid server is Exchange 2010, verify that you have
installed Exchange 2010 service pack 3 and the last Exchange 2010 Rollup.
At the current time, the most updated Rollup for Exchange 2010 SP3 is: Rollup 9
Exchange 2013
In case that the Exchange Hybrid server is Exchange 2013, verify that you have
installed Exchange 2013 service pack 1 + Cumulative Update 8.
Check for more information in the section: 1. Exchange Hybrid server version
2. Exchange On-Premise Hybrid server | Public IP address and Public
name (FQDN)
Exchange On-Premise Hybrid server | Public IP address

Verify that a dedicated Public IP address was assigned to the Exchange OnPremise Hybrid server.
(Check that the required Firewall was created)
Exchange On-Premise Hybrid server | Public Name

Verify that the Exchange On-Premise Hybrid server Public name is published in
the Public Network.
(Check that the required Public DNS record was created)
General

Verify that the Exchange On-Premise Hybrid server Public name (FQDN) is
mapped to the Public IP address.

Written by Eyal Doron | o365info.com | Copyright 2012-2015

Page 3 of 7 | Hybrid deployment in Office 365 | Checklist and pre requirements | Part 3/3

Check for more information in the section: 2. Exchange On-Premise Hybrid server |
Public IP address and Public name (FQDN)
3. Exchange On-Premise Hybrid server | Port number and protocols

Verify that Public Hosts can access Exchange On-Premise Hybrid server using
the port 443 (HTTPS) and 25 (SMTP).
Verify that the Exchange On-Premise Hybrid server can access hosts on the
public network using the ports 443 (HTTPS) and 25 (SMTP).

Check for more information in the section:3. Exchange On-Premise Hybrid server |
Port number and protocols
4. Exchange On-Premise Hybrid server | Public IP address and Static
NAT
Verify that the organization Firewall has a static NAT rule that assigns a public IP
address to the Exchange Online when the Exchange on-Premises server creates an
outbound session (communicate with external hosts) and, the same public IP that is
mapped to the Exchange on-Premises server public name and will be used by
external hosts such as the Exchange Online server.
Check for more information in the section: 4. Exchange On-Premise Hybrid server |
Public IP address and Static NAT
5. ISA\TMG server and a Firewall server
In case that you use the ISA\TMG server to publish the Exchange on-Premises
server verifies that:
The ISA\TMG web publishing rule includes the required path for the Exchange
on-Premises server EWS virtual folder and AutoDiscover Virtual folder.
The ISA\TMG web publishing rule doesnt configure with a requirement of
authentication for the Exchange on-Premises server EWS virtual folder and
AutoDiscover Virtual folder.
Check for more information in the section: 5. ISA\TMG server and a Firewall server

6. Firewall inbound\Outbound access policy | Office 365 and

Exchange Online Public IP range

Written by Eyal Doron | o365info.com | Copyright 2012-2015

Page 4 of 7 | Hybrid deployment in Office 365 | Checklist and pre requirements | Part 3/3

In case that you implement Firewall policy, such as:

1. Outbound Policy that enables the Exchange Hybrid server to connect only a
predefined Public IP range of the Office 365 and Exchange Online servers.
2. Inbound Policy that enables only Office 365 and Exchange Online servers to
communicate with the Exchange Hybrid server.

Try to avoid these restrictions when running the first-time time Hybrid
configuration
Verify and double-check that you get the accurate information about all the
Public IP range that is the use by Microsoft for the Office 365 services
(Exchange Online, Windows Azure Active Directory and more)
Subscribe to RSS feed for getting updates about changes in the Office 365
services public IP ranges

Check for more information in the section: 6. Firewall inbound\Outbound access

policy | Office 365 and Exchange Online Public IP range
7. Exchange On-Premise Hybrid server | AutoDiscover service

AutoDiscover record and Public Network

Verify that the AutoDiscover record was created and published on the
Public Network.
Verify successful operation of Exchange On-Premise AutoDiscover
process
Verify that you can access the Exchange On-Premise server from public
network and, get the required information from the AutoDiscover service.
Verify that the Autodiscover service is configured correctly, meaning : that
you can access Autodiscover service from public network and get the
required XML file.
AutoDiscover and Exchange On-Premise server version
In case that youre Exchange on-Premises environment includes a couple
of Exchange versions such as: Exchange 2003, 2007, etc., redirect the
AutoDiscover record to the Exchange On-Premise Hybrid server

Written by Eyal Doron | o365info.com | Copyright 2012-2015

Page 5 of 7 | Hybrid deployment in Office 365 | Checklist and pre requirements | Part 3/3

(AutoDiscover record is pointing to the Exchange On-Premise server with

the most updated version.)
AutoDiscover record pointing to the Exchange On-Premise server
Verify that the AutoDiscover record pointing to the Exchange On-Premise
server and not to the Office 365 AutoDiscover services.
Check for more information in the section: 7. Exchange On-Premise
Hybrid server | AutoDiscover service

8. Exchange On-Premise Hybrid server | EWS service

Verify that the EWS services on the Exchange On-Premise Hybrid server is
configured correctly: that you can access the EWS service from a public
network and, get the required XML file.

Check for more information in the section: 8. Exchange On-Premise Hybrid server |
EWS service
9. Exchange On-Premise Hybrid server | Public Certi ficate

Verify that the Exchange On-Premise Hybrid server has a Public Certificate
(certificate that was created by a Public CA).
Verify that the Public Certificate expiration date is valid.
In case that you use SAN certificate, verify that certificate alternative subject
name includes all the public hosts names of the AutoDiscover service, the
Exchange On-Premise Hybrid server and so on.
Verify that the Public certificate on the Exchange On-Premise Hybrid server
was assigned to the IIS and SMTP services.

Check for more information in the section: 9. Exchange On-Premise Hybrid server |
Public Certificate
10. Microsoft MFG server and the proof of the ownership process
To be able to create the trust with the Microsoft MFG server, you will need to
configure a TXT record and the Public DNS.

Verify that you have Access (the administrator account) to the Public DNS that
Hosts the organization Public domain name.
Verify that the proof of ownership TXT record was created in the Public DNS

Written by Eyal Doron | o365info.com | Copyright 2012-2015

Page 6 of 7 | Hybrid deployment in Office 365 | Checklist and pre requirements | Part 3/3

Check for more information in the section: 10. Microsoft MFG server and the proof
of the ownership process
11. Direct communication channel | Exchange on -Premises server to
Exchange Online
Verify that the On-Premise End-point is the Exchange On-Premise Hybrid server
Check for more information in the section: 11. Direct communication channel |
Exchange on-Premises server to Exchange Online

Hybrid deployment in Office 365 Checklist Document

| Checklist
To be able to document the different components and infrastructure that include in
the hybrid deployment in Office 365 Checklist I have created a checklist document
that you can download and use.
Each of the sections includes a form button that will help you to choose the
answer for the specific section.
In the following screenshot, we can see an example to the answer form button
that appears in each of the checklist sections.

Written by Eyal Doron | o365info.com | Copyright 2012-2015

Page 7 of 7 | Hybrid deployment in Office 365 | Checklist and pre requirements | Part 3/3

For your convenience, I have Wrapped all of the Checklist items that were
reviewed in a Word document form named:
Hybrid deployment in Office 365 Checklist
You are welcome to download the script and use it.

Written by Eyal Doron | o365info.com | Copyright 2012-2015