MS-203 Microsoft 365 Messaging – Planning and Implementing Migrations

  • By
  • June 20, 2023
0 Comment

1. Cutover Migrations

Okay? So a cutover migration is going to allow you to migrate all of your user mailboxes from your on premise Exchange into your Microsoft 365 Exchange Online environment. Okay? The goal here with performing a cut over migration is you’re just wanting to move everything all at once. So imagine you’re a smaller business and smaller medium sized business and you’ve made the decision to just go full blown into Exchange online and you want to get rid of your on premise Exchange servers and you’re trying to make a decision on the proper solution. Well, cut over migration is going to be perfect for that type of scenario. The great thing about a cut over migration is this is something that can be done in an evening in some cases or at least a weekend. It’s not something that should take weeks or months or anything like that.

But again, this is for a company that’s looking to get everything over to Exchange online as quickly as possible. And we are planning on retiring our on premise Exchange environment. Now when choosing a cut over migration, here’s a couple of things for you. First off, you have to be running at least Exchange Server 2003 or later. Now if you are using Exchange 2003, then there are some ports that have to be open on your firewall in order to make this work. So 60 01, 60 02, 60 04 has all got to be open in order to make this work. Now if you’re running Exchange 2007 and later, you’re fine. You’re not having to really open up any special ports there.

Now one of the most important facts, and this is going to be something you’re going to want to remember for the exam, if you’re taking the exam, is that this is going to be for fewer than 2000 mailboxes. That is a hard cap. You cannot go beyond 2000 mailboxes. If you have more than 2000 mailboxes, you’re going to have to use one of the other types of migrations. Okay? So cut over migration is not going to be for you if you’ve got more than 2000 mailboxes.

Okay? So a couple of other things here. When planning for a cut over migration, you’re going to be basically moving it all over. I talked about the 2000 cap limit. This can happen over a couple of days. You can move everything over. But something that is important, your primary domain name with your on prem organization must be an accepted domain in the Microsoft Three and 165 services. So that’s going to involve going into your portal, microsoft. com going over to your settings, and then making sure that your domain name is added as the accepted domain name, which also involves you having to basically prove that you actually own that name.

Okay? So that’s going to be a requirement in order for you to do a cut over migration, all right? And for the most part, you’ll have a one to one relationship between what you had with on prem exchange, and with exchange online, your mailboxes and everything will be moved over. The email accounts and everything are going to match up with exchange online. Okay? The other thing that must happen is when you do a migration, you still have to consider licensing. So with exchange online, your licensing is tied to your subscription. So perhaps you have an office 365 e three or e five or something like that.

You got to make sure that your user is properly assigned a license in order to do a cut over migration. Okay? Now one more thing here I want to mention. I want to talk about the impact on your users. So when you do a cut over migration, one thing to think about here is you got to make sure that the client side are all up to date. You can’t have really old clients out there. You can’t have like, outlook 97 or something. Outlook 2000. You got to have something a little bit newer.

Now, the good news is you can still do outlook 2013, outlook 2010, and outlook 2007, but you got to make sure they’re updated. So all those products have to be updated. So ideally, you’ve got office 365, you’ve got everything updated, the latest and greatest updates so that they can communicate and work with exchange online.

Okay? So the other thing is, when email is being sent to your on prem users, your mailboxes are all being migrated out to office 365. And ultimately, you’ll have to make sure that your DNS has updated MX records that are pointing to the office 365 environment as well. So your MX records have to be pointing to the exchange online services in order for that to happen. All in all, a cut over migration, though, is a great solution. Again, if you’re a smaller medium sized business and you’re looking just to get everything out there as quickly as possible.

2. Minimal Hybrid Migrations

Now when it comes to minimum hybrid deployments, these are going to be a good solution for you in certain circumstances. So let’s talk about some of the reasons why we might want to move to a hybrid deployment. These are definitely some facts you’re going to want to know if you’re planning on taking the exam as well. So first things first. If you have more than 2000 users and plan to move to Exchange Online, this could be a good solution for you. It’s not as involved as what we call a full hybrid configuration, but we can’t do a cut over because we have more than 2000 users. Okay? The great thing about performing this particular action is it’s not all of that involved. We don’t need what’s called a Federated trust or any of that between On Prem and our Exchange Online environment. This is also going to be suited when you want to move users in blocks.

So maybe I want to move a group of user mailboxes out to the cloud, but I’m not ready to move everybody immediately. The hybrid deployment, the minimum hybrid deployment is also going to be suited for companies that are looking maybe to spend a few weeks migrating or maybe a couple of months migrating. This isn’t usually meant for a very long period of time. And one of the main reason it’s not is because, and this is one of the key facts you’re going to want to remember about the minimum hybrid. It does not synchronize free busy information between your On Prem environment Exchange Online. In order to do that, you have to have a Federated relationship which involves digital certificates and all of that trust relationship. And that’s where you would do what’s known as a full hybrid deployment.

So your free busy information, being able to put on a calendar, you’re free or you’re busy or whatever, that’s not going to be synchronized. So again, this is not going to be a solution that’s really meant for you to stay for a very long period of time in this minimum hybrid deployment solution. Now another thing to consider here, there’s actually quite a few features that we have available to us. One thing that’s good is we get complete control over mail flow. We get to make the decision on how mail flow is going to occur. And one of the great things there is mail flow is all going to get encrypted. So everything is going to be using either SSL, TLS encryption, ideally TLS encryption transport layer security because that’s more secure. But we have complete control over that. Now one thing to consider here is two that’s nice is we’re going to use shared domain namespaces. What that basically means is that our On Prem domain namespace will match our Exchange Online. So if my on premise domain name is Examlabpractice. com, then my Exchange Online also can be Examlabpractice. com and I can have mail flowing from On Prem out and mail flowing from the outside in and the two can work together. My on Prem exchange server. Can work with Exchange online.

Okay, the other thing that happens here is the gal, the global address list is going to be shared between your onprem environment as well as Exchange Online. They call it a shared address book. So the global address book becomes the shared address book between the two. Okay? You also have centralized control of your inbound and outbound mail flow.

So I was telling you that just a second ago a little bit. One of the good things about this is with mail flow, we can control how mail is going to work. Now it’s actually recommended that all mail flow at some point through Exchange Online, okay? Now the reason for that is because Exchange Online has EOP Exchange Online Protection, which involves malware protection, filtering, connection filtering, spam filtering.

And we’ve also got another thing. If you have this as a subscription, you have a thing called ATP Advanced Threat Protection. And Advanced Threat Protection is really nice because it’s going to take things a step further with scanning your attachments and scanning your links. In fact, you actually have this thing called a detonation chamber, which is actually a virtualized container that Advanced Threat Protection uses. And every single attachment and every single link gets executed inside that detonation chamber, that virtualized container, and it analyzes what the attachment tries to do as well as a link that somebody was trying to open to tries to detect if there’s something malicious.

So you get two really fantastic features with Exchange Online. You have exchange online protection and advanced threat protection. Okay? So Microsoft actually recommends that all mail flow through Exchange Online, even internal mail that’s going out should not bypass Exchange Online and go out. It should go through Exchange online. And mail that needs to go to a mailboxes on the inside should flow through Exchange Online back into your on prem Exchange.

That’s something they recommend. Okay? So those are some of your little benefits that you’re going to get there for your mail flow. The other thing is with Outlook, you can utilize a single URL that’s going to work on both sides. Like I could have Mail Examlabpractice. com that’s used on the inside to reach Exchange, and then I’ve got Mail Exam lab practice on the outside. So these two things can all work together. You can have on the outside it flows into Exchange Online. On the inside, it flows to your mail server and your mail server can send the mail out to Exchange Online. So this is all done with the mail flow features and connectors and all of that while this hybrid migration is still in place.

So the other thing is you have the ability to move your existing on prem mail servers out to Exchange Online. Believe it or not, you can actually move mail from Exchange Online back to on premise. So the great thing about this is this is not like a set in stone thing where it’s like, okay, once you put it in place, that’s it, there’s no going back. You actually can. If your company decides, well, we’re not really fans of Exchange Online, we’ve changed our mind, we’re going to go back to our Exchange server. You totally can do that. Okay. So the other thing is you’re going to be centralizing the management, everything through your EAC, the Exchange Admin Center, you can use that on premise.

And there’s a nice little Office 365 button you can click on to immediately work on the Exchange Online version of it as well. So basically everything’s going to happen in one browser space and you can jump between the two very easy. Another thing we have is cloud based message archiving. So your Exchange mailbox is actually just like we have on Prem, can have an archive mailbox for keeping things backed up. So it instantly gives us some redundancy for our mailboxes. Okay, now this is some of the needed components that you’re going to have here. Obviously, if you’re going to do a hybrid deployment, you have to have on premise Exchange servers and you also have to have an Exchange Online organization, office 365, Microsoft 365 subscriptions.

So Microsoft 365 account with an Office 365 subscription. And then you’ll need Azure active directory. Of course, that comes with that’s part of the subscription. Anyway, you’re always going to have Azure ad. That’s the directory service. And then what you’ll need to do too, though, is you have to connect one of the requirements before you can run the Exchange Hybrid Configuration Wizard that’s going to set up your hybrid connection.

You must have Azure ad connected so with a cut over migration. Cut over migrations don’t require this, but the two hybrid scenarios, minimum hybrid and full hybrid, will require you to have an Azure ad connected, synchronized environment. So Azure Ad Connect is your server that’s going to connect your on premise Active Directory with your Azure ad and synchronize information between the two. Once that’s done, you can actually go into Exchange and go to the migration area and you can set up your hybrid. You can install the hybrid configuration wizard, also known as the HCW. And this is what’s going to kick off your migration. And this is going to help you with building your minimum hybrid configuration.

3. Full Hybrid Co-Existence Migrations

Okay. Now why would your environment be suited for a full hybrid deployment? Well, first off, you have more than 2000 users that you plan to migrate, which means you can’t do a cut over. And so you may decide to go full hybrid. And the main reason you might want to go full hybrid is because you want to keep your Exchange Online or Exchange Online on premise for a longer period of time. It could be that your Exchange on premises has got a lot of, as I like to say, tentacles all over in your environment. You might be using it for a bunch of things, compliance and things like that and you’re not quite ready to move into Exchange or I should say the Microsoft 365 services for all of that just yet. So this could be that you’re in a very large environment too.

So you could have tens of thousands to hundreds of thousands of users. So this is not going to be one and done, hey, let’s just do it over the weekend type of thing. This is going to be a long drawn out process. Or it could be depending upon the size of your environment and how complex your environment is. So the more complex the environment, you may be more suited for a full hybrid versus say, a minimum hybrid. There’s also something that’s pretty important and this is something that you want to definitely remember for the exam is that a full hybrid is the one deployment that also will synchronize your free busy information.

So if you need free busy information to be synchronized between on Prem, Exchange servers and Exchange Online, this is the solution for you. This is going to be the path that you’re probably going to want to take. Okay? Now some of the capabilities you have, a lot of these same capabilities are available with the minimum hybrid as well. You’re going to get the mail routing, secure mail routing, so it’s all going to be encrypted and secured. Your domain namespaces can be synchronized so I can have examlabpractice. com as my onprem domain as well as my cloud domain name.

You have a unified global address list that is also known as the shared address book that happens and gets synchronized between the two. The free busy information I just mentioned is going to synchronize as well, which is great because a user on Prem can say, hey, I’m busy during this day or these hours and Exchange Online is going to pick up on that. Okay? You have centralized control over inbound and outbound mail flow so you have complete control on how mail is going to be routed. And just like with minimum hybrid, full hybrid has the same recommendation.

Microsoft is going to recommend that you have all your mail routed through Exchange Online. So you can take advantage of EOP Exchange Online protection. And if you’ve got the right subscription, you can take advantage of ATP advanced threat protection, which means you get safe links and safe attachment features and all that, along with the malware filtering and spam filtering, connection filtering and all that good stuff. You also can have the single URL, one URL to rule them all, if you will. So like Mail Examlabpractice.com would work with that the ability to move existing on premise messages to your Exchange environment if you want, and also the ability to move your Exchange mailboxes and messages back to On Prem if you need to. So again, this is not a one way process. You can always migrate back if you decide and maybe change your mind. You get centralized control through the EAC, the Exchange Administrative Center, and you get the cloud based archiving feature. But ultimately the big thing here is that you get the long term solution free, busy synchronization and all that. Now, here are the components that are needed you need on Prem Exchange servers.

Obviously you have to have a change online organization, off 365 subscription, Microsoft 365 Account, Azure Ad authentication, and you got to have Azure Ad Connect. So you have to basically have an Azure Ad hybrid environment set up before you can set up the Exchange hybrid. So you have to have that synchronization happening with Azure Ad first. Then just like with minimum hybrid, you can run the hybrid configuration wizard and you can set up what’s going to synchronize back and forth.

Okay, now something else that is critical, that’s very different from what we have with on premise Exchange and Exchange Online with the minimum hybrid is we have to understand that with a full hybrid, we’re going to require federation. So this is going to be something that you must have in order to do that. This is known as a federated trust. And Azure Active Directory is going to use a cloud service that’s going to use what’s known as a trust broker that essentially is going to act as a trust broker between the On Prem environment and the online environment. So it builds a trust relationship. It utilizes digital certificates to build that trust.

And you’ll do this when you go through the hybrid deployment and you select to do a full hybrid, that’s where you’re going to build your trust relationship. Now the good news is, if you don’t have like Active Directory, Federated Services, or any of that stuff set up, it’ll build this trust relationship for you. It’ll set all of this up for you. The wizard will do it for you. If you actually do have an ADFS server, Active Directory, Federated Services, you can manually configure it. If you’re in a very complex environment and you need to manually configure all that, it is possible for you to manually configure it, but ultimately it is going to set that up automatically.

But that’s one of the key factors to remember is that if you’re going to do a full hybrid, there is a federation, a connection that’s got to happen in order to set that up. And that connection is what’s going to allow you to be able to synchronize the free busy information and all that back and forth between the on prem environment and Exchange Online. Okay, again though, the key thing here is you’re going to get a lot more out of a full hybrid and this is going to essentially happen. This can go years without you pulling the plug on Exchange on premise or you may decide never to pull the plug on Exchange on premise. That’s one of the beauty of the full hybrid is it’s completely and utterly your choice.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img