The big news in the Microsoft Exchange world this week is the release to Public Preview of the new Microsoft Hybrid Agent. In case you missed the announcement at Microsoft Ignite last year, the Hybrid Agent will allow you to configure Exchange Hybrid functionality without having to publish your on-premises Exchange servers to the internet. But is it as simple as that? I have captured some of the things you need to know about the Hybrid Agent which you might not realise from the headlines.
1. Not all Hybrid Functionality works
What the Hybrid Agent does enable is Free/Busy coexistence between Exchange Online and your Exchange on-premises mailboxes, and mailbox moves. But at the moment (remember this is still only the preview) MailTips, Message Tracking and Multi-mailbox search do not work.
2. You still need to open Port 25 and an SSL Certificate
Mail flow does not traverse the Hybrid Agent, so you will still need to enable mail flow between your servers and Exchange Online, meaning Port 25 must be open or Edge Servers will need to remain in place, and you will still need to use a publicly signed SSL certificate to secure mail flow between Exchange Online and on-premises.
3. No high availability
At present, the preview only supports a single Hybrid Agent in an Exchange Organisation, meaning you don’t have the ability to make your Hybrid Agent highly available – if the agent server goes down, or needs an update, your coexistence functionality won’t work either. The same is also true of the internal Exchange servers used. The Agent saves the FQDN of the server you specify when you run the Hybrid Configuration Wizard, meaning if that Client Access Server is unavailable, again, your coexistence functionality will be too.
4. No Hybrid Modern Authentication
With Exchange 2016 onwards, you can use Hybrid Modern Authentication to secure your on-premises Exchange Server with Azure Active Directory, however, not with the Hybrid Agent you can’t! I find this particularly strange as the Hybrid Agent uses the Azure Application Proxy technology for proxying inbound connections from Exchange Online, the same method I use to secure Exchange on-premises in my series I published last year. Needless to say this is not currently supported, so beware if you are thinking of adopting this approach or already have with Exchange 2016 or Exchange 2019.
5. Support Limitations
Lastly, as with any Public Preview, there are support limitations with running the Hybrid Agent, and these are detailed when installing the Agent. Make sure you read these carefully if you are deploying the Hybrid Agent in a production environment!
Hopefully this quick overview helps with some things you may have missed when initially hearing about the Hybrid Agent, and will help any awkward mistakes when deploying in your own environments!