Microsoft has released a very welcome update to the Exchange Online environment of the Microsoft 365 service, which brings relief to IT departments regarding the management of Exchange hybrid environments. The update enables the management of Exchange attributes directly from the cloud, even for users synchronized from AD whose mailboxes are located in Exchange Online. Above IT’s ‘consigliere’ Mika Hakkarainen delved into this topic in his blog post this month!
What is changing?
Until now, organizations using a hybrid Exchange solution have had to maintain an on-premises Exchange server or Exchange management tools solely because it was the only officially supported method by Microsoft for managing Exchange attributes. It is known that some organizations have chosen a path where the Exchange server was removed after cloud migration of mailboxes, and Exchange attributes were managed using Active Directory management tools or third-party products. However, this has not been a supported or recommended method by Microsoft. More information on this topic can be found in the following blog post from the Microsoft Exchange team: Introducing Cloud-Managed Remote Mailboxes: a Step to Last Exchange Server Retirement | Microsoft Community Hub
With the new feature, the Source of Authority (SOA) for Exchange-specific attribute management can be moved to the cloud, while other identity-related attributes will continue to be managed by the on-premises Active Directory. Enabled by this new change, for example, email address modifications can now be made from Microsoft 365 administration portals.
How to enable the feature?
The feature is currently available in ”preview”, and is enabled on a per-user basis by setting an attribute in the cloud IsExchangeCloudManaged to true. In practice, this setting prevents the Entra Connect service from updating Exchange attributes from the on-premises environment. If needed, management can be reverted to the on-premises side by setting the attribute back to false.
A requirement for deployment is that the Entra ID Connect service must be in use and the application version must be at least 2.5.76.0. More information on requirements and deployment can be found in the following Microsoft article: Cloud-based management of Exchange attributes for Remote Mailboxes in hybrid environments (Preview) | Microsoft Learn
At the time of writing this blog post, the first phase available is the transition of Exchange attribute management to cloud-based. In a later phase, a ”Write-Back” feature will be introduced, where attribute changes made from the cloud will also be written back to AD. In the currently released first phase, the data may not necessarily match, nor are they synchronized with each other in any way.
What are the benefits?
In my opinion, this new feature is a very welcome step towards a fully cloud-based management model. Organizations can now decommission their last Exchange or management tool server. Similarly, organizations that are currently updating Exchange attributes in an unsupported manner will gain relief in maintenance and, above all, return to a Microsoft-supported way of performing Exchange maintenance.
Key benefits:
- Simplifies management processes
- Reduces maintenance costs
- Improves security and manageability by centralizing management in the cloud
Summary
Cloud management of Exchange attributes is a welcome update that addresses a long-standing need to simplify hybrid environment management and eliminate reliance on on-premises Exchange servers. I highly recommend exploring this feature if your organization uses hybrid solutions.
Do you have questions about your environment’s cloud manageability? Contact us below to discuss further.