Minimum of the Exchange hybrid configuration for Teams calendar sharing

Question

The company has recently deployed Microsoft Teams, but we prefer to keep everything else on-premises (mailboxes, mail flow in/out to the Internet).

We have a requirement to share calendar free/busy information between Microsoft Teams (in Microsoft 365) and our on-premises mailboxes. However, we do not want to configure any additional mail flow between Exchange on-premises and Exchange Online, and we want to avoid exposing our on-premises mailbox servers to Internet traffic. Additionally, since all mobile clients connect through a permanent VPN and use internal autodiscovery DNS, we prefer not to publish the autodiscovery record in the public domain.

Q1: Is it possible to achieve this with the mentioned restrictions?

Q2: Can we avoid running the Hybrid Configuration Wizard (HCW) and instead perform a minimal manual configuration?

What else, except listed below, do I need to have in place to get it working as expected?

1. Azure AD Connect: Configured and synchronizing user identities to Azure AD (completed)
2. Federation Trust: create and configure a federation trust
   1. Is there any port/traffic that I need to unblock from the Internet to on-prem to a specific server to get it working?
3. Organization Relationship: create an organization relationship both on-premises and in Exchange Online
   1. Is there any port/traffic that I need to unblock from the Internet to on-prem to a specific server to get it working?
   2. Do I need to publish an autodiscovery DNS record on the public domain?
4. Anything else?

We are concerned about the security implications of exposing the autodiscover service. Is there a safer alternative, such as utilizing the Edge Transport server to handle autodiscover requests?

Any tips highly appreciated.

Answer 1

Q1: No this is not possible.

Q2: This is possible to configure without the HCW, but I can tell you now that you do not want to do this manually. The HCW just makes the process easier. You will need to go through all the steps the HCW does anyway.

If you want more information on how Teams interacts with Exchange you can read up on the following page: https://learn.microsoft.com/en-us/microsoftteams/exchange-teams-interact

If you want to have any sort of interaction between Teams and your On-premises mailboxes, you will need a full Hybrid Exchange setup. Further more, if you have no legal compliance reason to keep your mailboxes on-premises. You will be able to make them more secure in the cloud by protecting them with Microsoft Entra Identity and Access management.

I hope this helps.

Answer 2

Hi，@Michal Ziemba

Here is a detailed introduction of HCW: Introducing the Microsoft Office 365 Hybrid Configuration Wizard - Microsoft Community Hub

Previously, HCW didn’t allow skipping any configurations, which sometimes led to a bad Exchange Server hybrid configuration state. However, now you can use the newly introduced Choose Exchange Hybrid Configuration feature to skip unnecessary steps for existing hybrid configurations.

You can refer to this link: HCW Choose Exchange Hybrid Configuration feature | Microsoft Learn

If my answer is helpful to you, please mark it as the answer so that other users can refer to it. Thank you for your support and understanding.