To eliminate your on-premises Exchange Server, you need to complete these tasks:
- Migrate all mailboxes and distribution groups to Office 365.
- Migrate the mail flow to Exchange Online.
- Set up all applications and multi-function printers (MFPs) to use Exchange Online.
This article will help you complete the last step.
How to Migrate Scan-to-Email to Office 365
You have a few options to set up your on-premises scan-to-email devices and custom applications to use Office 365 and Exchange Online directly.
The best option is to use SMTP authentication; most standard MFPs and applications support it.
To set up SMTP authentication for scan-to-email devices, you need to configure the following:
- Configure an application account to use for authentication.
- Configure one or more shared mailboxes to use for sending the emails.
- Delegate send-as permissions to the application account on the shared mailbox(es).
The steps are covered in more detail below.
1. Configure an Application Account
Create the application account in your on-premises AD. Configure the account with a non-expiring and complex password, select the Office 365 tab, click Create in Office 365, and select Normal User to immediately create a synchronized account in Azure AD:
(if you don’t have Easy365Manager installed, you can use PowerShell to synchronize Azure AD Connect or wait up to 15 minutes for synchronization to trigger).
Then assign an Exchange Online license to the application account (you can use this account for all applications and MFPs using different shared mailboxes). The mailbox properties will load automatically when the license is assigned, and the mailbox has been provisioned:
(if you don’t have Easy365Manager installed, you can log in to the Microsoft 365 Admin Center and assign the Exchange Online license or use PowerShell).
Make sure that MFA is disabled on the account. Different methods to accomplish this depend on how MFA is currently enforced in your organization.
Also, you have to enable the account for SMTP authentication. Follow the steps in this article.
2, Configure One or More Shared Mailboxes
The shared mailbox(es) will send the emails on behalf of your MFP or custom application.
You can set up multiple shared mailboxes to support various MFPs and applications or use the same shared mailbox for numerous instances.
The shared mailboxes don’t require an Exchange Online license.
Set up a new shared mailbox by creating a new disabled user account. Then select the Office 365 tab, click Create in Office 365, and select Shared mailbox to create a new shared mailbox:
(if you don’t have Easy365Manager installed, you can provision the shared mailbox using your standard procedure for setting up shared mailboxes).
3. Delegate Send-As Permissions to the Application Account
Finally, select the Mailbox tab, click Mailbox Delegation, and delegate the Send as permission to the application account:
(if you don’t have Easy365Manager installed, you can delegate send-as permissions from the Microsoft 365 Admin Center or use PowerShell).
Testing the Setup
It can be hard to troubleshoot the configuration from an MFP with a limited interface.
That’s why it’s helpful to verify your setup using PowerShell before starting to configure the MFP.
If there are any problems with your setup, PowerShell will generally provide error messages that will help you quickly pinpoint the issue.
Use PowerShell to test your setup using the following code:
# PoC - send email from shared mailbox using application mailbox.
# Pre-req's:
# - Application mailbox must be disabled for MFA (or have application password)
# - Application mailbox must be enabled for SMTP authentication
# - Application mailbox must have "Send As" permissions on shared mailbox
[System.Net.ServicePointManager]::SecurityProtocol = 'Tls,TLS11,TLS12'
$From = "No Reply <mfp01.room04@yourdomain.com>"
$To = "Some valid test account <someaccount@yourdomain.com>"
$Subject = "Test of SendAs with App Mailbox"
$Body = "OMG! It seems to be working..."
$UserName = "app.email@yourcomain.com"
$Password = ConvertTo-SecureString "PasswordOfAppEmailAccount" -AsPlainText -Force
$Creds = new-object -typename System.Management.Automation.PSCredential -argumentlist $UserName, $Password
$SmtpServer = "smtp.office365.com"
$Port = "587"
Send-MailMessage -From $From -To $To -Subject $Subject -Body $Body -Credential $Creds -SmtpServer $SmtpServer -Port $Port -UseSsl
If everything is setup correctly, you should receive an email at someaccount@yourdomain.com sent from mfp01.room04@yourdomain.com.
Setting Up the MFP or Application
The final step is to configure your MFP or application.
Use the following information to complete the configuration:
SMTP Server = smtp.office365.com
Port = 587
TLS/StartTLS = Enabled
UserName = app.email@yourcomain.com
Password = password of app.email
Sender Address = shared mailbox emailSettings may vary depending on your system.
Summary
Hopefully, the above information will help you complete the transition to Office 365 and eliminate Exchange on-premises.
Exchange on-premises has a lot of direct and indirect costs, including the following:
- Operating system license.
- Hardware/VM resources.
- Power.
- Time spent on patching, troubleshooting, and monitoring.
- Potential third-party licenses for backup, AV, and monitoring.
Add to that the risk of being hit by the frequent zero-day exploits specifically targeting Exchange on-premises.
The biggest challenge of removing Exchange on-premises is the management of email attributes in your on-premises AD.
Easy365Manager will allow you to manage on-premises email attributes AND your Exchange Online mailbox settings directly from AD user properties.
Even complex tasks like calendar delegation that otherwise require complex PowerShell scripting:
This will save you tons of time and allow you to move a lot of tasks from senior admins to first-level support.
But most importantly, it will make hybrid Office 365 management FUN!
Download your free 30-day trial here.