Architecture & Solution Design
Visual representations of the primary migration paths and solution architectures for Exchange Server End of Support.
Table of contents
Use Case 1: Microsoft 365 / Exchange Online (Cloud First)
The Cloud First strategy is recommended for organizations seeking the lowest TCO and a modern, always-up-to-date mail infrastructure. (Exchange Online documentation)
graph TD
subgraph "On-Premises Infrastructure"
AD[Active Directory]
Apps[LOB Apps / Printers]
end
subgraph "Microsoft Cloud"
Entra[Microsoft Entra ID]
EXO[Exchange Online]
EOP[Exchange Online Protection]
end
AD -- "Entra ID Connect" --> Entra
Apps -- "SMTP Relay" --> EXO
Internet((Internet)) -- "MX / SMTP" --> EOP
EOP --> EXO
Users[Users / Outlook] -- "Modern Auth / O365" --> EXO
Key Components:
- Microsoft Entra ID: Provides identity synchronization and Single Sign-On (SSO) (Entra ID hybrid identity).
- Exchange Online Protection (EOP): Handles anti-spam and anti-malware filtering as the primary entry point.
- SMTP Relay: Local devices and applications are updated to relay directly to the cloud or via a simplified on-premises relay.
Use Case 2: Hybrid Coexistence (Transitional/Long-Term)
The Hybrid architecture is ideal for large organizations that need a phased migration or have specific compliance requirements that keep some mailboxes on-premises.
graph LR
subgraph OnPrem["On-Premises"]
EX19[Exchange Server 2019 / SE]
LocalMB[(Local Mailboxes)]
end
subgraph M365["Microsoft 365"]
EXO[Exchange Online]
CloudMB[(Cloud Mailboxes)]
end
Internet((Internet)) -->|MX / SMTP| EX19
Users[Users] --> EX19
Users --> EXO
EX19 -->|Hybrid Connector TLS| EXO
EXO -->|Hybrid Connector TLS| EX19
EX19 -.->|Cross-Premises Free/Busy| EXO
EX19 --- LocalMB
EXO --- CloudMB
Key Components:
- Hybrid Configuration Wizard (HCW): Establishes the trust and secure mail flow between environments .
- Shared Namespace: Users share the same
@company.comdomain regardless of where their mailbox is located . - Cross-Premises Free/Busy: Allows users to see each other’s calendar availability during the transition.
Use Case 3: On-Premises Modernization (Exchange Server SE)
The On-Premises strategy is for organizations that must maintain data sovereignty due to strict regulatory or data residency requirements. (Exchange Server SE new features)
Exchange Server SE was released June 11, 2025. Its RTM build is code-equivalent to Exchange Server 2019 CU15. Organizations running Exchange 2019 CU14 or CU15 can perform an in-place upgrade on existing hardware.
Upgrade Path Diagram
flowchart LR
EX2016["Exchange Server 2016\n(EOL Oct 2025)"]
EX2019old["Exchange Server 2019\n(CU13 or older)"]
EX2019cu["Exchange Server 2019\nCU14 / CU15"]
EXSE["Exchange Server SE\n(Released Jun 2025)"]
Cloud["Microsoft 365 /\nExchange Online"]
EX2016 -->|"New server deploy\n(no in-place)"| EXSE
EX2016 -->|"Recommended\nmigration"| Cloud
EX2019old -->|"Update CU"| EX2019cu
EX2019cu -->|"In-place upgrade\n(same hardware)"| EXSE
EX2019cu -->|"Migrate"| Cloud
High Availability Architecture
graph TD
subgraph Primary["Primary Datacenter"]
LB1[Load Balancer]
EXSE1[Exchange SE Server 1\nWindows Server 2022]
EXSE2[Exchange SE Server 2\nWindows Server 2022]
DAG[(Database Availability Group)]
end
subgraph Secondary["Secondary Datacenter - DR"]
EXSE3[Exchange SE Server 3\nPassive DR Node]
end
Internet((Internet)) --> LB1
LB1 --> EXSE1
LB1 --> EXSE2
EXSE1 <--> DAG
EXSE2 <--> DAG
DAG -.->|"Continuous Replication\n(log shipping)"| EXSE3
Key Components:
- Database Availability Group (DAG): Provides high availability and continuous replication of mailbox databases.
- Exchange Server SE: Released June 2025; subscription-based successor to Exchange 2019 with in-place upgrade from CU14/CU15. Supports Windows Server Core, enforces TLS 1.2/1.3, and includes modern authentication via ADFS.
- Load Balancer: Distributes client traffic across multiple servers to ensure service availability.
- Windows Server 2022: Required OS for new Exchange SE deployments; Windows Server Core now supported for the first time.
Document References
| Topic | Microsoft Source |
|---|---|
| Exchange Server SE — What’s New | What’s new in Exchange SE |
| Exchange SE architecture | Exchange Server architecture |
| Exchange SE upgrade paths (blog) | Upgrading to Exchange Server SE |
| Exchange SE system requirements | System requirements for Exchange SE |
| Exchange Online documentation | Exchange Online |
| Entra ID hybrid identity | Microsoft Entra ID hybrid identity |
| Hybrid deployment overview | Exchange Server hybrid deployments |