Exchange Hybrid - How Free Busy works | on-premise to EXO and EXO to on-premise Free Busy look ups - Part 4

Hello All

In this particular Series

We will be discussing what is free busy ,and the architecture of free busy in Exchange Hybrid deployment.

We will be discussing the free busy lookups from on premise to Exchange Online and from Exchange Online to on premises. 

Free busy is a feature that allows you to see when others are free, busy or they are out of office, so that you can schedule your meetings with them. Or you can find an appropriate time for your meetings.

Let's say we have two users aisha and alan . Both users work in the same organisation. aisha works in IT department and alan works in HR department.

 Aisha wants to schedule a meeting with alan at 5 PM. Now to check if alan is available at 5pm. For a meeting,  means Aisha can simply call him and he can ask if he can schedule a meeting with alan at 5pm. But what if alan is not answering the phone or he's not available

then how Aisha will find out if alan is available at 5pm ? so that he can schedule a meeting with him. 

Now this is where free busy comes in the picture.

 To check Alan's availability, Aisha will log into his Outlook Client, he will create a meeting, he will add alan as an attendee in scheduling assistant. And he will be able to check if alan is available at 5pm or he is not available. If alan is available, then Aisha will schedule the meeting.

And if alan is busy during that time, then Aisha will have to reschedule this meeting.

Now let's understand how to identify if someone is free or busy. Within scheduling assistant, if you see blue coloured blocks, that means user is not available or he has another meeting during that particular time.

If you see blocks with blue colour lines that indicate the attendee has received your meeting, but he hasn't accepted the meeting yet.

And these type of meetings are called tentative meetings. 

Next is out of office. 

It means you are trying to reach someone when he is on vacation or he is not in office. No information indicates that Free busy  is not able to retrieve the availability for that particular user

Now before we jump into free busy working, let me discuss few important concepts. 

The first important concept that I'm going to discuss is Federation trust.

A Federation trust creates a trust relationship between two different organisations. When you sign up for an office 365 tenant, a federation trust is automatically created with Microsoft Federation Gateway

Microsoft Federation Gateway is now called as your authentication system as your authentication system is a cloud based service that works as a mediator between two organisations.

when this federation trust is created, as your authentication system assigns certain values for this federation trust you can check these values by running get -Federationtrust |  FL in Exchange Online PowerShell.

For every office 365 tenant you will see 260563 value in application identifier attribute and application URI will have a value outlook.com But for on premises exchange organisation of Federation trust is not created automatically.

We can create a federation trust between on premise exchange and Azure authentication system by running it through HCW or it can be created with the help of PowerShell commands.

 If you run get-Federationtrust | FL in on premises exchange organisation you will see an application identity value and application URI that is assigned by Microsoft Federation Gateway to your on premises exchange organisation.

The initial part of application URI will remain same for every on premise exchange organisation, and only domain name will differ.

The second important concept that I want to discuss is the changes that are done in the attributes of mailboxes when we deploy Exchange Hybrid, or when you migrate on premise mailboxes to office 365.

The second important concept that I want to discuss is the changes that are done in the attributes of mailboxes when we deploy Exchange Hybrid, or when you migrate on premise mailboxes to office 365. So let's assume that we have Exchange Hybrid deployed. 

We have one user in on premise with named Aisha Smith, and the other user alan Ross that had a mailbox in on premise earlier but now he is migrated to office 365. Aisha's mailbox is hosted in on premise. 

in Exchange Hybrid, we used to deploy Azure AD Connect, and this is one of the prerequisites for Exchange Hybrid deployment. When Aisha's account was synchronised to office 365. This account will reflect as a mail enabled mail user in office 365.

This mail user account will have a target address alan@cloudmonkeys.xyz added in external email address attribute.

external email address attribute is used for auto discover query or to route emails from office 365 to on premises. 

This account will have a secondary email address in on premises as Aisha@cloudmonkeys.mail.onmicrosoft.com. 

Alan's mailbox was an on premise earlier, but now it is migrated to Exchange Online. So now alan has a remote mailbox in on premises exchange. He has a target address added in on premise mailbox that is alan@cloudmonkeys.mail.onmicrosoft.com. 

When Alan's mailbox was migrated to office 365, a secondary email address was added in office 365 That is alan@cloudmonkeys.mail.onmicrosoft.com. 

So these are the attributes that are stamped when we deploy Exchange Hybrid, or we migrate users from on premise to office 365. 

Now the difference between primary and secondary email address is that primary email address is used to send and receive emails, but the secondary email address can be used to retrieve emails only, or to receive emails only.

We cannot send emails using secondary email address.

The third Important concept that I want to discuss is free busy lookups or free busy directions in Exchange Hybrid. 

In Exchange Hybrid deployment there are two types of free busy lookups when an on premise user wants to check availability of a cloud user, this type of lookup is called on premise to cloud lookup. And when office 365 user wants to check availability of an on premises user, this type of lookup is called Cloud to on premise lookup.

Scenario

So now let's understand how free busy lookups work from on premise to cloud and from cloud to on premise. 

Let's assume that Onprem1[user]whose mailbox is in on premise wants to schedule a meeting with Alan whose mailbox was migrated from on premise to office 365.

 Onprem1 wants to check if alan is available during that time so that he can book the meeting,  So Onprem1 will create a meeting from Outlook or from OWA. 

He will add Alan as an attendee within the scheduling assistant. Then on premise Exchange Server will find that alan has a target address that is pointing to cloudmonkeys.mail.on microsoft.com and this mailbox is not an on premises

Exchange Server has a service that is called availability service that is responsible to provide up-to  date information of free busy availability service will try to find a path to query alan's free busy information from office 365. 

Availability service will first check if on premise Exchange Server has intra organisation connector with domain name cloudmonkeys.mail.on microsoft.com

Inra organisation connector is created if you have Exchange Server 2013 2016 or 2019.

If there is no intra organisation connector, then availability service will look for organisation relationship that is configured with domain name cloudmonkeys.mail.on microsoft.com.

Suppose there is no intra organisation connector and organisation relationship. In that case, availability service will look for availability address space. 

Availability address space has a domain name set to cloudmonkeys.mail.onmicrosoft.com and this is used for free busy lookups when there is no organisation relationship or intra organisation connector. 

Onprem to M365 Cloud Mailbox Free busy Lookup's

Let's assume the on premise Exchange Server has organisation relationship availability service

organisation relationship will lookup  for application URI attribute that is set to outlook.com 

outlook.com is an identifier for the office 365 organisation trust in Azure authentication system or Microsoft Federation Gateway

Now at this point, availability service has found how it can reach office 365 organisation where Cloud mailboxes located

Availability service will request a Azure authentication system for a delegation token so that it can communicate with Office 365.

Azure authentication system will send a delegation token to the on premise Exchange Server. When Exchange Server will receive the token, it will send an autodiscover request to Exchange Online.

This request is sent to the URL that is mentioned within target autodiscover EPR attribute of organisation relationship.

 if auto discover request is passed,  On Premise exchange,will make an EWS request to Exchange Online along with the delegation token.

Exchange Online will check and validate the delegation token that was issued to on premise organisation by Microsoft Federation Gateway. Once this token is verified, Exchange Online will return free busy information of M365 's mailbox.

How free busy lookup works from Exchange Online to on premise.

In this scenario, Alan[M365] wants to see free busy information of Onprem1[user]. Alan's mailbox was migrated from on premise to office 365. And onprem1 mailbox is an exchange on premise

Onprem1 is synchronised to office 365 as a mail enabled mail user because we have Exchange Hybrid deployment.

Alan [m365] will log into his outlook or OWA he will create a meeting and will add Onprem1  as an attendee within scheduling assistant.

Exchange Online Server will try to find Onprem1's  mailbox so that it can retrieve its free busy information,  But Exchange Online will find that onprem1  is a mail user and it has a target address added within the external email address attribute.

Now availability service that is running on Exchange Online will try to find a path to reach on premise organisation so that it can fetch Onprem1's free busy information

Availability service will first check if there is an intra organisation connector created with domain cloudmonkeys.xyz.

If there is no intra organisation connector created, then availability service will look for organisation relationship that is created with domain cloudmonkeys.xyz

If no inter organisation connector or organisation relationship is found, then availability service will look for availability address space.

Availability address space will check the domain name within domain attribute of availability address space, and will try to find the on premise organisation.

Let's assume we have organisation relationship configured in Exchange Online

Availability service will check target application URI attribute that has a value of the Federation trust between on premise and Azure authentication system.

Now availability service knows that I need to contact this organisation to collect onprem1's free busy information. Then Exchange Online will make a request to Azure authentication system for a delegation token,so that it can communicate with on premise organisation.

Azure authentication system will issue a delegation token to Exchange Online. 

Once this token is received, Exchange Online we'll make an auto discover request to on premise organisation.

This request is sent to the URL that is mentioned in the target address URI of organisation relationship in Exchange Online

Please note : If this URL is incorrect, autodiscover request will fail. 

Once autodiscover request is passed, Exchange Online will make an EWS request to compromise along with delegation token.

On Premises exchange will validate the token and once validation is successful, it will return free busy information to Exchange Online and Alan[M365] will be able to see whether onprem1 user is  free or he is busy at that time.

 So this is how free busy lookups work in Exchange Hybrid deployment. So if you have learned something new from this whole exchange hybrid series, please write in comments