This guide is designed to provide detailed instructions on configuring IceWarp in a hybrid environment with Microsoft 365.
The outcome is to use the same domain on both servers, where some users are located on Microsoft 365 and the rest is on IceWarp. This setup is particularly popular when companies want to run with two independent solutions.
First, you will need a custom domain (if you still need to get it, there are plenty of domain Registrars around you can purchase it from) and an active Microsoft 365 account, at least a Microsoft 365 Business Basic plan.
We will use "x3solar.com" to demonstrate the setup in the steps below. Before you continue, it is important to mention that the IceWarp Server must be configured first (you must be able to send and receive e-mails from and to your IceWarp Server); therefore, have the DNS and domain certificate (for example, Let's Encrypt) in place before setting up Microsoft 365 (Microsoft requires to validate new Connectors through the validation e-mail).
1. ICEWARP SETUP
Choose between an on-premise installation or a ready-made server in the Cloud to start and add domains and users through the Remote Admin Console or WebAdmin interface.
Make sure that each user is located only on one of the servers. If the same users are on both servers, you must differentiate them by choosing a unique alias.
Users can be added through the remote admin console via Domains & Accounts - Management - "your domain" - right-click the domain name (shortcut CTRL+U) - "+ Create new..." and then "User". Or in the menu "Accounts", "+ Create new..." and then "User".
In the WebAdmin, you can use this process -> Click on "+" -> New user -> Fill the form -> Save.
If your IceWarp Server is fully operational, you can continue setting up a Microsoft account.
2. MICROSOFT 365 SETUP
1. Sign in or sign up for an account
After you log in, please navigate to "Admin Center". You can find this option on the left panel.
2. Add a custom domain
Navigate to the main menu (hamburger button) and add a domain via Settings - Domains. If you do not see Settings, click on "... Show all", and it will unpack the complete menu, including the Settings option.
To add a new domain, click on the "+ Add domain", fill in the domain name, and "Use this domain" to continue the process. (check Add a domain video)
Microsoft needs to verify the domain owner first while adding the custom domain. To verify that the domain belongs to you, you can use a TXT or an MX record in DNS Manager to continue.
We have chosen the TXT option. Let's add a TXT record in this example.
The "Continue" button is below to continue.
In the next step, you must add this specified TXT value to your DNS manager for the owned domain. But be careful here and enter only what you have been asked for by Microsoft.
|Verification by DNS
Please note that the DNS update can take up to 48 hours. From our experience, it usually takes a couple of hours. Verification is proceeded by the Verify button below on Microsoft's page.
The next step is to create a connection between our domain and Microsoft account after a successful owner's verification by adding specified DNS records. And again, add only what you have been asked for by Microsoft on their page. We will add DNS records to our domain in our DNS manager, as you will do with yours in your DNS manager.
The "Continue" button is below to continue. There are a few options in the next step. What to choose depends on what your DNS manager can handle to import. On this occasion, I chose to add records manually. The process is similar to what we added previously in the verification step but with more records. We are adding MX, CNAME, and TXT (for SPF) records.
|v=spf1 include:spf.protection.outlook.com include:mail.x3solar.com -all
Please note that the DNS update can take up to 48 hours. From our experience, it usually takes a couple of hours. When you click the Continue button, Microsoft will check if the DNS records are correctly recorded.
Before continuing to the next step, check your domain's "Domain type" in the Exchange admin centre Mail flow/ Accepted domains/and change it, if necessary, to the "InternalRelay".
While trying to change the Domain type, the following error can occur:
"Failed to update the accepted domain.
Error: Error executing cmdlet"
If you receive this error message, you must use PowerShell and run the following process to fix the error:
Open Powershell -> Install-Module ExchangeOnlineManagement → Import-Module ExchangeOnlineManagement → Connect-ExchangeOnline -UserPrincipalName <username> → Set-AcceptedDomain -Identity x3solar.com -DomainType InternalRelay
Where the "username" is the Microsoft 365 account you have been using.
3. Add or create a user
You can add users from the Microsoft Admin Center's Home page by clicking "+ Add user".
If you have added users, you must also add e-mail aliases. Choose your user and "Manage username and email" to add an alias to the user if needed.
Then "Save changes" at the bottom of the page.
4. Create a connection between IceWarp and Microsoft 365 service
Let's go to the Microsoft 365 admin center -> Hamburger menu -> Exchange to add Connectors, which are interfaces between both servers.
Exchange Admin Center/ Mail flow/ Connectors/ "+ Add a connector", choose "Connection from" to "Your organization's email server", then the Next button.
Fill in the "Name" of the Connector, a mandatory item, and Description if needed, then the Next button.
The next step is the actual connection, then the Next button again.
The last step is to Review and "Create connector", and we have created our connection between servers in one way.
Now, we need to create a connection in the opposite direction, from Microsoft 365 to IceWarp.
In the next step, please insert the hostname of your IceWarp server. You can find this information in Remote Console -> System -> Services -> Smart Discover -> Hostname.
After this step, you have to validate your email address. Please insert the email address of the user, which we have created on the IceWarp side.
In the last step, please review the connector settings and confirm by pressing the button "Create connector".
6. Change the type of domain on the IceWarp server
To enable communication from IceWarp users to those living on the Office 365 server, we have to switch the mail.x3solar.com server to be a part of the distributed or backup domain, which includes both servers.
The backup domain will be used when you want to create a hybrid setup with Microsoft 365 because every time you want to create a user on the IceWarp side, Microsoft will respond with "Yes, the user exists on our side", no matter what. We can not control this behaviour.
IceWarp + M365 will look like this
IceWarp + Exchange will look like this
The same setting applies in WebAdmin. Choose "Hamburger menu" -> Users & domains -> Click on Domain from Domain list -> Properties, and you can change the Type to "Distributed domain" or "Backup domain" here.
The connection between servers is designed for e-mails only.
The calendar invitation can be sent from the IceWarp user and received at the Office 365 mailbox; however, the calendar appointment's acceptance in the opposite direction cannot be received, and therefore, the invited attendee can't accept the invitation.
The calendar invitation from the Office 365 mailbox cannot be sent due to Microsoft 365 design.
The IceWarp Server can greylist the incoming communication from the Office 365 servers. You must add the IP addresses of Office 365 servers in the "Trusted IP" on this occasion and untick the option "Reject if originator's domain is local and not authorized".
The "Trusted IP" is available only in the Remote Admin Console.
The Global Address List (GAL) can only be used via an external LDAP.
You can set it up under Domains & Accounts - Management - Your domain - Groups - Group tab - Populate GAL from an external source (Directory Service).
Your setup is now complete.