This guide is designed to provide detailed instructions on how to configure IceWarp in a hybrid environment with Microsoft 365.
The outcome is to use the same domain on both servers, where some users are located on Microsoft 365 and the rest is on IceWarp. This setup is particularly popular when companies want to run with two independent solutions.
To start with, you will need a custom domain (if you still need to get it, there are plenty of domain Registrars around you can purchase it from) and an active Microsoft 365 account, at least a Microsoft 365 Business Basic plan.
We will use "x3solar.com" to demonstrate the setup in the steps below. Before you continue, it is important to mention that IceWarp Server must be configured first (you must be able to send and receive e-mails from and to your IceWarp Server); therefore, have the DNS and domain certificate (for example, Let's Encrypt) in place before setting up Microsoft 365 (Microsoft requires to validate new Connectors through the validation e-mail).
1. ICEWARP SETUP
Choose between an on-premise installation or a ready-made server in the Cloud to start and add domains and users through the Remote Admin Console or WebAdmin interface.
Make sure that each user is located only on one of the servers. If the same users are on both servers, you must differentiate them by choosing a unique alias.
Users can be added through the remote admin console via Domains & Accounts - Management - "your domain" - right-click the domain name (shortcut CTRL+U) - "+ Create new..." and then "User". Or in the menu "Accounts", "+ Create new..." and then "User".
In the WebAdmin, you can use this process -> Click on "+" -> New user -> Fill the form -> Save.
If your IceWarp Server is fully operational, you can continue setting up a Microsoft account.
2. MICROSOFT 365 SETUP
1. Sign in or sign up for an account
2. Add a custom domain
Navigate to the main menu (hamburger button) and add a domain via Settings - Domains. If you do not see Settings, click on "... Show all" and it will unpack the complete menu, including the Settings option.
To add a new domain, click on the "+ Add domain", fill in the domain name, and "Use this domain" to continue the process. (check Add a domain video)
Microsoft needs to verify the domain owner first while adding the custom domain. To verify that the domain belongs to you, you can use a TXT or an MX record in DNS Manager to continue.
We have chosen the TXT option. Let's add a TXT record in this example.
The "Continue" button is below to continue.
In the next step, you'll need to add this specified TXT value to your DNS manager for the owned domain. But be careful here and enter only what you have been asked for by Microsoft.
|Verification by DNS|
Please note that the DNS update can take up to 48 hours. From our experience, it usually takes a couple of hours. Verification is proceeded by Verify button below on Microsoft's page.
The next step is to create a connection between our domain and Microsoft account after a successful owner's verification by adding specified DNS records. And again, add only what you have been asked for by Microsoft on their page. We will add DNS records to our domain in our DNS manager, as you will do with yours in your DNS manager.
The "Continue" button is below to continue. There are a few options in the next step. What to choose depends on what your DNS manager can handle to import. On this occasion, I chose to add records manually. The process is similar to what we added before in the verification step but with more records. We are adding MX, CNAME, and TXT (for SPF) records.
|TXT||@||v=spf1 include:spf.protection.outlook.com include:mail.x3solar.com -all||3600|
Please note that the DNS update can take up to 48 hours. From our experience, it usually takes a couple of hours. When you click the Continue button, Microsoft will check if the DNS records are correctly recorded.
Before continuing to the next step, check your domain's "Domain type" in the Exchange admin center Mail flow/ Accepted domains/and change it, if necessary, to the "InternalRelay".
While trying to change the Domain type, the following error can occur:
"Failed to update the accepted domain.
Error: Error executing cmdlet"
If you receive this error message, you must use PowerShell and run the following process to fix the error:
Open Powershell -> Install-Module ExchangeOnlineManagement → Import-Module ExchangeOnlineManagement → Connect-ExchangeOnline -UserPrincipalName <username> → Set-AcceptedDomain -Identity x3solar.com -DomainType InternalRelay
Where the "username" is Microsoft 365 account you have been using.
3. Add or create a user
You can add users from the Microsoft Admin center's Home page by clicking "+ Add user".
If you have added users, you must also add e-mail aliases. Choose your user and "Manage username and email" to add an alias to the user if needed.
Then "Save changes" at the bottom of the page.
4. Create a connection between IceWarp and Microsoft 365 service
Let's go back to the Microsoft 365 admin center to add Connectors which are interfaces between both servers.
Exchange Admin Center/ Mail flow/ Connectors/ "+ Add a connector", choose "Connection from" to "Your organization's email server", then the Next button.
Fill in the "Name" of the Connector, which is a mandatory item, and Description if needed, then the Next button.
The next step is the actual connection, then the Next button again.
The last step is to Review and "Create connector", and we have created our connection between servers in one way.
Now we need to create a connection in the opposite direction, from Microsoft 365 to IceWarp.
And in the last step, please review the connector settings and confirm by pressing the button "Create connector".
Because we are using a transport rule in the connector, we need to set up such rule.
In the Exchange admin center/ Mail flow/ Rules/ click to "+ Add a rule", then "Create a new rule".
The message has to be redirected using the connector "Office 365 2 IceWarp". The next page is "Set rule settings".
We keep these settings as default. The last step is to Review and finish, and the rule is now set.
6. Switch IceWarp Server to the Distributed domain type
To enable communication from IceWarp users to those living on the Office 365 server, we have to switch the mail.x3solar.com server to be a part of the distributed domain, which includes both servers.
The same setting applies in WebAdmin. Choose "Hamburger menu" -> Users & domains -> Click on Domain from Domain list -> Properties, and you can change the Type to "Distributed domain" here.
The connection between servers is designed for e-mails only.
The calendar invitation can be sent from the IceWarp user and received at the Office 365 mailbox; however, the calendar appointment's acceptance in the opposite direction cannot be received, and therefore the invited attendee can't accept the invitation.
The calendar invitation from the Office 365 mailbox cannot be sent due to Microsoft 365 design.
The IceWarp Server can greylist the incoming communication from the Office 365 servers. You have to add the IP addresses of Office 365 servers in the "Trusted IP" on this occasion. The "Trusted IP" is currently available only in the Remote Admin Console.
The Global Address List (GAL) can only be used via an external LDAP.
You can set it up under Domains & Accounts - Management - Yourdomain - Groups - Group tab - Populate GAL from external source (Directory Service).
Your setup is now complete.