I have been battling with Office365 support on this case for a little while, as what they have been telling me is/isn't possible, contradicts the documentation they have directed me to.
Some info:
- We have a 365 subscription with E3 licenses.
- We use ADFS and Azure AD connect, to provide single sign on and sync user objects from AD to Office365
- We wanted to extend our schema to include Exchange attributes to allow control of certain features currently not available to us
- We wanted to install Exchange on premise to allow proper supported management of Exchange attributes
I found Microsoft will provide a free Hybrid edition license key for Exchange 2016, so I decided we would be able to install and deploy an Exchange server in Hybrid mode. We have the server installed, and are preparing to deploy the Hybrid configuration.
The support rep advised me that all mail flow must go through Exchange on prem, and cannot go via 365. Essentially I think this is nonsense, as the on prem license does not allow us to host mailboxes, so this server should not be involved in mail flow at all. All it should do is act as the bridge between Exchange online and Active Directory.
He also said wildcard certificates are not supported in a Hybrid configuration, but couldn't tell me why.
Am I wrong in thinking that this scenario should be really straight forward and should work? We simply want all mail to continue going to 365, and it should not even touch our Exchange. All Exchange does is provide attributes, management tools and the organisational trust between AD and Exchange Online.
Regarding mailflow, to the best of my knowledge, your support rep was wrong. The recommended mailflow is described here:
https://technet.microsoft.com/en-us/library/jj937232(v=exchg.150).aspx#BKMK_HostedMailFlow
The on-prem server is, as you say, only existing to provide management tools and AD attribute setting.