The following prerequisites are required for configuring a hybrid deployment:

1. On-premises Exchange organization   On-premises Exchange 2003-based organizations or later are required for a hybrid deployment. For Exchange 2003 and Exchange 2007 organizations, at least one Exchange 2010 Service Pack 2 (SP2) server must be installed in the on-premises organization to run the Hybrid Configuration wizards and support hybrid deployment functionality. All other on-premises Exchange servers must have the latest service packs installed.
   
   Learn more at: What's New in Exchange 2010 SP2.
   
   
2. Install Exchange rollup packages   You must install the latest Exchange 2010 SP2 rollup packages on all hybrid servers to properly configure and avoid problems when configuring a hybrid deployment. Microsoft releases update rollup packages approximately every six to eight weeks. The rollup packages are available via Microsoft Update and also through the Microsoft Download Center. In the Search box on the Microsoft Download Center, type "Exchange 2010 SP2 update rollup" to find links to the Exchange 2010 SP2 rollup packages.
   
   Find update rollup packages at: Microsoft Download Center
   
   
3. Office 365 for enterprises   An Office 365 for enterprises tenant and administrator account and user licenses available on the cloud service to configure a hybrid deployment.
   
   Learn more at: Sign up for Office 365
   
   
4. Custom domains   Register any custom domains you want to use in your hybrid deployment with Office 365. You can do this by using the Office 365 Administrative portal, or by optionally configuring Active Directory Federation Services (AD FS) in your on-premises organization.
   
   Learn more at: Add your domain to Office 365
   
   
5. Active Directory synchronization   Deploy Office 365 Active Directory synchronization in your on-premises organization.
   
   

   Important:
   If you signed up for your Office 365 tenant organization during the Office 365 beta program and enabled Active Directory synchronization, you must run the following Shell command in your Office 365 organization to create a coexistence domain (<domain>.mail.onmicrosoft.com) for your organization. Set-MsolDirsyncEnabled -EnableDirsync $true

   Learn more at: Active Directory synchronization: Roadmap
   
   
6. Client Access and Hub Transport servers   Install one or more Exchange 2010 SP2 Client Access and Hub Transport servers in your on-premises organization. If you’re configuring a hybrid deployment for an Exchange 2003 on-premises organization, you must also install the Mailbox Server role on at least one Exchange 2010 SP2 server added for the hybrid deployment.
   
   
7. Autodiscover DNS records   Configure the Autodiscover public DNS records for your existing SMTP domains to point to an on-premises Exchange 2010 SP2 Client Access server.
   
   
8. Office 365 organization in the Exchange Management Console (EMC)   Add the Office 365 organization to the EMC. This will allow you to manage both the on-premises and cloud Exchange organizations from a single management console. Learn more at: Add an Exchange Forest
   
   
9. Exchange Web Services   Configure the ExternalURL parameter for the default Exchange Web Services (EWS) virtual directory with the externally accessible, fully qualified domain name (FQDN) of the hybrid Exchange 2010 SP2 Client Access server included in your hybrid deployment. Learn more at: Understanding Exchange Web Services Virtual Directories
   
   

   Important:
   Pre-authentication connections to the /EWS/exchange.asmx/wssecurity, /autodiscover/autodiscover.svc/wssecurity, and /EWS/MRSProxy.svc/wssecurity virtual directories must be turned off. Authentication for these virtual directories must use the Exchange federation trust certificate and federation claims.

10. Certificates   Install and assign Exchange services to a valid digital certificate purchased from a trusted certificate authority (CA). Although self-signed certificates can be used for the on-premises federation trust with the Microsoft Federation Gateway, self-signed certificates can’t be used for Exchange services in a hybrid deployment. The Internet Information Services (IIS) instance on the Client Access servers configured in the hybrid deployment must have a valid digital certificate purchased from a trusted certificate authority (CA). Additionally, the EWS external URL and the Autodiscover endpoint specified in your public DNS must be listed in Subject Alternative Name (SAN) of the certificate. The Hub Transport servers used for mail transport in the hybrid deployment must all use the same certificate (have matching certificate thumbprints).
    
    

After you’ve made sure your Exchange organization meets these requirements, you’re ready to use the New Hybrid Deployment wizard. For detailed guidance, see Create a New Hybrid Deployment.

In addition to the required prerequisites described earlier, other tools and services are beneficial when you’re configuring hybrid deployments with the Hybrid Configuration wizards:

• Remote Connectivity Analyzer tool   The Microsoft Remote Connectivity Analyzer tool checks the external connectivity of your on-premises Exchange organization and makes sure that you’re ready to configure your hybrid deployment. We strongly recommend that you check your on-premises organization with the Remote Connectivity Analyzer tool prior to configuring your hybrid deployment with the Hybrid Configuration wizard.
  
  Learn more at: Remote Connectivity Analyzer Tool
  
  
• Single sign-on   Although not a requirement for hybrid deployments, single sign-on enables users to access both the on-premises and cloud-based organizations with a single user name and password. Single sign-on provides users with a familiar sign-on experience and allows administrators to easily control account policies for cloud-based organization mailboxes by using on-premises Active Directory management tools. If you decide to deploy single sign-on with your hybrid deployment, we recommend that you deploy it in conjunction with Active Directory synchronization and before using the Hybrid Configuration wizards.
  
  Learn more at: Prepare for single sign-on