Why Are IT Teams Still Struggling With On-Premise Local Exchange Servers When Exchange Online Cloud-Managed Remote Mailboxes Exists?

Could Cloud Management Be the Ultimate Solution to Your Frustrating Hybrid Exchange Problem?

Many companies face a common challenge. You moved all your email mailboxes to the cloud using Microsoft’s Exchange Online. This was a big step. It was supposed to simplify your IT work. It was meant to free you from managing physical servers in your office. Yet, a problem remains. You still have one local Microsoft Exchange server running. It sits there, needing power, maintenance, and security updates. It feels like a final, stubborn anchor to your old way of doing things.

This last server doesn’t handle email anymore. Its only job is to manage user settings. This situation has been a source of difficulty for IT administrators for years. Now, Microsoft has introduced a feature designed to finally cut that anchor. It is called “Cloud-Managed Remote Mailboxes.” This guide will explain the problem, explore the new solution, and advise you on what it means for your organization.

The Core Problem: Why Do You Still Need a Local Exchange Server?

To understand the solution, you must first understand the problem in detail. When your company uses both a local system (like Active Directory) and a cloud system (like Microsoft 365), you are in what is called a “hybrid environment.” Your user identities—names, phone numbers, departments—are created and managed on your local server, your Active Directory (AD). This information is then copied, or synchronized, to the cloud.

This setup works well for most things. But it creates a specific issue for email management. In a hybrid environment, the local system is considered the “source of authority.” Think of it as the master copy. Any changes you want to make to certain user email settings must be done on this master copy. You cannot change them directly in the cloud, even though the mailboxes are in the cloud.

What kind of settings are we talking about?

• Email Aliases: Creating additional email addresses for a user (like [email protected] alongside [email protected]).
• Address Book Visibility: Hiding a specific mailbox, like a service account, from the company’s global address list.
• Mailbox Quotas: Setting storage limits for a specific user.
• Forwarding Rules: Automatically forwarding emails sent to one user to another.

If an IT administrator tries to change these settings in the Exchange Online admin center, they will receive an error. The system effectively says, “No, you can’t change this here. The local server is in charge. Go make the change there.”

So, administrators must log into the local Exchange server. They make the change there. Then, they wait for the synchronization process to copy that change to the cloud. This process works, but it is inefficient. It forces your company to maintain a local Exchange server just for these administrative tasks. This single server still requires licensing, patching against security threats, and general upkeep. It is a costly and complex dependency for a task that feels like it should be manageable in the cloud.

The Looming Deadline and Past Attempts

The need for a solution has become more urgent. Mainstream support for Microsoft Exchange Server 2016 and 2019 is scheduled to end in October 2025. This means no more feature updates and, more importantly, no more routine security patches. Running a server without security support is a major risk. This deadline puts pressure on companies to finally decommission that last, lingering server.

Microsoft knew about this problem. In 2022, they offered a partial solution. They released updated management tools for Exchange Server 2019. These tools allowed administrators to manage those user settings without a full Exchange server running. You could install these tools on a regular computer connected to your local network.

However, this was not a perfect fix.

1. It Was Complicated: Using these tools required deep knowledge of PowerShell, a command-line scripting language. There was no simple, user-friendly interface.
2. It Lacked Oversight: The tools did not provide good logging or monitoring. It was hard to track who made what change and when. This is a significant issue for security and compliance.
3. It Still Felt Local: You were still making the changes on a local machine, not directly in the cloud where the mailboxes live.

The goal remained clear: administrators needed a way to manage all email-related settings directly in Exchange Online, even for users whose identities came from a local Active Directory.

The New Solution: Cloud-Managed Remote Mailboxes

On August 20, 2025, Microsoft announced the feature designed to be the true solution. “Cloud-Managed Remote Mailboxes” fundamentally changes where the “source of authority” for email settings lies. It allows you to move this authority from your local server to the cloud on a user-by-user basis.

Here is how it works. Microsoft introduced a new property for each mailbox called IsExchangeCloudManaged. This property acts like a switch.

• By default, for all existing synchronized users, this switch is set to False. This means the local server remains in charge, just as it is today. Nothing changes until you decide to act.
• You can change this switch to True for a specific user. When you do this, you are telling Microsoft 365, “From now on, I will manage the email settings for this person directly in the cloud.”

When IsExchangeCloudManaged is set to True for a user, a clear separation of duties occurs:

• Exchange Attributes are managed in the cloud. You can now use the simple graphical interfaces in the Exchange Admin Center or Microsoft 365 Admin Center to change email aliases, forwarding, and other mailbox settings. These changes are saved and applied directly in the cloud. They will not be overwritten by the local directory synchronization.
• Identity Attributes are still managed locally. Core identity information, like a user’s name, job title, or phone number, continues to be controlled by your local Active Directory. The local server remains the “master copy” for who the person is, but not for how their email works.

This feature gives you the best of both worlds. You maintain central control over user identities in your local AD, which many organizations require for security and structural reasons. But you get the freedom to manage email settings in the modern, cloud-based way.

The Two-Phase Rollout Plan

Microsoft is releasing this powerful new feature carefully in two phases to ensure a smooth transition for businesses.

Phase 1: Individual Control and Testing (Available Now)

This initial phase is about giving you control and letting you get comfortable with the new process.

• Per-Mailbox Management: You can choose specific users and “flip the switch” for them by setting IsExchangeCloudManaged=True. This is perfect for running a pilot program. You can test the process with a small group of users or your IT team first.
• Reversibility: During Phase 1, you can also flip the switch back. If you encounter an issue or change your mind, you can set IsExchangeCloudManaged=False, and management authority will return to your local server.
• Future Organization-Wide Setting: Soon, an organization-level setting will be introduced. This will allow you to set all newly created users to be cloud-managed by default, simplifying the onboarding process for new employees.

Phase 1 allows you to start exploring and planning your move away from the local Exchange server without making an irreversible, company-wide change all at once.

Phase 2: Writeback and Deeper Integration

Phase 2 will add a critical piece of functionality: attribute writeback.

Imagine you add a new email alias to a user in the cloud. What about your local Active Directory? It is now out of date. It doesn’t know about this new alias. “Writeback” solves this. It synchronizes certain changes you make in the cloud back to your local Active Directory.

This ensures that your local directory remains an accurate record. For example, if a security tool or application on your local network needs a complete list of all email addresses, writeback ensures that list is correct. To use this writeback feature, your organization will need to use Microsoft’s newer synchronization tool, Entra ID Cloud Sync.

Microsoft will provide more details on this second phase later. The key takeaway is that they have a plan to ensure consistency between your cloud and local environments even after you move management to the cloud.

What This Means for You: A Practical Plan

This new feature is a significant step forward. If you are one of the many organizations running a hybrid environment with a final on-premise Exchange server, you now have a clear and supported path to shutting it down for good.

Here is what you should consider doing now:

1. Learn and Understand: Read Microsoft’s official documentation on this feature. Make sure your IT team understands how IsExchangeCloudManaged works and the difference between Exchange attributes and identity attributes.
2. Identify a Pilot Group: Do not switch everyone at once. Select a small, low-risk group of users for a pilot test. This could be the IT department itself or a handful of tech-savvy volunteers.
3. Test the Process: For your pilot group, change the IsExchangeCloudManaged property to True. Go through the common tasks you would normally perform on your local server. Add an alias. Hide a user from the address list. Change a setting. Confirm that it all works as expected from the Exchange Online admin center.
4. Plan Your Full Migration: Once your pilot is successful, create a project plan for migrating all your users. You might do this department by department or in batches. Communicate with your organization about the change, even though it should be seamless for end-users.
5. Decommission Your Last Server: After all user mailboxes are set to be managed in the cloud, and you have confirmed everything is stable, you can begin the process of properly and safely decommissioning your last on-premise Exchange server. Follow Microsoft’s official procedures to remove it from your environment cleanly.

By finally removing this last server, you reduce complexity, lower costs, and shrink your security footprint. You can focus your resources on modern, cloud-based management, which is where the future of IT administration lies. This is not just a technical update; it is an opportunity to simplify your infrastructure and complete your journey to the cloud.