TL;DR: Microsoft shipped a new per‑mailbox capability that transfers the Source of Authority (SOA) for Exchange attributes to the cloud. Flip a switch (IsExchangeCloudManaged) and you can manage aliases, GAL visibility, custom/extension attributes, and many mailbox flags directly in Exchange Online for directory‑synced users—without keeping an on‑prem Exchange server (or EMT VM) just for recipient admin. Identity fields (name, title, UPN, etc.) remain mastered in on‑prem AD. Phase 2 adds write‑back of selected attributes to AD via Entra Cloud Sync. ✅

What changed—and why it matters

In traditional hybrid, Exchange attributes for directory‑synced users were authored on‑premises and pushed to the cloud via Connect/Cloud Sync. That’s the main reason many organizations kept a “last Exchange server” (or the Exchange Management Tools VM) after migrating user mailboxes to Exchange Online.

With the new feature, you can transfer the SOA for Exchange‑specific attributes to the cloud per mailbox, while keeping identity attributes in on‑prem AD. Practically, this means you can:

– Edit aliases (proxyAddresses) and primary SMTP in EXO

– Toggle Hide from address lists, moderation, audit, retention flags, room capacity, etc.

– Set CustomAttribute1‑15 and ExtensionCustomAttribute1‑5 from EXO

Phase 2 adds write‑back for selected attributes (e.g., proxyAddresses, CustomAttribute1‑15) to your on‑prem AD via Microsoft Entra Cloud Sync, keeping directories consistent even as you manage Exchange in the cloud.

How it works: the IsExchangeCloudManaged switch

– Per‑mailbox: Opt‑in by setting IsExchangeCloudManaged = $true on a directory‑synced mailbox.

– Where you manage: After the switch, Exchange attributes are managed in EXO PowerShell, Exchange admin center (EAC), or Microsoft 365 admin center.

– Identity still on‑prem: displayName, department, manager, telephoneNumber, userPrincipalName, etc. remain on‑prem authored.

– Reversible: You can set it back to $false if needed.

Think of it as moving Exchange‑side ownership to the cloud while keeping identity‑side ownership on‑prem. Clean separation, fewer moving parts. 💡

Prerequisites & guardrails

– Directory sync:

  – Today: Microsoft Entra Connect Sync (Connect) is supported.

  – Phase 2: Microsoft Entra Cloud Sync will enable write‑back for selected Exchange attributes.

– Roles: RBAC roles such as Exchange Administrator, Recipient Management, or Organization Management can toggle and manage attributes.

– Change timing: If you just changed attributes on‑prem with Set-RemoteMailbox, allow a full sync cycle (and, prudently, up to 24 hours) before flipping the switch.

– Rollback: Revert per mailbox with IsExchangeCloudManaged = $false (document cloud‑only changes you need to preserve).

Enable it for selected mailboxes

Pick 5–20 mailboxes (include at least one shared and one room), verify they are dir‑synced and hosted in EXO, and then:

PowerShell commands:

# 1) Connect to Exchange Online

Connect-ExchangeOnline

# 2) Enable cloud management of Exchange attributes (per mailbox)

Set-Mailbox -Identity [email protected] -IsExchangeCloudManaged $true

# 3) Verify the switch

Get-Mailbox -Identity [email protected] |

  Format-List Identity,IsDirSynced,IsExchangeCloudManaged

# 4) Report: all dir-synced mailboxes now cloud-managed

Get-Mailbox -ResultSize Unlimited |

  Where-Object { $_.IsDirSynced -eq $true -and $_.IsExchangeCloudManaged -eq $true } |

  Select-Object DisplayName,PrimarySmtpAddress,IsExchangeCloudManaged

# Rollback (if needed):

Set-Mailbox -Identity [email protected] -IsExchangeCloudManaged $false

Closing thoughts

This is the update many hybrid customers (and consultants) have been waiting for. We can move recipient admin to the cloud today, and plan for clean write‑back tomorrow—without compromising hybrid identity. If “keep a tiny Exchange server just to change aliases” has been on your technical‑debt list, you’ve now got permission (and tooling) to retire it thoughtfully. 💪

FAQ

Q: Which attributes move to cloud ownership?
A: Many Exchange attributes including proxyAddresses, WindowsEmailAddress, HiddenFromAddressListsEnabled, moderation/audit/retention flags, CustomAttribute1‑15, and ExtensionCustomAttribute1‑5. Identity fields (e.g., displayName, manager, telephoneNumber, UPN) stay on‑prem authored.

Q: Is this only for user mailboxes?
A: It applies to user, shared, room, and equipment mailboxes that are directory‑synced and hosted in EXO.

Q: Can I roll back?
A: Yes—per mailbox via IsExchangeCloudManaged = $false. Document cloud‑side changes you wish to retain before rollback.

Q: Do I still need directory sync?
A: Yes. This feature separates Exchange attribute ownership from identity ownership. Directory sync remains for identity and (in Phase 2) for write‑back of selected Exchange attributes.

---

References

• Microsoft announcement (post): https://techcommunity.microsoft.com/blog/exchange/introducing-cloud-managed-remote-mailboxes-a-step-to-last-exchange-server-retire/4446042?wt.mc_id=M365-MVP-4020462
• Microsoft documentation (Learn): https://learn.microsoft.com/en-us/exchange/hybrid-deployment/enable-exchange-attributes-cloud-management?wt.mc_id=M365-MVP-4020462