How to deploy CodeTwo signature software in a hybrid environment
You are looking for the best way to implement CodeTwo email signature software in your hybrid Exchange environment.
Since the architecture of CodeTwo Email Signatures 365 and CodeTwo Exchange Rules (including the Pro version) is completely different, the type of software you can use mostly depends on the location of user mailboxes in your organization. The two simplest scenarios assume that the mailboxes are stored either in the cloud or locally (on-premises), with some minor exceptions allowed.
If it's not possible for you to move all mailboxes to just one part of your hybrid environment, you can still use more advanced options with Centralized Mail Transport or use both CodeTwo programs simultaneously.
See the information below to decide which scenario is best for you.
- Hybrid environments with the majority of mailboxes in one location (a local server or cloud)
- Hybrid environments with mailboxes located both in the cloud and on-premises
You do not need to make the decision on your own. If you have any doubts or concerns, you can always contact our Support Team to analyze the most suitable options for your environment.
The following two points should address the needs of most hybrid environments, where the majority of mailboxes reside in the same (on-premises or cloud) part of an Exchange organization. Unifying the location of mailboxes simplifies the configuration of every software product that processes email messages, including CodeTwo software.
If most of your mailboxes are in the cloud but you still want to keep the hybrid configuration, the best option for you is to use CodeTwo Email Signatures 365. If any mailboxes remain in the on-premises (local) part of your organization, you can use CodeTwo Exchange Rules software just for them, migrate them to the cloud later, or completely exclude them from processing by CodeTwo software.
If you have your mailboxes in the cloud but prefer to use CodeTwo Exchange Rules (or Exchange Rules Pro) due to the software's architecture or additional features (especially the Pro version), you can use it instead of CodeTwo Email Signatures 365. Note that this scenario requires centralized mail flow (Centralized Mail Transport) in your organization, which may not fit the needs of every environment.
Learn more about hybrid deployment of CodeTwo Exchange Rules Pro (these guidelines apply to all current versions of programs from the CodeTwo Exchange Rules software family).
If your mailboxes are located only in the on-premises (local) part of your environment, use software from the CodeTwo Exchange Rules family to add email signatures. This software uses a transport agent connected to the Microsoft Exchange Transport service. Since all your mailboxes exist locally, all your messages are routed through the on-premises server without any additional configuration.
If some of your mailboxes are in the cloud (but the majority resides on-premises), and you want to use your CodeTwo Exchange Rules software to process emails sent from these mailboxes, you need to route these emails through your on-premises mail servers. For details, see the user's manual: CodeTwo Exchange Rules Pro / CodeTwo Exchange Rules.
If mailboxes in your environment are currently spread between your Office 365 tenant and the on-premises part of your environment, and it's not possible for you to move (migrate) them to a single location before you implement CodeTwo software, then you should consider two options:
Enable Centralized Mail Flow (also known as Centralized Mail Transport or CMT) in your environment and configure an additional transport rule. The idea is to make your on-premises Exchange server responsible for the processing of all messages. The CMT configuration will route all outgoing messages through your local (on-premises) server, where they will be processed by CodeTwo Exchange Rules. If you want to use CodeTwo Email Signatures 365 only and route external emails through your on-premises environment, check this article to learn how to do so. Additionally, you can set up an Exchange transport (mail flow) rule that forwards all internal emails sent between Office 365 (cloud-only) mailboxes through the on-premises server, which does not happen with standard CMT configuration. To learn more about this deployment, see the manual of your CodeTwo software: CodeTwo Exchange Rules Pro / CodeTwo Exchange Rules.
- If you cannot use Centralized Mail Flow in your environment (e.g. because you need to ensure your messages are delivered using a smart host), you can either:
- configure CodeTwo Email Signatures 365 to handle the entire environment, or
- use it with CodeTwo Exchange Rules (or the Pro version) to work together.Additionally, to integrate both CodeTwo programs, you need to manually create a distribution group that contains the people in your organization who have mailboxes in the cloud. This group needs to be available to both your on-premises organization and your Office 365 (cloud) organization. To achieve that, you need to create the group in your local Active Directory and then synchronize it to your Microsoft Entra ID (Azure Active Directory). Note that if the location of any mailbox changes over time, you will need to update the group accordingly. See these guidelines if you find such solution appropriate for your environment.
The latter scenario should be applied only to certain types of environments because it requires advanced configuration and constant monitoring. Double-check if keeping all mailboxes in the same location or using Centralized Mail Transport is not a better option for your environment.
The principle underlying this idea of configuration is that both migrated users (with mailboxes in your Microsoft 365 tenant) and non-migrated ones (with mailboxes on the on-premises part of your environment) get Outlook (client-side) signatures via CodeTwo Signatures Add-in for Outlook (the legacy COM Add-in).
From the administering viewpoint, the main advantage of such a set-up is that you don’t need to buy and use two separate products. This way, the configuration is simpler and if you plan to move to the cloud, CodeTwo Email Signatures 365 will require only a minimum reconfiguration.
This solution is also beneficial for end-users. They have greater control over composing emails by being able to preview their signature using the same legacy COM Add-in. With CodeTwo Exchange Rules (Pro), they wouldn’t be able to use this feature.
For this configuration to work, you need to set up your environment as follows:
- Create a Microsoft 365 group in your cloud environment and populate it with the users already migrated to the cloud (with mailboxes in your Microsoft 365 tenant) who are to get signatures. You can name it e.g. Cloud-Mailboxes.
- Export the users whose mailboxes are still located on on-premises Exchange Server(s) and import them to your Microsoft 365 tenant, as described here but without assigning a license. Notify the users about their Microsoft 365 credentials, as they will need them later in step 6.
Microsoft 365 user accounts created as highlighted in step 2 will not be automatically synchronized with your on-premises environment. To synchronize them manually, you need to follow instructions from this article.
- Create a mail-enabled security group in your on-premises environment and populate it with the users from step 2. You can name it e.g. OnPrem-Mailboxes.
- Deploy CodeTwo Email Signatures 365 for your Microsoft 365 tenant, as highlighted in this video. Remember to choose Outlook (client-side) mode when registering your tenant – only that way, your on-premises users will be able to get signatures.
- Deploy the legacy CodeTwo Signatures Add-in for Outlook (COM Add-in) to both:
- cloud users from step 1 (the Cloud-Mailboxes group) using Microsoft Intune, and
- on-premises users from step 3 (the OnPrem-Mailboxes mail-enabled security group) via GPO, as shown here.
For these instructions to work, you must use the legacy COM add-in for on-premises users. In the case of cloud users, you can alternatively deploy the modern CodeTwo Signatures Web Add-in for Outlook via the Microsoft 365 admin center. Just remember that you shouldn’t deploy the legacy add-in together with the modern add-in for the same user because the add-ins may interfere with each other.
- Ask the users for whom you’ve deployed the legacy add-in (see previous step) to sign in to the add-in, using their Microsoft 365 credentials. For details how to use the add-in, consult this article.
- Finally, open the signature management app, and create Outlook (client-side) signature rule(s) for your users, adding them on the Senders tab. You will be able to pick both the licensed users (with a cloud mailbox) as well as unlicensed ones (without a cloud mailbox).
Once you complete these steps, your cloud and on-premises users will get CodeTwo Outlook signatures. Additionally, they will be able to see their signature as they type their message in Outlook.
The above discussed configuration using the legacy COM Add-in for all the users is the simplest one. Still, if you want, you can also configure CodeTwo Email Signatures 365 to add cloud (server-side) signatures for your cloud users. For that to work, you need to:
- choose the combo mode when registering your tenant (see step 4),
- instead of deploying the COM Add-in for the Microsoft 365 users (step 5), simply set up cloud (server-side) signature rule(s) for them, and
- if you want them to be able to preview cloud signatures (just like on-prem ones), additionally deploy CodeTwo Signatures Web Add-in for Outlook for them.
How to use both CodeTwo Email Signatures 365 and CodeTwo Exchange Rules (or Exchange Rules Pro) in the same environment
The idea of this configuration is based on the following principles:
- CodeTwo Email Signatures 365 adds signatures for people with mailboxes in your Microsoft 365 (Office 365) tenant since the software is optimized for Microsoft 365.
- CodeTwo Exchange Rules adds signatures for people with mailboxes on the on-premises part of your environment since all emails originating from there are processed using Exchange Transport Service, to which the CodeTwo software is connected.
To achieve such a configuration, follow these steps:
- In your local Active Directory, create a new universal distribution group for people with mailboxes in the cloud (Office 365), and name it accordingly (e.g. CloudMailboxes).
- Add members to this group: you need to add only those people in your organization who have their mailboxes in the cloud and are also supposed to get email signatures.
If you have already implemented CodeTwo Email Signatures 365 in your organization, then you probably already have such a group. If so, make sure that all its members have their mailboxes in the cloud.
- Make sure the group is synchronized to your Entra ID (Azure AD).
- Now you need to exclude this group from being processed by your CodeTwo Exchange Rules software. To do that, open the Administration Panel of CodeTwo Exchange Rules and create a new empty email rule.
- Name it, for example Exclude cloud mailboxes.
- Move the rule to the top of the list of rules so that it's executed as the first one.
On the Conditions tab, add your newly created AD group (here: CloudMailboxes, as shown in Fig. 3.).
- Leave the Actions tab unmodified (skip it).
- On the Options tab, select If this rule is applied > stop processing next rules.
- Submit your changes. Creating and saving this rule will prevent your CodeTwo Exchange Rules software from processing any messages that originate from your Office 365 tenant (i.e. from the mailboxes located in the cloud).
- Now you need to reconfigure the scope of senders whose emails will be routed through the CodeTwo Email Signatures 365 service so that it only includes the newly created group. You can reconfigure the senders' scope automatically, or you can do it manually.
- For manual configuration, sign in to the Exchange admin center (EAC).
- Navigate to Mail flow > Rules and click CodeTwo Exchange transport rule to select it. In the pane that opens, click the Edit rule conditions button to start editing the rule.
Modify the rule's conditions to make sure that the scope of senders is limited to the members of your newly created group (Fig. 4.).