‘Last Exchange Server’ Scenario Feedback

while the already mentioned issues with SMTP relay (we have WinServer default SMTP (deprectated) in place), and software/hardware not capable to use TLS(1.2) etc apply for us as well, we use mailboxes on-prem for our Admin-Accounts.

While yes, we know an Admin should not have a mailbox etc... We were unable to figure out a 'good' solution. Any solution has its drawbacks of any sort and you go in circles and won't find an exit.

So we are using a regular non-permission account for the 'B*S* stuff' and 'elevated accounts' for the 'Admin stuff'. Both on-prem AD and synced up to EntraID. The Admin accounts are also used for the admin stuff in M365 of all sorts. with that - basically everything in M365/Azure sends a mail... but to your admin account. Due to the sync, you can not tell your admin account to use the same email address as your regular account as well as not set your admin mail address as alias to your regular account. you get a conflict. Having shared mailboxes (or even licenced ones) in EXO for admins - not good practice and i think in the long run you get in trouble. Having admin accounts for on-prem and online stuff separated... extremely clunky. Having the admin account being a mail-user -> sync conflict again.

So our solution here is to use on-prem mailboxes for the admins and let the mails forward to the regular account. We found this the least intrusive and best compromise.

My wish to MS: let us somehow define the same emailaddress for the admin accounts (maybe an attribute in AD on the admin account for a fallback-mailaddress or something like that, that then is used in the M365/Azure world to send mails to, so they would appear in the regular mailbox).

Other than that - any idea to solve that kind of 'hen-egg problem' is welcome. I know, if you have a standlone online admin account, you simply fill the mailfield with your mail address and it works without running into a conflict (at least it was in the past). why - no idea.