I have a hybrid setup with Exchange 2016 and Office 365. All of my mailboxes reside in the cloud and I only maintain my Exchange 2016 server to provide management for accounts that sync with AD Sync. When going to apply the security update for the ProxyLogon vulnerability, I discovered that our Exchange server had been exploited on 2/28. I have found no evidence of post exploitation activity, but I do not feel confident putting my Exchange server back online. In light of that, I would like to turn off AD Sync to my O365 org and remove my local Exchange org. Is it possible to remove the on-prem Exchange org manually after I disable the AD Sync? Are there specific pitfalls that make this more difficult/problematic than rolling back the on-prem to pre-exploit and removing Exchange gracefully? I understand that many things will need to be recreated in the cloud as a result, I'm just looking for some insight into removing my on-prem Exchange for good. Any advice is appreciated. Thank you.