OAuth Certificates with Hybrid Exchange
Older versions of Microsoft Exchange in a hybrid configuration with Exchange Online (EXO) used a federation trust to authenticate connections for free/busy information. Newer hybrid deployments of Exchange 2016/2019 use OAuth authentication instead of federation. OAuth authentication is reliant on the Auth certificate in your on-premises Exchange. This certificate is created automatically with a lifetime of 5 years when you install Exchange Server on-premises. If this certificate has been replaced, then you also need to update Azure AD with the new certificate information. The simplest way to update the information is by running the hybrid wizard again after you update the Auth certificate. I wrote a previous post about renewing/updating the Exchange Server Auth certificate here: http://byronwright.blogspot.com/2018/05/expired-microsoft-exchange-server-auth.html If you update the Exchange Server Auth certificate and forget to update the information in Azure AD, you are likely to see fr