Hi All,
this is a Quick Guide to Skype for Business On-Prem and Online Hybrid Setup.
It is based on this TechNet article:
https://technet.microsoft.com/en-us/library/jj205403.aspx
I assume your SfB On-Prem deployment is fully functional.
1. First of all, you need to be sure to have these Internal DNS Records for every SIP Domains of your SfB On-Prem deployment
| _sip._tls.<SIP DOMAIN> | SRV | 0 0 443 sip.<SIP DOMAIN> |
| _sipfederationtls._tcp.<SIP DOMAIN> | SRV | 0 0 5061 sip.<SIP DOMAIN> |
2. Plus to point #1, you have to add this/these record(s) to your Internal DNS
| DNS A record(s) for Edge Web Conferencing Service FQDN, e.g. webconf.contoso.com resolving to Web Conferencing Edge external IP(s) or External DMZ IP(s) depending on your Firewall | Internal corporate network connected users’ computers | Enable online users to present or view content in on-premises hosted meetings. Content includes PowerPoint files, whiteboards, polls, and shared notes. |
More info here: Plan hybrid connectivity DNS settings
Prevent this issue: Online users can’t present content in on-premises hosted meetings in a Skype for Business hybrid deployment
3. Connect to SfB Online via PowerShell (Manage Skype for Business Online with Office 365 PowerShell)
Remember to use a “.onmicrosoft.com” account to avoid connection issue
4. Run this command to check the Tenant configuration (save output for documentation purpose)
Get-CsTenantFederationConfiguration
5. Run this command to enable Hybrid configuration on your Tenant
Set-CsTenantFederationConfiguration -SharedSipAddressSpace $True
6. Run this command on your On-Prem Front-End to check EDGE configuration
Get-CsAccessEdgeConfiguration
Identity : Global
AllowAnonymousUsers : True
AllowFederatedUsers : True
AllowOutsideUsers : True
BeClearingHouse : False
EnablePartnerDiscovery : True
DiscoveredPartnerVerificationLevel : UseSourceVerification
EnableArchivingDisclaimer : True
EnableUserReplicator : False
KeepCrlsUpToDateForPeers : True
MarkSourceVerifiableOnOutgoingMessages : True
OutgoingTlsCountForFederatedPartners : 4
DnsSrvCacheRecordCount : 131072
DiscoveredPartnerStandardRate : 20
EnableDiscoveredPartnerContactsLimit : True
MaxContactsPerDiscoveredPartner : 1000
DiscoveredPartnerReportPeriodMinutes : 60
MaxAcceptedCertificatesStored : 1000
MaxRejectedCertificatesStored : 500
CertificatesDeletedPercentage : 20
SkypeSearchUrl : https://skypegraph.skype.com/search/v1.0
RoutingMethod : UseDnsSrvRouting
If settings are not as above, run this command to set it correctly
Set-CSAccessEdgeConfiguration -AllowOutsideUsers $true -AllowFederatedUsers $true -UseDnsSrvRouting -EnablePartnerDiscovery $true
7. Run this command on your On-Prem Front-End to check existing Hosting Providers,
Get-CsHostingProvider
find the one with ProxyFqdn = sipfed.online.lync.com
Identity : Skype for Business Online
Name : Skype for Business Online
ProxyFqdn : sipfed.online.lync.com
VerificationLevel : UseSourceVerification
Enabled : True
EnabledSharedAddressSpace : True
HostsOCSUsers : True
IsLocal : False
AutodiscoverUrl : https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root
8. If some settings are different from above, remove the existing Hosting Provider and run this command to create the correct one
New-CSHostingProvider -Identity "Skype for Business Online" -ProxyFqdn "sipfed.online.lync.com" -Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root
9. Now open the SfB Control Panel and click on Set up hybrid with Teams and Skype for Business Online
10. You will probably find “Federation with Office 365 is not configured”, click Next
after few seconds the federation will be marked as green
Now your hybrid configuration should work (if not, double check previous steps)
As always, I hope to help some of you.
Regards
Luca
Luca Vitali [MVP] 
Is it absolutely necessary to have hybrid setup done to move users from S4B on-premise to Teams. I would believe it is required for federation purposes only. Users are already synced using Azure AD to Teams.
LikeLike
Without Hybrid setup you cannot do a clean move of the users from SfB On-Prem to SFBO then Teams, for example the move ov SfB Contacts. If loosing SfB Contacts list is acceptable for you and your users, you can do a cut-off move to Teams even without Hybrid.
LikeLike
Thanks Luca. Do you have a blog where all the steps for a cut and move are documented. Essentially bypassing hybrid.
LikeLike
Hi Luca, We have completed everything like you described. At the login page in the UI we use a .onmicrosoft.com tenant admin account but we see that the account get’s logged out. Is this something that you know of?
Hope to hear from you soon.
Rgds,
Redjesh Behari
LikeLike
Hi,
are you using an account with the Global Admins rights? Have you installaed the latest Microsoft Teams PowerShell module? If you still have issue, I suggest to open a Microsoft support ticket.
Best.
Luca
LikeLike
Hi Luca, Yes it is a global admin account and it’s only in the UI of the control panel that we see the account get’s logged out. I’m not sure wether we use the latest powershell version and if that has anything to do with the Control panel UI of SfB but i’ll check on that.
Coming to think of the issue: it might be just the default login timeout that is responsible for the Control panel’s login that is logging out?
LikeLike
I am running Skype for Business Server 2019 in my environment and have been trying to get it connected to teams. All the powershell settings you listed match what I have, but when I get to the control panel part and click next on federation with office 365 is not configured, instead of getting a green check mark I get an error that says “object reference is not set to an instance of an object.”
LikeLike
Hi Joey,
sorry but I’ve not worked with SfB 2019 anymore, I cannot help you.
LikeLike