Exchange Center

Recently, Microsoft published a small update on Servicing Exchange. Being a Microsoft Office 365 Apps and Services MVP and Exchange consultant, I pretty much know what’s going on and coming up, but I didn’t see this one coming.

Earlier this year, Microsoft announced that the quarterly updates for Exchange server changed to a bi-annual update, now called for example H1 2022 and H2 2022. So, Exchange 2019 Cumulative Update 12 (CU12) which was released in the spring of 2022 is now also referred to as Exchange 2019 H1 2022. We were expecting a new update for Exchange late this year, but Microsoft announced that there will not be a new update this year, and that the update for Exchange 2019 will be released early 2023 and will be called H1 2023.
More important, the H1 2023 update will only be released for Exchange 2019. Exchange 2016 is out of mainstream support as of October 2020 and no more cumulative updates will be released, only security updates will be released.

If you are still running Exchange server 2016 on-premises and planning to do so for a longer period of time, you should consider upgrading to Exchange 2019. This way you can take advantage of the ongoing developments in Exchange server like the Modern Authentication update that is coming. Also, Exchange hybrid developments are in Exchange 2019 and not in Exchange 2016 anymore.

Exchange 2013 will be out of support in April 2023. If you are still running Exchange 2013 you must move to something else, whether it be Exchange Online or Exchange 2019. Out of support means no more security updates and that’s a risk you don’t want to take.

This week Microsoft released new security updates for the following Exchange versions:

• Exchange server 2013 CU23
• Exchange server 2016 CU22 and CU23
• Exchange server 2019 CU11 and CU12

On October 11, 2022, Microsoft unexpectedly released new Security Updates (SUs) for Exchange 2013 CU23, Exchange 2016 (CU22 and CU23) and Exchange 2019 (CU11 and CU12).

Early August 2022, the Vietnamese organization GTSC Cyber Security noticed anomalies in their SOC and they discovered their Exchange servers were under attack. They quickly determined the attack utilized an unpublished Exchange security vulnerability. Due to earlier Exchange attacks GTSC quickly uncovered the vulnerability and Microsoft was informed about the vulnerability at this time. Microsoft needed some time as well for investigation and remediation, but the Exchange world was made aware of potential 0-day vulnerabilities this Thursday (09/29) through the following tweet by security researcher Kevin Beaumont:

Android OS – Changing from basic auth to modern auth connectivity on your Android mobile device. (To learn more about changing on iPhone, click here)

In earlier post on this blog we discussed Microsoft turning off basic authentication and what you must do on an iPhone or Android to change to modern authentication. The last blog about clients is this one, where we discuss how to reconfigure Outlook for Mac to use Modern Authentication.

MacOS comes with a native mail client which is not very different compared to the native mail client in iOS for example. For use with Exchange Online, the Outlook for Mac client is strongly recommended (and most used).

If your Outlook for Mac stops working somewhere in October because of Microsoft turning off basic authentication, it is just a matter of recreating the profile in Outlook. Multi-Factor Authentication is not enforced when Microsoft is moving from basic authentication to modern authentication, but it is strongly recommended to start using multi-factor authentication because it reduces the risk of being hacked dramatically. This is discussed in a future blog (soon).

To ensure that you continue to receive emails on Outlook for Mac, we need perform the following steps:

iOS – Changing from basic auth to modern auth connectivity on your Apple device. (To learn more about changing on Android, click here)

Microsoft will stop support for basic authentication in Office 365 starting October 1, 2022. Uhm, that’s a week from the time of writing. That sounds scary, but Microsoft is already stopping basic authentication for tenants for quite some time, so chances are that it is already turned off for your organization.

As an Exchange admin you could not have missed it – The Microsoft Exchange Conference 2022. I have always been a big fan of the smaller, dedicated Microsoft conferences since it gives you the ability to learn more in-depth about the product and interact with peers and the Microsoft product group. Because of the pandemic all in-person events were cancelled, but it seems in-person events are getting back slowly. Unfortunately, MEC was still a virtual event.

Microsoft Exchange Server has been around for more than 25 years. To promote Exchange and to help Exchange admins Microsoft organized the Microsoft Exchange Conference or MEC for a long time.