Exchange Center

As an Exchange admin you could not have missed it – The Microsoft Exchange Conference 2022. I have always been a big fan of the smaller, dedicated Microsoft conferences since it gives you the ability to learn more in-depth about the product and interact with peers and the Microsoft product group. Because of the pandemic all in-person events were cancelled, but it seems in-person events are getting back slowly. Unfortunately, MEC was still a virtual event.

Microsoft Exchange Server has been around for more than 25 years. To promote Exchange and to help Exchange admins Microsoft organized the Microsoft Exchange Conference or MEC for a long time.

Microsoft has released Security Updates (SUs) for Exchange 2013, Exchange 2016 and Exchange 2019 that address security vulnerabilities rated ‘Critical’ (Elevation of Privileges) and ‘Important’ (Information Disclosure).

Yesterday, the Exchange Product made several announcements related to Exchange Server. The overall message throughout these announcements can be interpreted as that Microsoft is publicly declaring to be committed to developing and supporting the Exchange Server product. This is especially of interest to those customers running it as part of their on-premises infrastructure and assuring those that believe the road ahead was a dead end, eventually forcing them to move to Exchange Online, or look for alternatives.

By now you must be aware that Microsoft will turn off basic authentication in Office 365 later this year and that will hit Exchange Online severely. It’s not a big deal when it comes to mail clients or the administrator console (EAC), but automation using PowerShell scripts will be impacted and I recently ran into such an issue.

The value proposition for the services in the EM+S E5 suite does not seem like it has been convincing to customers for a while now. Over the last year or so, Microsoft has been putting a lot of work into the Defender services to improve that value proposition, and to provide a better technical security solution for Microsoft 365 customers.

In the announcement that was part of the release of the most recent set of Cumulative Updates for Exchange Server 2019 and 2016, Microsoft introduced some changes – features if you will – which were received with enthusiasm. An overview of these changes was given in a recent ENow blog article: "Exchange Cumulative Updates - April 2022". However, I want take the discussion further and zoom in on one of those features, which also happens to be a popular topic for customers running Exchange Hybrid deployments: The Last Exchange Server.

On April 20, 2022 Microsoft released new Cumulative Updates: Exchange 2016 CU23 and Exchange 2019 CU12. The previous Cumulative Updates were released on September 28, 2021, more than 6 months ago.

Back in September 2019, Microsoft announced it would start to turn off Basic Authentication for non-SMTP protocols in Exchange Online on tenants where the authentication protocol was detected as inactive. This is part of an overall movement to deprecate the less secure Basic Authentication, which is unfit to face the security challenges of the modern world, being subject to things like password spray attacks. It's modern successor, modern authentication or OAuth2, uses a token and claim based mechanism contrary to sending accounts and passwords, and is the preferred authentication method. When combined with Azure AD for authentication, Modern Authentication also supports features such as Multi-Factor Authentication or Conditional Access.

Formerly known as “Cloud App Security”, Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that is part of the Microsoft 365 Defender suite of products. Defender for Cloud Apps (DCA) is built to help IT departments control the data that their organizations have hosted in multiple cloud services including but not limited to Office 365.