Exchange Center

In the announcement that was part of the release of the most recent set of Cumulative Updates for Exchange Server 2019 and 2016, Microsoft introduced some changes – features if you will – which were received with enthusiasm. An overview of these changes was given in a recent ENow blog article: "Exchange Cumulative Updates - April 2022". However, I want take the discussion further and zoom in on one of those features, which also happens to be a popular topic for customers running Exchange Hybrid deployments: The Last Exchange Server.

On April 20, 2022 Microsoft released new Cumulative Updates: Exchange 2016 CU23 and Exchange 2019 CU12. The previous Cumulative Updates were released on September 28, 2021, more than 6 months ago.

Formerly known as “Cloud App Security”, Microsoft Defender for Cloud Apps is a Cloud Access Security Broker (CASB) that is part of the Microsoft 365 Defender suite of products. Defender for Cloud Apps (DCA) is built to help IT departments control the data that their organizations have hosted in multiple cloud services including but not limited to Office 365.

Happy New Year! With the recent change to the new year, a nasty bug similar to the Y2K bug (Y2K22?) appeared in Exchange 2016 and Exchange 2019. On 01/01/2022 at 0:00 hour UTC a date conversion failed inside the product, causing the anti-malware agent to fail. As a result, the Exchange transport service was no longer able to process email and mail started to queue on the Exchange server. This also happens on Exchange 2013, but email is not queued and therefore the issue is not directly visible.

Anyone who has participated in migrations or transitions to Exchange is probably familiar or had to work around potential issues caused by the nickname cache. A “cache,” also known by its file extension, NK2 in older Outlook clients, is a convenience feature in Outlook and Outlook on the web (OWA). It lets users pick recipients from a list of frequently-used recipients. This list is displayed when the end user types in the first few letters:

On September 28, Microsoft released their quarterly updates for Exchange Server:

Social media exploded when an ISV who specializes in security released a blogpost about a vulnerability they found in Autodiscover, the protocol that is used by mailclients to discover Exchange configuration and configure themselves. Outlook is the client that uses Autodiscover the most, but mobile clients and third party applications can use Autodiscover as well.

The best way to learn about any technology, and specifically Exchange Server, is to be as hands-on as can be. And the most effective way to be hands-on without risking your production environment is to build a separate test lab.

When it comes to cybersecurity, the threat landscape over the last 12 months has never been more complex and challenging. During Microsoft’s annual partner event, Microsoft Inspire, a strong emphasis was put on trust and security. According to Microsoft, they have been busy thwarting and tracking the following:

On-premises Exchange servers are still a thing, and with future versions of Exchange coming on-premises we can assume they still will be for some time to come and on-premises Exchange monitoring is recommended. If your organization still runs on-premises Exchange servers, then Datacenter Activation Coordination (DAC) is a feature you need to understand.