Microsoft’s new feature in Exchange Online will soon make it impossible for unsupported or unpatched on-premises Microsoft Exchange servers to use the Exchange Online hosted cloud service to deliver email. The software company is enabling a transport-based enforcement system in Exchange Online to address the problem of persistently vulnerable Exchange servers that cannot be trusted. In this article, we will discuss how this enforcement system works and what it means for IT admins.
The new enforcement system has three primary functions: reporting, throttling, and blocking. The system alerts an admin about unsupported or unpatched Exchange servers in their on-premises environment that need remediation (upgrading or patching). If a server is not remediated or upgraded, mail flow from that server will be throttled and eventually blocked.
When Exchange Server admins log onto Exchange management tools, they will see notifications about unsupported or out-of-date servers. Emails sent from persistently vulnerable servers are a danger to all Exchange Online cloud instances as well as email recipients.
The progressive enforcement actions are designed to escalate until the vulnerable Exchange servers are remediated by removal from service or patching. The stages involve increasing periods of just throttling or throttling and blocking. If the admin of a server hasn’t moved to patch or upgrade the server in 90 days, Exchange Online will no longer accept any messages from the server.
Microsoft won’t end support for newer versions of Exchange servers. Customers are not required to replace unsupported versions of Exchange with a newer one. However, unpatched Exchange 2016 and Exchange 2019 servers are also persistently vulnerable to known attack vectors, including the Hafnium hacks that started in March 2021.
The first wave of affected customers will see the new mail flow report and alerts on May 23. Microsoft’s goal is to protect its internal infrastructure and to raise the security profile of the Exchange ecosystem.
IT admins can request a temporary enforcement pause for up to 90 days per calendar year. But customers who continue to use outdated on-premises Exchange servers, the blocking process will resume from the same point where it was paused.
With thousands of on-premises customers running outdated versions of Exchange Servers, including Exchange 2007, Exchange 2010, and Exchange 2013 which will become unsupported next month, Microsoft is taking action. In this article, we’ll discuss how Microsoft is implementing a transport-based enforcement system in Exchange Online to encourage organizations to upgrade to a supported version of Exchange Server.
The change aims to address the problem of thousands of on-premises customers running outdated versions of Exchange Servers, including Exchange 2007, Exchange 2010, and Exchange 2013 which will become unsupported next month. Unpatched Exchange 2016 and Exchange 2019 servers are also persistently vulnerable to known attack vectors, including the Hafnium hacks that started in March 2021.
The transport-based enforcement system will report, throttle, and block messages sent from Exchange 2007 Servers over an inbound On-Premises type of connector. The system will alert an admin about unsupported or unpatched Exchange servers in their on-premises environment that need remediation (upgrading or patching).
The enforcement process will be divided into 30-day chunks that involve reporting, throttling, and blocking. It will be implemented in a progressive manner to cover other versions of Exchange Server. Microsoft advises patching vulnerable on-premises Exchange Servers and urges organizations to upgrade/patch their vulnerable servers.
IT admins can request a temporary enforcement pause for up to 90 days per calendar year, but for customers who continue to use outdated on-premises Exchange Servers, the blocking process will resume from the same point where it was paused.
Microsoft plans to hold an AMA session to inform customers about these changes on May 10, 2023, at 9 AM PT. Customers are urged to participate and ask questions about how they can upgrade, patch, or remediate their on-premises Exchange Servers.
Image Source: Wikimedia Commons
Belfast City Marathon 2023 Road Closures ConfirmedBelfast City Marathon organizers have confirmed the details of…
Adysen Koenigsknecht's Remarkable Journey to the Boston MarathonAdysen Koenigsknecht has come a long way since…
Anderson's Passion for Track and Field Leads to Boston Marathon RoleESPN's SportsCenter anchor John Anderson…
Seth Rollins, WWE superstar and former Universal Champion, has appealed to his fans for support…
The 2023 Boston Marathon is gearing up to be a historic event, as it will…
A Heartwarming Tribute to Spencer and PennyA group of golden retrievers participated in a touching…
