Home » Exchange Server » Exchange Best Practices: Keeping Servers Updated

Exchange Best Practices: Keeping Servers Updated

Maintaining your Exchange Servers with the latest updates is a best practice. Staying up to date with the new builds of any software product is generally a good idea, because it means you’re receiving the latest bug fixes, security updates, and feature compatibility with any integrated components.

For Exchange Server in particular there are clear reasons to stay up to date:

  • Exchange Server 2013 and 2016 use a servicing model of “Cumulative Updates”, and Microsoft will support the latest CU. Support for the N-1 CU runs out 3 months after the release of the latest one. Considering cumulative updates are delivered quarterly, you can generally consider N-1 to be supported. If you’re running N-2 or earlier, you will not be supported. There is an exception for Exchange 2013 CU4, which was also named Exchange 2013 Service Pack 1, and continues to receive security updates. However, it is well out of date in terms of bug fixes, and shouldn’t be used.
  • Exchange Server 2010 Service Pack 3 is the only service pack still supported, under extended support, until 14th January 2020.
  • Exchange Server 2007 Service Pack 3 is the only service pack still supported, under extended support until 11th April, 2017.

In addition to the supported status of those Exchange versions, Office 365 Hybrid configurations require you to maintain your on-premises servers to at least N-1.

The word “supported” can mean different things in different scenarios, but for the purposes of this article it means:

  • If you call Microsoft with a problem, they will ask you to reproduce the problem on a supported version of the product before they do much else for you. This makes sense, as you may be seeing a bug that does not exist in the supported versions.
  • When security updates are released, they are only released for supported versions of the product. Running unsupported versions puts you at risk due to un-patched security vulnerabilities.

Deploying updates does carry some risk. Microsoft has released updates in the past that introduced new bugs, but there is also the risk that something unique to your environment will cause an unexpected issue.

Your organization needs to balance the risks of updates with the risks of doing nothing. My view is that you should definitely update, and mitigate the risks through a thorough process of testing, or by using highly available deployments that will not suffer an outage due to an update to a single server. If the pace and risks of updates are too much for you, then you can also consider Office 365.

For more information about keeping your Exchange Servers updated:

Paul is a Microsoft MVP for Office Servers and Services. He works as a consultant, writer, and trainer specializing in Office 365 and Exchange Server. Paul is a co-author of Office 365 for IT Pros and several other books, and is also a Pluralsight author.
Category: Exchange Server

One comment

  1. Gordon Howes says:

    A very good article. Despite the fact that I have never had any issues with installing service packs or CU, I still get nervous about doing this in single server deployments. Email is so critical these days with many senior management expecting 24/7 email availability, that should any issues occur extreme pressure can be placed on the Exchange Admin to resolve ASAP.
    When ever I see single server deployments I try to introduce high availability and load balancing in order to minimize downtime to email systems. Even with this in place however, I’ve come across many companies who leave systems unpatched as they are terrified of breaking the email system.
    I anticipate that this will drive many companies to move their data to Office 365 and escape the patching and updating of Exchange!

Leave a Reply

Your email address will not be published. Required fields are marked *